Hi Les, Yes, that does help. I realized the AuthenticationStrategy doesn't give me access to client provided params, so I started to try and create a sort of "composite" Filter, which would decide which token to return from AuthenticatingFilter.createToken().
I like the idea of deciding which auth to use in Realm.supports(). The problem is a matter of signalling: The client will pass a parameter that tells me which authentication method to use. However, the only time I have access to http params is earlier in the call chain (in a Filter). So, I started writing a 'DynamicAuthenticationFilter', with the idea that this filter will look for the http param, and forward any 'onAccessDenied()' call to the matching Filter subclass. Unfortunately, the 'protected' visibility of 'onAccessDenied()' prevents me from doing this. Feels like I'm fighting the framework with this approach. How could I get a signal from the client (http params) to be available in a Realm.supports() method? Thanks, and sorry for not asking more clearly. Dan -- View this message in context: http://shiro-user.582556.n2.nabble.com/User-specified-authentication-method-tp7578272p7578283.html Sent from the Shiro User mailing list archive at Nabble.com.
