You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by Les Hazlewood <lh...@apache.org> on 2009/08/21 16:12:14 UTC
Multiple Realms - default AuthenticationStrategy (PAM behavior)
In a multi-realm authentication (PAM) scenarios, Shiro's default has
always been to employ an AllSuccessful authentication strategy,
meaning every single realm that is configured must process an
AuthenticationToken successfully for the overall login attempt to be
considered successful.
In the majority of apps I've encountered, this is rarely the desired
strategy. People usually want to try multiple realms, and, if at
least one is successful, then consider the attempt successful. By the
number of questions on the Grails user list related to enabling this
strategy, it seems to confirm my beliefs.
I'd like to change the default strategy to be AtLeastOneSuccessful
strategy, which would enable this behavior as the default moving
forward. Any objections to me changing this?
Thanks,
Les
Re: Multiple Realms - default AuthenticationStrategy (PAM behavior)
Posted by Bradley Beddoes <br...@gmail.com>.
+1
On Sat, Aug 22, 2009 at 12:12 AM, Les Hazlewood<lh...@apache.org> wrote:
> In a multi-realm authentication (PAM) scenarios, Shiro's default has
> always been to employ an AllSuccessful authentication strategy,
> meaning every single realm that is configured must process an
> AuthenticationToken successfully for the overall login attempt to be
> considered successful.
>
> In the majority of apps I've encountered, this is rarely the desired
> strategy. People usually want to try multiple realms, and, if at
> least one is successful, then consider the attempt successful. By the
> number of questions on the Grails user list related to enabling this
> strategy, it seems to confirm my beliefs.
>
> I'd like to change the default strategy to be AtLeastOneSuccessful
> strategy, which would enable this behavior as the default moving
> forward. Any objections to me changing this?
>
> Thanks,
>
> Les
>
Re: Multiple Realms - default AuthenticationStrategy (PAM behavior)
Posted by Peter Ledbrook <pe...@cacoethes.co.uk>.
> I'd like to change the default strategy to be AtLeastOneSuccessful
> strategy, which would enable this behavior as the default moving
> forward. Any objections to me changing this?
+1