Les, I had the same issue as Charles and I found it would be easier to extend JdbcRealm for this use-case if at least JdbcRealm.getPasswordForUser() was to be protected.
If this was the case, all one has to do is: 1) extends JdbcRealm 2) @Override getPasswordForUser() 2.1) Hack as follows: ps.setString(1, username); ps.setString(2, username); ... ps.setString(n, username); Probably the username parameter should be renamed for something like (param1) or something, for better readibility in this case. But this way, one could use the same parameter for all OR statements in WHERE clause. Just my 2c, PP -- View this message in context: http://shiro-user.582556.n2.nabble.com/JdbcRealm-authenticationQuery-with-mutliple-user-fields-tp7355682p7578338.html Sent from the Shiro User mailing list archive at Nabble.com.
