This is what I thought, and have already tried. But I'm not sure how to get
into my doGetAuthenticationInfo() method without calling the login() method
on the subject (and passing a fake UsernamePasswordToken). And once I do get
inside doGetAuthenticationInfo(), I'm not sure what to do. As a test, I'm
trying to return a SimpleAccount (like they do in GAE Shiro), but I just get
an exception:
"org.apache.shiro.authc.IncorrectCredentialsException: Submitted credentials
for token [org.apache.shiro.authc.UsernamePasswordToken - lonestarr,
rememberMe=false] did not match the expected credentials.
at
org.apache.shiro.realm.AuthenticatingRealm.assertCredentialsMatch(AuthenticatingRealm.java:600)"
I'm not sure why Shiro is trying to match these fake credentials against
anything, or why the code is jumping from my doGetAuthenticationInfo() to
other places in the code.
Does anyone have suggestions for alternatives to Shiro? I think I'm done
with this crappy framework.
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Shiro-for-authorization-permissions-only-tp7579436p7579443.html
Sent from the Shiro User mailing list archive at Nabble.com.
