Returning null is probably your best option. This problem has been on the back of my mind for a while, and I keep meaning to get back to it<https://github.com/apache/shiro/commit/3120c40cdf8ec34864fc9c7ae8ea851340e8a932#diff-5b12d13ec1334907ce16a5236a3ba4a9R284> (there is a thread on this or the dev list on this a while back).
If you have multiple realms and one throws an error, the others will NOT be processed. So if you need to work around thrown Exceptions you can do something like this<https://github.com/sonatype/nexus-oss/blob/master/components/nexus-security/src/main/java/org/sonatype/security/authorization/ExceptionCatchingModularRealmAuthorizer.java> for authz and this<https://github.com/sonatype/nexus-oss/blob/master/components/nexus-security/src/main/java/org/sonatype/security/authentication/FirstSuccessfulModularRealmAuthenticator.java>for authc. On Thu, Feb 27, 2014 at 12:36 PM, Bytor99999 Gmail <[email protected]>wrote: > Thanks Brian and Albert. I did eventually see that they were both called > and what was really happening was trying to login with a non existing user > throws Authentication exception with that as the exception message. So > basically, it works just a bad message. > > Should the get authentication method, forget the name, where we return a > SimpleAccount object, we return null if the user doesn't exist. Should we > instead throw new AuthenticationException? > > Thanks > > Mark > > http://www.perfectworldprogramming.com > > On Feb 27, 2014, at 6:47 AM, Brian Demers <[email protected]> wrote: > > Is the first realm in your list throwing an exception? > > > On Wed, Feb 26, 2014 at 6:20 PM, [email protected] < > [email protected]> wrote: > >> I thought I had corrected this when I changed the order of my Realms in >> the realm property, but it is back. >> >> "org.apache.shiro.authc.AuthenticationException: Authentication token of >> type [class org.apache.shiro.authc.UsernamePasswordToken] could not be >> authenticated by any configured realms. Please ensure that at least one >> realm can authenticate these tokens." >> >> >> This would mean that it couldn't find one of my realms that returns true >> for supporting UsernamePasswordToken. But it is 100% wrong. The second >> realm in my configuration accepts exactly just that type. >> >> What am I doing wrong? >> >> <bean id="hdPokerFingerprintRealm" >> class="com.hdpoker.security.shiro.realm.HDPokerFingerprintRealm"> >> <property name="name" value="hdPokerFingerprint"/> >> <property name="credentialsMatcher"> >> <bean >> class="org.apache.shiro.authc.credential.SimpleCredentialsMatcher"/> >> </property> >> <property name="authenticationCachingEnabled" value="true"/> >> </bean> >> >> <!-- Define the realm you want to use to connect to your back-end >> security datasource: --> >> <bean id="hdPokerRealm" >> class="com.hdpoker.security.shiro.realm.HDPokerRealm"> >> <property name="name" value="hdPoker"/> >> <property name="credentialsMatcher" ref="credentialsMatcher"/> >> <!--<property name="cacheManager" ref="cacheManager"/>--> >> <property name="authenticationCachingEnabled" value="false"/> >> </bean> >> >> <bean id="credentialsMatcher" >> class="org.apache.shiro.authc.credential.PasswordMatcher"> >> <property name="passwordService" ref="passwordService"/> >> </bean> >> >> <bean id="securityManager" >> class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> >> <!-- Single realm app. If you have multiple realms, use the >> 'realms' property instead. --> >> <!--<property name="realm" ref="hdPokerRealm"/>--> >> <property name="realms"> >> <list> >> <ref bean="hdPokerRealm"/> >> <ref bean="hdPokerFingerprintRealm"/> >> </list> >> </property> >> <!--<property name="cacheManager" ref="cacheManager"/>--> >> <property name="sessionManager" ref="sessionManager"/> >> </bean> >> >> >> In HDPokerFingerprintRealm we have >> >> @Override >> public boolean supports(AuthenticationToken authenticationToken) { >> return (authenticationToken instanceof FingerPrintAuthenticationToken) >> } >> >> >> In HDPokerRealm we have >> >> @Override >> public boolean supports(AuthenticationToken authenticationToken) { >> return (authenticationToken instanceof UsernamePasswordToken) >> } >> >> >> Thanks >> >> Mark >> > >
