Use different classes for your different tokens ,and call the method setAuthenticationTokenClass(MyToken.class); in the constructor of each realm. A realm will only try to authenticate matching token classes.
Richard > On 6 Jul 2017, at 09:28, armandoxxx <[email protected]> wrote: > > I would like to propose a feature: > > use case: > We are developing a big media platform with lots of services (rest, web ...) > We are using several realms to auth and authz users > > For exmaple we use: > token realm - to login user with predefined token > username password - realm to login user with user password > username hashed password - realm to login user with user hashed password > > and all realms are called on authentication ... > > you get my frustration ? ;) > > problem: > if user loges in with username and password, username hashed password realm > creates invalid auth info and exception is thrown. if user loges in with > username and hased password, username password realm creates invalid auth > info and exception is thrown. > > It's annoying to get this exeception instead of just message .. "REALM DID > NOT AUTH XYZ" .. specialy if for every rest cal I get exceptions in log ... > and I really cant turn of the logs ... well guess what we really need them > ... > > example of 1 log message... but you can image we have them gozzilion > > > Suggestion: > Shiro should throw exception depending on authentication strategy and > combine if multiple realms on authentication failed > > And I'm open to other suggestions as well ! > > Regards > > Armando > > > > > > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Feature-request-Stop-throwing-exceptions-on-invalid-authentication-info-tp7581669.html > Sent from the Shiro User mailing list archive at Nabble.com.
