Return-Path: X-Original-To: apmail-shiro-dev-archive@www.apache.org Delivered-To: apmail-shiro-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EC50717D63 for ; Thu, 27 Aug 2015 23:53:45 +0000 (UTC) Received: (qmail 78035 invoked by uid 500); 27 Aug 2015 23:53:45 -0000 Delivered-To: apmail-shiro-dev-archive@shiro.apache.org Received: (qmail 77990 invoked by uid 500); 27 Aug 2015 23:53:45 -0000 Mailing-List: contact dev-help@shiro.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@shiro.apache.org Delivered-To: mailing list dev@shiro.apache.org Received: (qmail 77973 invoked by uid 99); 27 Aug 2015 23:53:45 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Aug 2015 23:53:45 +0000 Date: Thu, 27 Aug 2015 23:53:45 +0000 (UTC) From: "Brian Demers (JIRA)" To: dev@shiro.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (SHIRO-540) Allow for authentication strategy to stop checking realms after first success MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/SHIRO-540?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Brian Demers updated SHIRO-540: ------------------------------- Priority: Minor (was: Major) Fix Version/s: 2.0.0 Description: The current ModularRealmAuthenticator will continue to check all realms for authc. While this is handy in some cases, it is also desirable not continue checking realms after the first successful realm (especially when using an external auth source like LDAP or a DB) I've worked around this in the past by extending an above authenticator to return after the first success. As well as put a potential solution on this branch: https://github.com/bdemers/shiro/commit/b8a631877fee239413b45dbfc118de2759ab9c75 (however this would need to be updated for 2.0) Example workaround pre 2.0: https://github.com/sonatype/nexus-oss/blob/master/components/nexus-security/src/main/java/org/sonatype/nexus/security/authc/FirstSuccessfulModularRealmAuthenticator.java was: Hi, my name is Mariano. We are using shiro for validate java app wiht ldap. We have two ldaps configured in shiro, one of this is for backup. The problem is that the ldap requests goes through both servers. We need to all requests goes to the first ldap and only in case that this ldap doesn't work goes to the second. It's that posible? tia, Mariano. Component/s: Authorization (access control) Issue Type: Improvement (was: Question) Summary: Allow for authentication strategy to stop checking realms after first success (was: shiro informartion) Ideally this should have been posted to the mailing list, but I realized we don't have an issue that tracks this. Original question from Mariano: Hi, my name is Mariano. We are using shiro for validate java app wiht ldap. We have two ldaps configured in shiro, one of this is for backup. The problem is that the ldap requests goes through both servers. We need to all requests goes to the first ldap and only in case that this ldap doesn't work goes to the second. It's that posible? tia, Mariano. > Allow for authentication strategy to stop checking realms after first success > ----------------------------------------------------------------------------- > > Key: SHIRO-540 > URL: https://issues.apache.org/jira/browse/SHIRO-540 > Project: Shiro > Issue Type: Improvement > Components: Authorization (access control) > Reporter: Mariano Tewel > Priority: Minor > Fix For: 2.0.0 > > > The current ModularRealmAuthenticator will continue to check all realms for authc. While this is handy in some cases, it is also desirable not continue checking realms after the first successful realm (especially when using an external auth source like LDAP or a DB) > I've worked around this in the past by extending an above authenticator to return after the first success. As well as put a potential solution on this branch: https://github.com/bdemers/shiro/commit/b8a631877fee239413b45dbfc118de2759ab9c75 (however this would need to be updated for 2.0) > Example workaround pre 2.0: https://github.com/sonatype/nexus-oss/blob/master/components/nexus-security/src/main/java/org/sonatype/nexus/security/authc/FirstSuccessfulModularRealmAuthenticator.java -- This message was sent by Atlassian JIRA (v6.3.4#6332)