I would like to propose a feature: use case: We are developing a big media platform with lots of services (rest, web ...) We are using several realms to auth and authz users
For exmaple we use: token realm - to login user with predefined token username password - realm to login user with user password username hashed password - realm to login user with user hashed password and all realms are called on authentication ... you get my frustration ? ;) problem: if user loges in with username and password, username hashed password realm creates invalid auth info and exception is thrown. if user loges in with username and hased password, username password realm creates invalid auth info and exception is thrown. It's annoying to get this exeception instead of just message .. "REALM DID NOT AUTH XYZ" .. specialy if for every rest cal I get exceptions in log ... and I really cant turn of the logs ... well guess what we really need them ... example of 1 log message... but you can image we have them gozzilion Suggestion: Shiro should throw exception depending on authentication strategy and combine if multiple realms on authentication failed And I'm open to other suggestions as well ! Regards Armando -- View this message in context: http://shiro-user.582556.n2.nabble.com/Feature-request-Stop-throwing-exceptions-on-invalid-authentication-info-tp7581669.html Sent from the Shiro User mailing list archive at Nabble.com.
