Yep, Jared's recommendation is a good one. For added color: the 'AllowAllCredentialsMatcher' is a non-null matcher that effectively bypasses any credential comparison logic inside Shiro. You would only want to enable this matcher if your back-end data store used by the Realm asserts credentials match directly during an authentication attempt.
Cheers, -- Les Hazlewood CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> | 888.391.5282 twitter: @lhazlewood | http://twitter.com/lhazlewood blog: http://leshazlewood.com stormpath blog: http://www.stormpath.com/blog<http://www.stormpath.com/blog/index> On Sat, Jun 23, 2012 at 1:02 PM, Marcus Bond <[email protected]>wrote: > Thanks Jared, I will look into that, sounds just the ticket. > Marcus. > > -----Original Message----- > From: Jared Bunting [mailto:[email protected]] > Sent: 22 June 2012 14:31 > To: [email protected] > Subject: Re: Delegating credentials matching > > One example if this is the JndiLdapRealm. In doGetAuthenticationInfo, it > passes the credentials to the directory, and if the authentication fails, > it throws an AuthenticationException. Meanwhile, it sets its > CredentialsMatcher to "AllowAllCredentialsMatcher". > > Hope that helps, > Jared > > On Fri 22 Jun 2012 07:00:38 AM CDT, Marcus Bond wrote: > > Hi, I wondered if anyone has done anything where there has been a need > > to pass credentials to a service for authentication? > > > > > > > > I have a situation where a user gives username and password but there > > is no way for me to retrieve the stored credentials to match – what > > should happen is that the credentials are sent to a remote service > > which will in turn say they are good or otherwise. Is there a “Shiro > > way” of doing this? > > > > > > > > Marcus. > > > > > >
