The ModularRealmAuthenticator always loops through all the configure realms. This can get expense if you have multiple external realms configured (JDBC, LDAP, etc), and you are using the FirstSuccessfulStrategy. In this case where you had both a JDBC and LDAP realm configured you would want to drop out of the loop if the Subject was authenticated in the JDBC realm. This way you do not need to eat the cost of the LDAP query (which the results would be ignored anyway)
To solve this I added a new method to the AuthenticationStrategy Interface, this makes the change simple, but would break backwards compatibility with any custom AuthenticationStrategy NOT extending from AbstractAuthenticationStrategy. https://github.com/apache/shiro/compare/trunk...first-successful-authc-strategy#L1R99 I cannot think of any (non hackie way) alternative to this for 1.3. Anyone have any thoughts? Or any thoughts on including this in 1.3?
