Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-642

FirstRealmAuthenticator

    XMLWordPrintableJSON

    Details

      Description

      I noticed that Shiro was having different functionalities when between one and many realms in use. I used time to dig into this and it resulted in a suggestion for a new Shiro class with name FirstRealmAuthenticator.

      My suggestion for FirstRealmAuthenticator is that it is equal to ModularRealmAuthenticator except that when it finds first realm that is used for token it will handle it in the same way as it was the only realm and skip all other realms. The benefit of this is speed and similarity.

      Here is example code for method doMultiRealmAuthentication:

      protected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> realms, AuthenticationToken token) {

      AuthenticationStrategy strategy = getAuthenticationStrategy();
      AuthenticationInfo aggregate = strategy.beforeAllAttempts(realms, token);

      if (log.isTraceEnabled()) {
      log.trace("Iterating through {} realms for PAM authentication", realms.size());
      }

      for (Realm realm : realms) {
      aggregate = strategy.beforeAttempt(realm, token, aggregate);

      if (realm.supports(token)) {
      log.trace("Attempting to authenticate token [{}] using realm [{}]", token, realm);

      AuthenticationInfo info = realm.getAuthenticationInfo(token);
      aggregate = strategy.afterAttempt(realm, token, info, aggregate, null);
      break;
      } else {
      log.debug("Realm [{}] does not support token {}. Skipping realm.", realm, token);
      }
      }

      aggregate = strategy.afterAllAttempts(token, aggregate);

      return aggregate;
      }

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              vevik Vidar Vevik
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 2h
                2h
                Remaining:
                Remaining Estimate - 2h
                2h
                Logged:
                Time Spent - Not Specified
                Not Specified