[
https://issues.apache.org/jira/browse/SHIRO-540?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brian Demers updated SHIRO-540:
-------------------------------
Priority: Minor (was: Major)
Fix Version/s: 2.0.0
Description:
The current ModularRealmAuthenticator will continue to check all realms for
authc. While this is handy in some cases, it is also desirable not continue
checking realms after the first successful realm (especially when using an
external auth source like LDAP or a DB)
I've worked around this in the past by extending an above authenticator to
return after the first success. As well as put a potential solution on this
branch:
https://github.com/bdemers/shiro/commit/b8a631877fee239413b45dbfc118de2759ab9c75
(however this would need to be updated for 2.0)
Example workaround pre 2.0:
https://github.com/sonatype/nexus-oss/blob/master/components/nexus-security/src/main/java/org/sonatype/nexus/security/authc/FirstSuccessfulModularRealmAuthenticator.java
was:
Hi, my name is Mariano. We are using shiro for validate java app wiht ldap. We
have two ldaps configured in shiro, one of this is for backup. The problem is
that the ldap requests goes through both servers. We need to all requests goes
to the first ldap and only in case that this ldap doesn't work goes to the
second. It's that posible?
tia,
Mariano.
Component/s: Authorization (access control)
Issue Type: Improvement (was: Question)
Summary: Allow for authentication strategy to stop checking realms
after first success (was: shiro informartion)
Ideally this should have been posted to the mailing list, but I realized we
don't have an issue that tracks this.
Original question from Mariano:
Hi, my name is Mariano. We are using shiro for validate java app wiht ldap. We
have two ldaps configured in shiro, one of this is for backup. The problem is
that the ldap requests goes through both servers. We need to all requests goes
to the first ldap and only in case that this ldap doesn't work goes to the
second. It's that posible?
tia,
Mariano.
> Allow for authentication strategy to stop checking realms after first success
> -----------------------------------------------------------------------------
>
> Key: SHIRO-540
> URL: https://issues.apache.org/jira/browse/SHIRO-540
> Project: Shiro
> Issue Type: Improvement
> Components: Authorization (access control)
> Reporter: Mariano Tewel
> Priority: Minor
> Fix For: 2.0.0
>
>
> The current ModularRealmAuthenticator will continue to check all realms for
> authc. While this is handy in some cases, it is also desirable not continue
> checking realms after the first successful realm (especially when using an
> external auth source like LDAP or a DB)
> I've worked around this in the past by extending an above authenticator to
> return after the first success. As well as put a potential solution on this
> branch:
> https://github.com/bdemers/shiro/commit/b8a631877fee239413b45dbfc118de2759ab9c75
> (however this would need to be updated for 2.0)
> Example workaround pre 2.0:
> https://github.com/sonatype/nexus-oss/blob/master/components/nexus-security/src/main/java/org/sonatype/nexus/security/authc/FirstSuccessfulModularRealmAuthenticator.java
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
