shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <lhazlew...@apache.org>
Subject Re: Authentication with ActiveDirectoryRealm?
Date Tue, 08 Jan 2013 18:21:12 GMT
While I guess the AD Realm could implement the Authenticator interface, the
Authenticator interface really represents a higher level concept than
Realms:

There is typically one and only one Authenticator per Shiro
SecurityManager.  The Authenticator in turn knows how to coordinate across
one or more Realm instances to perform authentication attempts.
http://shiro.apache.org/authentication.html#Authentication-AuthenticationSequence

Authenticator implementations also tend to be responsible for managing
AuthenticationListeners and triggering various authentication events, which
is typically not the responsibility of Realms.  Also, since Shiro's default
Authenticator implementations already handle the single-realm use case,
they can handle apps that might have only a single AD Realm configured
(i.e. no need to use the Realm as the Authenticator - just plug it in to
the Authenticator that already exists).

HTH,

--
Les Hazlewood | @lhazlewood
CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
Stormpath wins GigaOM Structure Launchpad Award! http://bit.ly/MvZkMk

On Mon, Jan 7, 2013 at 9:47 PM, John Vines <vines@apache.org> wrote:

> Is there any reason that the provided ActiveDirectoryRealm doesn't
> implement the Authenticator interface? It is a really simple code change,
> but I'm wondering if there was any sort of design decision against this.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message