If you put a breakpoint in your getAuthenticationInfo() you will notice that that the code flows through ModularRealmAuthenticator anyway, even if it calls only one realm, exception handling is still fiddled with by ModularRealmAuthenticator
On Jun 29, 2015, at 8:55 AM, kpenrose wrote: > I still believe that for a single realm this isn't the case, as stated in the > javadoc for the code you referenced: > If only one realm is configured (this is often the case for most > applications), authentication success is naturally only dependent upon > invoking this one Realm's > org.apache.shiro.realm.Realm.getAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken) > method. > > What I don't understand, is how overriding the doGetAuthenticationInfo > affects this call chain. But, I do agree that even the code for the single > realm authentication throws only an AuthenticationException. And that > getAuthenticationInfo method is final, so overriding it isn't possible. > > To hard to create a simple exception strategy, IMO. > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/ExcessiveAttemptsException-How-to-configure-tp4534742p7580598.html > Sent from the Shiro User mailing list archive at Nabble.com. >
