So for the first issue of checking all the Realms, even after a successful Auth takes place...I just extended the ModularRealmAuthenticator to simple stop checking other Realms once it gets a valid Auth.
I would like to only check Authorization on the Realm that was Authenticated though. I am not sure how to do it without digging into the Realm cache to determine if the given Subject was authenticated with a given Realm. Seems like there should be an easier way, especially in the case where caching is turned off. -- Sent from: http://shiro-user.582556.n2.nabble.com/
