Thanks Les,
I had previously implemented a quick cludge that effectively did the same thing, my credentials matcher didn't actually do the matching but instead attempted to perform HTTP basic authentication against a web server.. it worked but wasn't pretty code.. I think a refactor using this approach is in order. Cheers guys, Marcus. From: Les Hazlewood [mailto:[email protected]] Sent: 26 June 2012 21:42 To: [email protected] Subject: Re: Delegating credentials matching Yep, Jared's recommendation is a good one. For added color: the 'AllowAllCredentialsMatcher' is a non-null matcher that effectively bypasses any credential comparison logic inside Shiro. You would only want to enable this matcher if your back-end data store used by the Realm asserts credentials match directly during an authentication attempt. Cheers, -- Les Hazlewood CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> | 888.391.5282 twitter: @lhazlewood | http://twitter.com/lhazlewood blog: http://leshazlewood.com <http://leshazlewood.com/> stormpath blog: http://www.stormpath.com/blog <http://www.stormpath.com/blog/index> On Sat, Jun 23, 2012 at 1:02 PM, Marcus Bond <[email protected]> wrote: Thanks Jared, I will look into that, sounds just the ticket. Marcus. -----Original Message----- From: Jared Bunting [mailto:[email protected]] Sent: 22 June 2012 14:31 To: [email protected] Subject: Re: Delegating credentials matching One example if this is the JndiLdapRealm. In doGetAuthenticationInfo, it passes the credentials to the directory, and if the authentication fails, it throws an AuthenticationException. Meanwhile, it sets its CredentialsMatcher to "AllowAllCredentialsMatcher". Hope that helps, Jared On Fri 22 Jun 2012 07:00:38 AM CDT, Marcus Bond wrote: > Hi, I wondered if anyone has done anything where there has been a need > to pass credentials to a service for authentication? > > > > I have a situation where a user gives username and password but there > is no way for me to retrieve the stored credentials to match - what > should happen is that the credentials are sent to a remote service > which will in turn say they are good or otherwise. Is there a "Shiro > way" of doing this? > > > > Marcus. >
