[jira] [Commented] (SHIRO-642) FirstRealmAuthenticator

Mon, 20 Jan 2020 10:42:09 -0800 


    [ 
https://issues.apache.org/jira/browse/SHIRO-642?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17019679#comment-17019679
 ] 

Benjamin Marwell commented on SHIRO-642:
----------------------------------------

This is implemented via 
[https://github.com/apache/shiro/blob/master/core/src/main/java/org/apache/shiro/authc/pam/FirstSuccessfulStrategy.java]

Also note you probably want to set {{stopAfterFirstSuccess = true}}.

> FirstRealmAuthenticator
> -----------------------
>
>                 Key: SHIRO-642
>                 URL: https://issues.apache.org/jira/browse/SHIRO-642
>             Project: Shiro
>          Issue Type: New Feature
>          Components: Authentication (log-in)
>            Reporter: Vidar Vevik
>            Priority: Minor
>              Labels: features, performance
>   Original Estimate: 2h
>  Remaining Estimate: 2h
>
> I noticed that Shiro was having different functionalities when between one 
> and many realms in use. I used time to dig into this and it resulted in a 
> suggestion for a new Shiro class with name FirstRealmAuthenticator.
> My suggestion for FirstRealmAuthenticator is that it is equal to 
> ModularRealmAuthenticator except that when it finds first realm that is used 
> for token it will handle it in the same way as it was the only realm and skip 
> all other realms. The benefit of this is speed and similarity. 
> Here is example code for method doMultiRealmAuthentication:
> protected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> 
> realms, AuthenticationToken token) {
>               AuthenticationStrategy strategy = getAuthenticationStrategy();
>               AuthenticationInfo aggregate = 
> strategy.beforeAllAttempts(realms, token);
>               if (log.isTraceEnabled()) {
>                       log.trace("Iterating through {} realms for PAM 
> authentication", realms.size());
>               }
>               for (Realm realm : realms) {
>                       aggregate = strategy.beforeAttempt(realm, token, 
> aggregate);
>                       if (realm.supports(token)) {
>                               log.trace("Attempting to authenticate token 
> [{}] using realm [{}]", token, realm);
>                               AuthenticationInfo info = 
> realm.getAuthenticationInfo(token);
>                               aggregate = strategy.afterAttempt(realm, token, 
> info, aggregate, null);
>                               break;
>                       } else {
>                               log.debug("Realm [{}] does not support token 
> {}.  Skipping realm.", realm, token);
>                       }
>               }
>               aggregate = strategy.afterAllAttempts(token, aggregate);
>               return aggregate;
>       }



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to