Hi Ken, You want the AuthenticationInfo to represent what you have stored in your data store.
By passing in token.getCredentials(), your login will always work! (When the token's credentials are compared against the AuthenticationInfo's credentials, they will always match since they are the exact same!). instead, your custom code should look something like this: User myUser = queryForUser(token.getPrincipals()); return new SimpleAuthenticationInfo(myUser.getUsername(), myUser.getPassword(), bs, getName()); The AuthenticationInfo now represents data that you have already stored. The submitted token is then used to compare against this data to see if there is a match. HTH, -- Les Hazlewood | @lhazlewood CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 On Tue, Mar 19, 2013 at 1:07 PM, Ken in Nashua <[email protected]> wrote: > resolved... > > I use to do this > > return new SimpleAuthenticationInfo(username, token, bs, getName()); > } > > now I do this > > return new SimpleAuthenticationInfo(username, > token.getCredentials(), bs, getName()); > } > > inside my realm authentication routine. > > and shiro works > > ???
