You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by rajatchuttani <ra...@gmail.com> on 2013/09/29 05:12:55 UTC

realms are by-passed without authenticating

Hi,
I faced a problem while working on authentication.

I am using 2 realms, for activedirectory and jdbc namely. Configured in
spring like this:
<property name="realms">
	<list>
		<ref local="adRealm"/>
		<ref local="jdbcRealm"/>
	</list>
</property>

Active directory is used to aunthenticate user and jdbc to get the roles and
permissions.

user 1: present in active directory and database both
user 2: present only in active directory

user 1 logs in with *incorrect *password: cant log-in.ldap authentication
failed exception and unknown account exception.

user 2 logs in with *correct *password: cant log-in. unknown account
exception.

user 1 logs in with *incorrect *password: logs-in to the system.

I tried 3-4 times before posting this and was able to replicate the scenario
every time. Has anybody faced this issue earlier? 

Please let me know. 

Many thanks in advance.



--
View this message in context: http://shiro-user.582556.n2.nabble.com/realms-are-by-passed-without-authenticating-tp7579204.html
Sent from the Shiro User mailing list archive at Nabble.com.