I just got ActiveDirectory in Shiro working (YAY!). In non-production
testing, we want to be able to test our app (login) as any user without
knowing the users password. In a previous (non-shiro) app I worked on, when
not in production, the password of "test" would let us in. I'm trying to
figure out how I can do something similar with Shiro.
Right now the code looks like this:
---------------------
Subject currentUser = SecurityUtils.getSubject();
if ( !currentUser.isAuthenticated() ) {
UsernamePasswordToken token = new UsernamePasswordToken(userWithDomain,
password);
token.setRememberMe(true);
try {
currentUser.login(token);
} catch (AuthenticationException e) {
e.printStackTrace();
throw e;
}
}
System.out.println("authenticated: "+currentUser.isAuthenticated());
---------------------
But I want is something like:
---------------------
Subject currentUser = SecurityUtils.getSubject();
if ( !currentUser.isAuthenticated()) {
if (!inProduction && !"test".equals(password)) { {
//"fake" authenticate user
currentUser.setIsAuthenticated(username)
} else {
UsernamePasswordToken token = new
UsernamePasswordToken(userWithDomain, password);
token.setRememberMe(true);
try {
currentUser.login(token);
} catch (AuthenticationException e) {
e.printStackTrace();
throw e;
}
}
}
System.out.println("authenticated: "+currentUser.isAuthenticated());
---------------------
Any ideas on how I can accomplish this? Should I create a fake Realm that
authenticates only if password is "test" and if not, it uses the actual AD
realm? if so, how can I set this up in my shiro.ini? Do I need to
essentially create my own realm (extend a base class) and implement it?
Thanks,
Brian
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/fake-authentication-in-Shiro-with-test-password-tp7579014.html
Sent from the Shiro User mailing list archive at Nabble.com.
