[jira] [Commented] (SHIRO-348) Allow ModularRealmAuthorizer to ignore ShiroExceptions thrown by realms when authz is checked.

Fri, 09 Mar 2012 07:41:20 -0800 

    [ 
https://issues.apache.org/jira/browse/SHIRO-348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13226147#comment-13226147
 ] 

Brian Demers commented on SHIRO-348:
------------------------------------

Les, you still think a strategy is the way to go?
If so how involved are you thinking?

The AuthenticatorStrategy is pretty simple, as it is around a single method in 
the Authenticator interface.  The Authorizer Interfaces is a bit more involved 
and already has some of the useful methods broken out.  For example 
Authorizer.isPermittedAll(...) is similar to using the AllSuccessfulStrategy 
with the ModularRealmAuthenticator.

To keep an AuthorizerStrategy simple we could just create an after( 
PrincipalCollection, Realm, Exception) method.  This would allow for more 
flexibility then a simple boolean (see below)

Any other use cases would be handy if we go the strategy route.

Alternatively, I have a simple (less flexible) option 
[here|https://github.com/apache/shiro/compare/trunk...exceptionCatchingModularRealmAuthorizer]
(or look at the Jira Commits tab)

 

                
> Allow ModularRealmAuthorizer to ignore ShiroExceptions thrown by realms when 
> authz is checked.
> ----------------------------------------------------------------------------------------------
>
>                 Key: SHIRO-348
>                 URL: https://issues.apache.org/jira/browse/SHIRO-348
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Authorization (access control) 
>            Reporter: Brian Demers
>
> This is useful, when you have multiple realms configured and one of those 
> realms throws exceptions.  In this case you may not want to stop ALL authz 
> checks because one realm failed.
> <snippet from 
> [here|http://shiro-developer.582600.n2.nabble.com/ExceptionCatchingModularRealmAuthorizer-td6263689.html]>
> From Les:
> {quote}
> Refactoring the ModularRealmAuthorizer to use the Strategy design
> pattern (like the ModularRealmAuthenticator) is probably the best
> approach.  This allows pluggable strategies to be used so you don't
> need to subclass.
> {quote}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to