Hi Jared If I comment out the line dsm.setAuthenticator(new ModularRealmAuthenticator()); and the first login attempt the example works as expected: org.apache.shiro.authc.pam.AllSuccessfulStrategy - Account successfully authenticated using realm [org.apache.shiro.realm.SimpleAccountRealm@19f953d ] ... org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.apache.shiro.realm.SimpleAccountRealm@1fee6fc] threw an exception during a multi-realm authentication attempt: org.apache.shiro.authc.IncorrectCredentialsException: Submitted credentials for token [org.apache.shiro.authc.UsernamePasswordToken - admin, rememberMe=false] did not match the expected credentials.
But if I include the first login attempt both login attempt passes: org.apache.shiro.authc.AbstractAuthenticator - Authentication successful for token [org.apache.shiro.authc.UsernamePasswordToken - admin, rememberMe=false]. Returned account [admin] ... example.ShiroTest - User [admin] logged in successfully. Does this mean that I cannot change the Authenticator and thus the Strategy dynamically? This is what I am trying to acheive: Initially the user sets up one realm for authentication then later he decides to add another realm and to also set the AuthenticationStrategy. All this without having to restart the program. Does this mean it is not possible with Shiro? Thanks for your help. Ming On Tue, Dec 11, 2012 at 2:10 AM, Jared Bunting <[email protected]>wrote: > Stupid Ctrl+Enter... > > Try: > > > > On Mon 10 Dec 2012 12:04:29 PM CST, Jared Bunting wrote: > > > > I believe that this will behave as you expect if you remove the line: > > > > dsm.setAuthenticator(new ModularRealmAuthenticator()); > > > > The reason being that the security manager doesn't expect you to change > > out the authenticator after adding realms. This is really just an > > implementation detail of how the security manager is setup, but your > > new authenticator has no realms. Try: > > If you try using a debugger to look at "mra", you will see that the > "realms" field has an empty Collection (I believe). > > >
