On Sat, Feb 19, 2011 at 10:25 PM, atamur <[email protected]> wrote: > > Well, it's discussable whether the javadoc really allows that behaviour =) > It says "A null return value means that no account could be associated with > the specified token." and "@throws > org.apache.shiro.authc.AuthenticationException if there is an error > acquiring data or performing realm-specific authentication logic for the > specified <tt>token</tt>". The only way that would be acceptable is if we > say that no user in the database is "an error acquiring data" which seems a > bit stretched. I have raised a jira (SHIRO-275) in order to decrease > confusion =) > > Speaking of javadoc there is one more thing that I noticed while studying > the code of JdbcRealm: the javadoc for JdbcRealm.setPermissionsQuery > suggests that the query is expected to have 3 columns ("containing the fully > qualified name of the permission class, the permission name, and the > permission actions (in that order)"), but the code actually looks only for 1 > - permission actions on index 0. Should I raise a jira for that too? > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/JdbcRealm-doGetAuthenticationInfo-doesn-t-follow-javadoc-tp6042880p6045117.html > Sent from the Shiro User mailing list archive at Nabble.com. >
Thanks for the issue - improvements like this are always welcome. And yes, please create a Jira issue regarding the permission query. The JdbcRealm will probably need to be refactored a decent amount, as I don't believe it supports querying for a salt column either, which is likely necessary for hashed passwords. Thanks! -- Les Hazlewood Founder, Katasoft, Inc. Application Security Products & Professional Apache Shiro Support and Training: http://www.katasoft.com
