You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by rajatchuttani <ra...@gmail.com> on 2013/09/29 05:12:55 UTC
realms are by-passed without authenticating
Hi,
I faced a problem while working on authentication.
I am using 2 realms, for activedirectory and jdbc namely. Configured in
spring like this:
<property name="realms">
<list>
<ref local="adRealm"/>
<ref local="jdbcRealm"/>
</list>
</property>
Active directory is used to aunthenticate user and jdbc to get the roles and
permissions.
user 1: present in active directory and database both
user 2: present only in active directory
user 1 logs in with *incorrect *password: cant log-in.ldap authentication
failed exception and unknown account exception.
user 2 logs in with *correct *password: cant log-in. unknown account
exception.
user 1 logs in with *incorrect *password: logs-in to the system.
I tried 3-4 times before posting this and was able to replicate the scenario
every time. Has anybody faced this issue earlier?
Please let me know.
Many thanks in advance.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/realms-are-by-passed-without-authenticating-tp7579204.html
Sent from the Shiro User mailing list archive at Nabble.com.