You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by Les Hazlewood <lh...@apache.org> on 2014/10/01 22:06:04 UTC

Re: BUG: Authentication failure shows as unsupported token failure.

Please create a Jira issue for this - bugs are always lost on the mailing
list.  Thank you!

--
Les Hazlewood | @lhazlewood
CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282

On Mon, Sep 29, 2014 at 11:43 AM, Rusty Lopez <ru...@gmail.com> wrote:

> When using default out of box “AtLeastOneSuccessfulStrategry” for
> authentication. There is no regard for whether or not any of the realms
> actually supported the class before the following exception is thrown:
>
>
>
> "Authentication token of type [" + token.getClass() + "] " +
>
>                     "could not be authenticated by any configured realms.
> Please ensure that at least one realm can " +
>
>                     "authenticate these tokens."
>
>
>
>
>
> The exception states that no realms supported the token. Which is not what
> the strategy is actually testing for. All the strategy tests is to see if
> any authentication attempts were successful, regardless of supported token
> type.
>
>
>
> There is actually no mechanism in place by which the strategy
> implementation can know the difference between "no supporting realms" and
> "no successful authentications". So the ModularRealmAuthenticator should
> probably be testing for and correctly propagating exceptions resulting from
> the former. That way the strategy implementation can simply worry about the
> latter.
>