You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Brian Demers (JIRA)" <ji...@apache.org> on 2015/08/28 01:53:45 UTC
[jira] [Updated] (SHIRO-540) Allow for authentication strategy to
stop checking realms after first success
[ https://issues.apache.org/jira/browse/SHIRO-540?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Demers updated SHIRO-540:
-------------------------------
Priority: Minor (was: Major)
Fix Version/s: 2.0.0
Description:
The current ModularRealmAuthenticator will continue to check all realms for authc. While this is handy in some cases, it is also desirable not continue checking realms after the first successful realm (especially when using an external auth source like LDAP or a DB)
I've worked around this in the past by extending an above authenticator to return after the first success. As well as put a potential solution on this branch: https://github.com/bdemers/shiro/commit/b8a631877fee239413b45dbfc118de2759ab9c75 (however this would need to be updated for 2.0)
Example workaround pre 2.0: https://github.com/sonatype/nexus-oss/blob/master/components/nexus-security/src/main/java/org/sonatype/nexus/security/authc/FirstSuccessfulModularRealmAuthenticator.java
was:
Hi, my name is Mariano. We are using shiro for validate java app wiht ldap. We have two ldaps configured in shiro, one of this is for backup. The problem is that the ldap requests goes through both servers. We need to all requests goes to the first ldap and only in case that this ldap doesn't work goes to the second. It's that posible?
tia,
Mariano.
Component/s: Authorization (access control)
Issue Type: Improvement (was: Question)
Summary: Allow for authentication strategy to stop checking realms after first success (was: shiro informartion)
Ideally this should have been posted to the mailing list, but I realized we don't have an issue that tracks this.
Original question from Mariano:
Hi, my name is Mariano. We are using shiro for validate java app wiht ldap. We have two ldaps configured in shiro, one of this is for backup. The problem is that the ldap requests goes through both servers. We need to all requests goes to the first ldap and only in case that this ldap doesn't work goes to the second. It's that posible?
tia,
Mariano.
> Allow for authentication strategy to stop checking realms after first success
> -----------------------------------------------------------------------------
>
> Key: SHIRO-540
> URL: https://issues.apache.org/jira/browse/SHIRO-540
> Project: Shiro
> Issue Type: Improvement
> Components: Authorization (access control)
> Reporter: Mariano Tewel
> Priority: Minor
> Fix For: 2.0.0
>
>
> The current ModularRealmAuthenticator will continue to check all realms for authc. While this is handy in some cases, it is also desirable not continue checking realms after the first successful realm (especially when using an external auth source like LDAP or a DB)
> I've worked around this in the past by extending an above authenticator to return after the first success. As well as put a potential solution on this branch: https://github.com/bdemers/shiro/commit/b8a631877fee239413b45dbfc118de2759ab9c75 (however this would need to be updated for 2.0)
> Example workaround pre 2.0: https://github.com/sonatype/nexus-oss/blob/master/components/nexus-security/src/main/java/org/sonatype/nexus/security/authc/FirstSuccessfulModularRealmAuthenticator.java
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)