Actually for us it is even easier. I should through an exception because only one Realm accepts a certain type of Token. None overlap. Meaning one takes UserNamePasswordToken and the other only takes our custom Token which is not an extension of UserNamePasswordToken. So where we would throw the exception in doGetAuthenticationInfo is fine, because it is only called after supports() and so it wouldn’t be called if it is the other Token type.
Thanks Mark On Feb 27, 2014, at 11:35 AM, Brian Demers <[email protected]> wrote: > Returning null is probably your best option. > > This problem has been on the back of my mind for a while, and I keep meaning > to get back to it (there is a thread on this or the dev list on this a while > back). > > If you have multiple realms and one throws an error, the others will NOT be > processed. > So if you need to work around thrown Exceptions you can do something like > this for authz and this for authc. > > > > > On Thu, Feb 27, 2014 at 12:36 PM, Bytor99999 Gmail <[email protected]> > wrote: > Thanks Brian and Albert. I did eventually see that they were both called and > what was really happening was trying to login with a non existing user throws > Authentication exception with that as the exception message. So basically, it > works just a bad message. > > Should the get authentication method, forget the name, where we return a > SimpleAccount object, we return null if the user doesn't exist. Should we > instead throw new AuthenticationException? > > Thanks > > Mark > > http://www.perfectworldprogramming.com > > On Feb 27, 2014, at 6:47 AM, Brian Demers <[email protected]> wrote: > >> Is the first realm in your list throwing an exception? >> >> >> On Wed, Feb 26, 2014 at 6:20 PM, [email protected] <[email protected]> >> wrote: >> I thought I had corrected this when I changed the order of my Realms in the >> realm property, but it is back. >> >> "org.apache.shiro.authc.AuthenticationException: Authentication token of >> type [class org.apache.shiro.authc.UsernamePasswordToken] could not be >> authenticated by any configured realms. Please ensure that at least one >> realm can authenticate these tokens.” >> >> >> This would mean that it couldn’t find one of my realms that returns true for >> supporting UsernamePasswordToken. But it is 100% wrong. The second realm in >> my configuration accepts exactly just that type. >> >> What am I doing wrong? >> >> <bean id="hdPokerFingerprintRealm" >> class="com.hdpoker.security.shiro.realm.HDPokerFingerprintRealm"> >> <property name="name" value="hdPokerFingerprint"/> >> <property name="credentialsMatcher"> >> <bean >> class="org.apache.shiro.authc.credential.SimpleCredentialsMatcher"/> >> </property> >> <property name="authenticationCachingEnabled" value="true"/> >> </bean> >> >> <!-- Define the realm you want to use to connect to your back-end >> security datasource: --> >> <bean id="hdPokerRealm" >> class="com.hdpoker.security.shiro.realm.HDPokerRealm"> >> <property name="name" value="hdPoker"/> >> <property name="credentialsMatcher" ref="credentialsMatcher"/> >> <!--<property name="cacheManager" ref="cacheManager"/>--> >> <property name="authenticationCachingEnabled" value="false"/> >> </bean> >> >> <bean id="credentialsMatcher" >> class="org.apache.shiro.authc.credential.PasswordMatcher"> >> <property name="passwordService" ref="passwordService"/> >> </bean> >> >> <bean id="securityManager" >> class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> >> <!-- Single realm app. If you have multiple realms, use the >> 'realms' property instead. --> >> <!--<property name="realm" ref="hdPokerRealm"/>--> >> <property name="realms"> >> <list> >> <ref bean="hdPokerRealm"/> >> <ref bean="hdPokerFingerprintRealm"/> >> </list> >> </property> >> <!--<property name="cacheManager" ref="cacheManager"/>--> >> <property name="sessionManager" ref="sessionManager"/> >> </bean> >> >> >> In HDPokerFingerprintRealm we have >> >> @Override >> public boolean supports(AuthenticationToken authenticationToken) { >> return (authenticationToken instanceof FingerPrintAuthenticationToken) >> } >> >> >> In HDPokerRealm we have >> >> @Override >> public boolean supports(AuthenticationToken authenticationToken) { >> return (authenticationToken instanceof UsernamePasswordToken) >> } >> >> >> Thanks >> >> Mark >> >
