It is certainly possible...just don't create a new ModularRealmAuthenticator - set the strategy on the one already there.
I'll have to look a bit more to answer the other question - my guess is that something is getting reused that shouldn't be. -Jared On Dec 10, 2012 8:25 PM, "Ming Hsieh" <[email protected]> wrote: > Hi Jared > > If I comment out the line > dsm.setAuthenticator(new ModularRealmAuthenticator()); > and the first login attempt the example works as expected: > org.apache.shiro.authc.pam.AllSuccessfulStrategy - Account successfully > authenticated using realm [org.apache.shiro.realm.SimpleAccountRealm@19f953d > ] > ... > org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm > [org.apache.shiro.realm.SimpleAccountRealm@1fee6fc] threw an exception > during a multi-realm authentication attempt: > org.apache.shiro.authc.IncorrectCredentialsException: Submitted > credentials for token [org.apache.shiro.authc.UsernamePasswordToken - > admin, rememberMe=false] did not match the expected credentials. > > But if I include the first login attempt both login attempt passes: > org.apache.shiro.authc.AbstractAuthenticator - Authentication successful > for token [org.apache.shiro.authc.UsernamePasswordToken - admin, > rememberMe=false]. Returned account [admin] > ... > example.ShiroTest - User [admin] logged in successfully. > > Does this mean that I cannot change the Authenticator and thus the > Strategy dynamically? > > This is what I am trying to acheive: > Initially the user sets up one realm for authentication then later he > decides to add another realm and to also set the AuthenticationStrategy. > All this without having to restart the program. > Does this mean it is not possible with Shiro? > > Thanks for your help. > > Ming > > > > On Tue, Dec 11, 2012 at 2:10 AM, Jared Bunting < > [email protected]> wrote: > >> Stupid Ctrl+Enter... >> >> Try: >> >> >> >> On Mon 10 Dec 2012 12:04:29 PM CST, Jared Bunting wrote: >> > >> > I believe that this will behave as you expect if you remove the line: >> > >> > dsm.setAuthenticator(new ModularRealmAuthenticator()); >> > >> > The reason being that the security manager doesn't expect you to change >> > out the authenticator after adding realms. This is really just an >> > implementation detail of how the security manager is setup, but your >> > new authenticator has no realms. Try: >> >> If you try using a debugger to look at "mra", you will see that the >> "realms" field has an empty Collection (I believe). >> >> >> >
