Hi, I found out my problems which it similar to the post mention early in the Shiro User Forum with the title "Authentication with AD/LDAP problem".
I was using the latest Shiro 1.2.0 Here is my problem: I extend my realm to ActiveDirectoryRealm and I only override doGetAuthorizationInfo() to provide my roles/permissions from my DB. When it comes to Authentication: Right username with right password, it authenticated. Right username with wrong password, it failed to authenticated. BUT.. Right username with blank password, it AUTHENTICATED as well. Wrong username with blank password, it AUTHENTICATED as well. Summary is as long as the password is blank, it will be get authenticated. Any idea about this? Best Regards, Nick
