Hello, A Realm can throw whatever AuthenticationException that it wants. A realm can return null _or_ throw an AuthenticationException to indicate that it is unable to acquire authentication info. That's what the JavaDoc says (@throws ...). It is allowed to do either.
There does not need to be consistency across _implementations_ - only usage of the API. Shiro is first and foremost an interface-driven API. You should not pay too close attention to implementations of things - that is the reason for interfaces and JavaDoc. The interfaces and JavaDoc is king when it comes to defining what you can do. Also please understand that Shiro (like most good open source frameworks) is developed by multiple people. Someone probably was trying to be extra 'careful' by throwing the AuthenticationException from the JdbcRealm, but they didn't have to. Another person might have just as well returned null. That being said, sure, it is nice to have consistency across implementations (but certainly not required). If you'd like for this to happen for the JdbcRealm, please open a Jira enhancement request, and I'm sure someone would be happy to do it :) Best regards, -- Les Hazlewood Founder, Katasoft, Inc. Application Security Products & Professional Apache Shiro Support and Training: http://www.katasoft.com On Sat, Feb 19, 2011 at 3:42 AM, atamur <[email protected]> wrote: > > Well, I can see that this error is thrown by *some* of the strategies (namely > AllSuccessfulStrategy) and by doSingleRealmAuthentication of > ModularRealmAuthenticator. On the other hand no other AuthorizingRealm > subclass except the jdbc one throws that exception (subclasses are Ini, > Jndi, Properties etc). > > So I'm afraid there's no consistency here whatsoever =( > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/JdbcRealm-doGetAuthenticationInfo-doesn-t-follow-javadoc-tp6042880p6043023.html > Sent from the Shiro User mailing list archive at Nabble.com.
