You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by Rusty Lopez <ru...@gmail.com> on 2014/09/29 20:43:20 UTC

BUG: Authentication failure shows as unsupported token failure.

When using default out of box “AtLeastOneSuccessfulStrategry” for
authentication. There is no regard for whether or not any of the realms
actually supported the class before the following exception is thrown:



"Authentication token of type [" + token.getClass() + "] " +

                    "could not be authenticated by any configured realms.
Please ensure that at least one realm can " +

                    "authenticate these tokens."





The exception states that no realms supported the token. Which is not what
the strategy is actually testing for. All the strategy tests is to see if
any authentication attempts were successful, regardless of supported token
type.



There is actually no mechanism in place by which the strategy
implementation can know the difference between "no supporting realms" and
"no successful authentications". So the ModularRealmAuthenticator should
probably be testing for and correctly propagating exceptions resulting from
the former. That way the strategy implementation can simply worry about the
latter.

Re: BUG: Authentication failure shows as unsupported token failure.

Posted by Les Hazlewood <lh...@apache.org>.

Please create a Jira issue for this - bugs are always lost on the mailing
list.  Thank you!

--
Les Hazlewood | @lhazlewood
CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282

On Mon, Sep 29, 2014 at 11:43 AM, Rusty Lopez <ru...@gmail.com> wrote:

> When using default out of box “AtLeastOneSuccessfulStrategry” for
> authentication. There is no regard for whether or not any of the realms
> actually supported the class before the following exception is thrown:
>
>
>
> "Authentication token of type [" + token.getClass() + "] " +
>
>                     "could not be authenticated by any configured realms.
> Please ensure that at least one realm can " +
>
>                     "authenticate these tokens."
>
>
>
>
>
> The exception states that no realms supported the token. Which is not what
> the strategy is actually testing for. All the strategy tests is to see if
> any authentication attempts were successful, regardless of supported token
> type.
>
>
>
> There is actually no mechanism in place by which the strategy
> implementation can know the difference between "no supporting realms" and
> "no successful authentications". So the ModularRealmAuthenticator should
> probably be testing for and correctly propagating exceptions resulting from
> the former. That way the strategy implementation can simply worry about the
> latter.
>