Not all realm implementations are able to determine if an account exists or not. For example, most remote user stores would return the same result if a user does not exist or the password was incorrect. And you may not want to propagate that type of exception to your end-users (to avoid leaking usernames). This is up to use, some folks make the argument of increased usability is worth it.
LDAP is a bit complicated as well, depending on how your server is configured. Setups that query for a user before authenticating require a "system" user to make the initial connection. Otherwise, you use the username/password of the user login to make the connection. Is there something specific you are trying to do? On Tue, Jun 9, 2020 at 5:06 AM braus <[email protected]> wrote: > Hi everyone, > > I've noticed that there is a specific exception for unknown accounts. This > seems useful to me in a specific login flow that i've been working on. > Unfortunately I haven't been able to trigger said exception with the > DefaultLDAPRealm. > > Does anyone have insight on how to get this exception with the > DefaultLDAPRealm? > > > On a different note; I can't seem to check if a user exists through the > DefaultLDAPRealm. Is there a way to check this? I could build a seperate > LDAP module to check this but I would say that checking if a username > exists > would be Realm behaviour. But I could be wrong here. > > Kind regards, > > Sjoerd Brauer > > > > -- > Sent from: http://shiro-user.582556.n2.nabble.com/ >
