[
https://issues.apache.org/jira/browse/SHIRO-348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13571653#comment-13571653
]
Steven Scott commented on SHIRO-348:
------------------------------------
I ran into this today. Two realms are configured, the first is LDAP. During
authentication LDAP throws an exception, and the subject is authenticated
against the second. Its principles is size 1, with the name of the second
realm. During an authorization check, all realms are asked (not sure if it
should only be asking the subject's principles or not), LDAP throws an
exception, and the second realm's isPermitted is never called
> Allow ModularRealmAuthorizer to ignore ShiroExceptions thrown by realms when
> authz is checked.
> ----------------------------------------------------------------------------------------------
>
> Key: SHIRO-348
> URL: https://issues.apache.org/jira/browse/SHIRO-348
> Project: Shiro
> Issue Type: Improvement
> Components: Authorization (access control)
> Reporter: Brian Demers
>
> This is useful, when you have multiple realms configured and one of those
> realms throws exceptions. In this case you may not want to stop ALL authz
> checks because one realm failed.
> <snippet from
> [here|http://shiro-developer.582600.n2.nabble.com/ExceptionCatchingModularRealmAuthorizer-td6263689.html]>
> From Les:
> {quote}
> Refactoring the ModularRealmAuthorizer to use the Strategy design
> pattern (like the ModularRealmAuthenticator) is probably the best
> approach. This allows pluggable strategies to be used so you don't
> need to subclass.
> {quote}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
