To clarify, are you saying that setting the authentication strategy to AllSuccessfulStrategy will enable my authorization-only realm to provide a principal object?
I assume I'd need to change the authorization-only realm to support the expected token type but perhaps not actually perform any authentication behavior during doGetAuthenticationInfo? Does it matter what is returned as the Credentials object in the SimpleAuthenticationInfo created there? This also seems like this approach would require pulling the authorization information from the database twice: once in doGetAuthenticationInfo to populate the principal and again later during doGetAuthorizationInfo. Is this correct? -- View this message in context: http://shiro-user.582556.n2.nabble.com/Principal-added-by-AuthorizingRealm-tp7581171p7581173.html Sent from the Shiro User mailing list archive at Nabble.com.
