shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Demers <brian.dem...@gmail.com>
Subject Re: [jira] [Commented] (SHIRO-348) Allow ModularRealmAuthorizer to ignore ShiroExceptions thrown by realms when authz is checked.
Date Tue, 05 Feb 2013 20:53:26 GMT
Anyone have any thoughts on dusting this off?

https://github.com/apache/shiro/compare/trunk...exceptionCatchingModularRealmAuthorizer

On Tue, Feb 5, 2013 at 2:40 PM, Steven Scott (JIRA) <jira@apache.org> wrote:

>
>     [
> https://issues.apache.org/jira/browse/SHIRO-348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13571653#comment-13571653]
>
> Steven Scott commented on SHIRO-348:
> ------------------------------------
>
> I ran into this today. Two realms are configured, the first is LDAP.
> During authentication LDAP throws an exception, and the subject is
> authenticated against the second. Its principles is size 1, with the name
> of the second realm. During an authorization check, all realms are asked
> (not sure if it should only be asking the subject's principles or not),
> LDAP throws an exception, and the second realm's isPermitted is never called
>
> > Allow ModularRealmAuthorizer to ignore ShiroExceptions thrown by realms
> when authz is checked.
> >
> ----------------------------------------------------------------------------------------------
> >
> >                 Key: SHIRO-348
> >                 URL: https://issues.apache.org/jira/browse/SHIRO-348
> >             Project: Shiro
> >          Issue Type: Improvement
> >          Components: Authorization (access control)
> >            Reporter: Brian Demers
> >
> > This is useful, when you have multiple realms configured and one of
> those realms throws exceptions.  In this case you may not want to stop ALL
> authz checks because one realm failed.
> > <snippet from [here|
> http://shiro-developer.582600.n2.nabble.com/ExceptionCatchingModularRealmAuthorizer-td6263689.html
> ]>
> > From Les:
> > {quote}
> > Refactoring the ModularRealmAuthorizer to use the Strategy design
> > pattern (like the ModularRealmAuthenticator) is probably the best
> > approach.  This allows pluggable strategies to be used so you don't
> > need to subclass.
> > {quote}
>
> --
> This message is automatically generated by JIRA.
> If you think it was sent incorrectly, please contact your JIRA
> administrators
> For more information on JIRA, see: http://www.atlassian.com/software/jira
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message