While I guess the AD Realm could implement the Authenticator interface, the Authenticator interface really represents a higher level concept than Realms:
There is typically one and only one Authenticator per Shiro SecurityManager. The Authenticator in turn knows how to coordinate across one or more Realm instances to perform authentication attempts. http://shiro.apache.org/authentication.html#Authentication-AuthenticationSequence Authenticator implementations also tend to be responsible for managing AuthenticationListeners and triggering various authentication events, which is typically not the responsibility of Realms. Also, since Shiro's default Authenticator implementations already handle the single-realm use case, they can handle apps that might have only a single AD Realm configured (i.e. no need to use the Realm as the Authenticator - just plug it in to the Authenticator that already exists). HTH, -- Les Hazlewood | @lhazlewood CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 Stormpath wins GigaOM Structure Launchpad Award! http://bit.ly/MvZkMk On Mon, Jan 7, 2013 at 9:47 PM, John Vines <[email protected]> wrote: > Is there any reason that the provided ActiveDirectoryRealm doesn't > implement the Authenticator interface? It is a really simple code change, > but I'm wondering if there was any sort of design decision against this. >
