shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Demers (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SHIRO-540) Allow for authentication strategy to stop checking realms after first success
Date Thu, 27 Aug 2015 23:53:45 GMT

     [ https://issues.apache.org/jira/browse/SHIRO-540?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Brian Demers updated SHIRO-540:
-------------------------------
         Priority: Minor  (was: Major)
    Fix Version/s: 2.0.0
      Description: 
The current ModularRealmAuthenticator will continue to check all realms for authc.  While
this is handy in some cases, it is also desirable not continue checking realms after the first
successful realm (especially when using an external auth source like LDAP or a DB)


I've worked around this in the past by extending an above authenticator to return after the
first success.  As well as put a potential solution on this branch: https://github.com/bdemers/shiro/commit/b8a631877fee239413b45dbfc118de2759ab9c75
(however this would need to be updated for 2.0)


Example workaround pre 2.0: https://github.com/sonatype/nexus-oss/blob/master/components/nexus-security/src/main/java/org/sonatype/nexus/security/authc/FirstSuccessfulModularRealmAuthenticator.java

  was:
Hi, my name is Mariano. We are using shiro for validate java app wiht ldap. We have two ldaps
configured in shiro, one of this is  for backup. The problem is that the ldap requests goes
through both servers. We need to all requests goes to the first ldap and only in case that
this ldap doesn't work goes to the second. It's that posible?

tia,
Mariano.

      Component/s: Authorization (access control) 
       Issue Type: Improvement  (was: Question)
          Summary: Allow for authentication strategy to stop checking realms after first success
 (was: shiro informartion)

Ideally this should have been posted to the mailing list, but I realized we don't have an
issue that tracks this.

Original question from Mariano:

Hi, my name is Mariano. We are using shiro for validate java app wiht ldap. We have two ldaps
configured in shiro, one of this is  for backup. The problem is that the ldap requests goes
through both servers. We need to all requests goes to the first ldap and only in case that
this ldap doesn't work goes to the second. It's that posible?

tia,
Mariano.

> Allow for authentication strategy to stop checking realms after first success
> -----------------------------------------------------------------------------
>
>                 Key: SHIRO-540
>                 URL: https://issues.apache.org/jira/browse/SHIRO-540
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Authorization (access control) 
>            Reporter: Mariano Tewel
>            Priority: Minor
>             Fix For: 2.0.0
>
>
> The current ModularRealmAuthenticator will continue to check all realms for authc.  While
this is handy in some cases, it is also desirable not continue checking realms after the first
successful realm (especially when using an external auth source like LDAP or a DB)
> I've worked around this in the past by extending an above authenticator to return after
the first success.  As well as put a potential solution on this branch: https://github.com/bdemers/shiro/commit/b8a631877fee239413b45dbfc118de2759ab9c75
(however this would need to be updated for 2.0)
> Example workaround pre 2.0: https://github.com/sonatype/nexus-oss/blob/master/components/nexus-security/src/main/java/org/sonatype/nexus/security/authc/FirstSuccessfulModularRealmAuthenticator.java



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message