You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by anumolumurali <am...@gmail.com> on 2016/01/26 18:49:13 UTC
Mutliple realms with custom Authentiction
Hi,
I am using multiple custom realms. Both realms are using the custom
credentials matching. So before returning the SimpleAuthenticationInfo I
know the user is authenticated or not.
Is there any way I can skip the assertCredentialsMatch once again in shiro.
Regards,
Murali
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Mutliple-realms-with-custom-Authentiction-tp7580911.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Mutliple realms with custom Authentiction
Posted by Lenny Primak <lp...@hope.nyc.ny.us>.
Then, you can just override credentialsMatcher to return true at all times,
and you can pass any password you want as the second parameter.
> On Jan 27, 2016, at 2:50 PM, anumolumurali <am...@gmail.com> wrote:
>
> Thanks for quick reply!
>
> Let me be more clear on my issue.
>
> I want to skip the credentials parameter in SimpleAuthenticationInfo as my
> authentication is already done using my custom logic.
> e.g.
> protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
> token){
> boolean isMatch = /passwordCheck/(token.getPassword(),password from DB);
> //Password from DB is Hashed, so we are using the different service to check
> the password.
> if(isMatch){
> return new SimpleAuthenticationInfo(token.getUserName(), *password*,
> getName());
> }
> throw new AuthenticationException("Invalid username/password
> combination!");
> }
>
> If I skip the password in SimpleAuthenticationInfo shiro is just throwing
> exception for the authentication is failed.
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Mutliple-realms-with-custom-Authentiction-tp7580911p7580917.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
Re: Mutliple realms with custom Authentiction
Posted by anumolumurali <am...@gmail.com>.
Thanks for quick reply!
Let me be more clear on my issue.
I want to skip the credentials parameter in SimpleAuthenticationInfo as my
authentication is already done using my custom logic.
e.g.
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
token){
boolean isMatch = /passwordCheck/(token.getPassword(),password from DB);
//Password from DB is Hashed, so we are using the different service to check
the password.
if(isMatch){
return new SimpleAuthenticationInfo(token.getUserName(), *password*,
getName());
}
throw new AuthenticationException("Invalid username/password
combination!");
}
If I skip the password in SimpleAuthenticationInfo shiro is just throwing
exception for the authentication is failed.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Mutliple-realms-with-custom-Authentiction-tp7580911p7580917.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Mutliple realms with custom Authentiction
Posted by Alex Ditu <di...@gmail.com>.
I have faced the same problem: configuring multiple realms, set
authentication strategy to firstSuccesfulStrategy [1], but the
ModularRealmAuthenticator will continue to check all configured realms. It
still works as expected (if one realm succeeds, then the authentication
succeeds also). I have found one possible solution here [2], but is not
implemented yet.
[1]
https://shiro.apache.org/static/1.2.3/apidocs/org/apache/shiro/authc/pam/FirstSuccessfulStrategy.html
[2] https://issues.apache.org/jira/browse/SHIRO-540
On Wed, Jan 27, 2016 at 10:25 PM, Lenny Primak <lp...@hope.nyc.ny.us>
wrote:
> Make sure you are actually using the correct strategy.
> I’ve seen instances when it’s in the config file but wasn’t actually
> getting used.
>
> > On Jan 27, 2016, at 2:23 PM, anumolumurali <am...@gmail.com> wrote:
> >
> > Yes, I am using the FirstSuccessfulAuthenticationStrategy, but still
> shiro
> > checks all the realms to get the info.
> >
> >
> >
> > --
> > View this message in context:
> http://shiro-user.582556.n2.nabble.com/Mutliple-realms-with-custom-Authentiction-tp7580911p7580914.html
> > Sent from the Shiro User mailing list archive at Nabble.com.
> >
>
>
Re: Mutliple realms with custom Authentiction
Posted by Lenny Primak <lp...@hope.nyc.ny.us>.
Make sure you are actually using the correct strategy.
I’ve seen instances when it’s in the config file but wasn’t actually getting used.
> On Jan 27, 2016, at 2:23 PM, anumolumurali <am...@gmail.com> wrote:
>
> Yes, I am using the FirstSuccessfulAuthenticationStrategy, but still shiro
> checks all the realms to get the info.
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Mutliple-realms-with-custom-Authentiction-tp7580911p7580914.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
Re: Mutliple realms with custom Authentiction
Posted by anumolumurali <am...@gmail.com>.
Yes, I am using the FirstSuccessfulAuthenticationStrategy, but still shiro
checks all the realms to get the info.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Mutliple-realms-with-custom-Authentiction-tp7580911p7580914.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Mutliple realms with custom Authentiction
Posted by Lenny Primak <lp...@hope.nyc.ny.us>.
Are you aware / taken a look at Authentication Strategy?
Maybe that will help you:
http://shiro.apache.org/authentication.html#Authentication-%7B%7BAuthenticationStrategy%7D%7D
> On Jan 26, 2016, at 11:49 AM, anumolumurali <am...@gmail.com> wrote:
>
> Hi,
>
> I am using multiple custom realms. Both realms are using the custom
> credentials matching. So before returning the SimpleAuthenticationInfo I
> know the user is authenticated or not.
>
> Is there any way I can skip the assertCredentialsMatch once again in shiro.
>
> Regards,
> Murali
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Mutliple-realms-with-custom-Authentiction-tp7580911.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>