[
https://issues.apache.org/jira/browse/SHIRO-747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17057214#comment-17057214
]
Tommy Becker commented on SHIRO-747:
------------------------------------
Sorry for the brevity [~bdemers]. I'm using Shiro 1.5.1, configured via Guice.
Here's the relevant part:
{code:java}
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
ModularRealmAuthenticator authenticator = (ModularRealmAuthenticator)
securityManager.getAuthenticator();
FirstSuccessfulStrategy authStrategy = new FirstSuccessfulStrategy();
authStrategy.setStopAfterFirstSuccess(true);
authenticator.setAuthenticationStrategy(authStrategy);
{code}
I verified it is configured correctly and being executed via debugger. This is
what I was referring to in the description (comment mine):
{code:java}
public AuthenticationInfo beforeAttempt(Realm realm, AuthenticationToken
token, AuthenticationInfo aggregate) throws AuthenticationException {
if (getStopAfterFirstSuccess() && aggregate != null &&
isEmpty(aggregate.getPrincipals())) { // <-- Should this not be !isEmpty()??
throw new ShortCircuitIterationException();
}
return aggregate;
}
{code}
> FirstSuccessfulStrategy doesn't properly short circuit
> ------------------------------------------------------
>
> Key: SHIRO-747
> URL: https://issues.apache.org/jira/browse/SHIRO-747
> Project: Shiro
> Issue Type: Bug
> Affects Versions: 1.5.1
> Reporter: Tommy Becker
> Priority: Major
>
> SHIRO-669 supposedly added a method to skip subsequent authentications if one
> had already succeeded. But it doesn't work; it conditions throwing the
> ShortCircuitIterationException in beforeAttempt() in part on the
> PrincipalCollection being empty, which it will (properly) not be if an
> authentication has succeeded. I believe the check should be that the it is
> *not* empty. Was this tested??
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
