Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p><code>FirstSuccessfulStrategy</code> means that your authenticator will try all your realms to authenticate user until the first successful. Your realms was configured in order: <code>ldapRealm</code>, <code>SaltedSha512JPARealm</code>. So if <code>lapRealm</code> will fail authenticator will try second one. To solve this you can try to configure the most successful or the quickest realm to be first, e.g. you can change your realms order to be <code>SaltedSha512JPARealm</code>, <code>ldapRealm</code>:</p> <pre><code>&lt;bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager" depends-on="roleRepository,roleRightRepository,rightRepository,userRepository"&gt; &lt;property name="realms"&gt; &lt;list&gt; &lt;ref local="SaltedSha512JPARealm"/&gt; &lt;ref local="ldapRealm"/&gt; &lt;/list&gt; &lt;/property&gt; &lt;property name="authenticator.authenticationStrategy"&gt; &lt;bean class="org.apache.shiro.authc.pam.FirstSuccessfulStrategy"/&gt; &lt;/property&gt; &lt;/bean&gt; </code></pre> <p>But you should understand that for this configuration if <code>SaltedSha512JPARealm</code> will fail, authenticator will try <code>ldapRealm</code>.</p> <p>Or you can try to use different token classes for this realms. But it will work only if you have different authentication entry points for each of them.</p> <p><strong>UPD</strong></p> <p>It seems that <code>ModularRealmAuthenticator</code> is designed so that it will always try to authenticate user by all realms. <code>FirstSuccessfulStrategy</code> can affect only on authentication result. It will return first successful <code>AuthenticationInfo</code>. To achieve your goal you need to override <code>ModularRealmAuthenticator#doMultiRealmAuthentication</code> method. It can look like this:</p> <pre><code>protected AuthenticationInfo doMultiRealmAuthentication(Collection&lt;Realm&gt; realms, AuthenticationToken token) { AuthenticationStrategy strategy = getAuthenticationStrategy(); AuthenticationInfo aggregate = strategy.beforeAllAttempts(realms, token); if (log.isTraceEnabled()) { log.trace("Iterating through {} realms for PAM authentication", realms.size()); } for (Realm realm : realms) { aggregate = strategy.beforeAttempt(realm, token, aggregate); if (realm.supports(token)) { log.trace("Attempting to authenticate token [{}] using realm [{}]", token, realm); AuthenticationInfo info = null; Throwable t = null; try { info = realm.getAuthenticationInfo(token); } catch (Throwable throwable) { t = throwable; if (log.isDebugEnabled()) { String msg = "Realm [" + realm + "] threw an exception during a multi-realm authentication attempt:"; log.debug(msg, t); } } aggregate = strategy.afterAttempt(realm, token, info, aggregate, t); // dirty dirty hack if (aggregate != null &amp;&amp; !CollectionUtils.isEmpty(aggregate.getPrincipals())) { return aggregate; } // end dirty dirty hack } else { log.debug("Realm [{}] does not support token {}. Skipping realm.", realm, token); } } aggregate = strategy.afterAllAttempts(token, aggregate); return aggregate; } </code></pre>
    singulars
    1. This table or related slice is empty.
    1. POapache shiro: how to set the authenticationStrategy using spring applicationcontext?
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USsody
    1. USsody
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. COthanks for your answer. My problem is that even after a successful authentication against `stuart ldap server`(http://blog.stuartlewis.com/2008/07/07/test-ldap-service/) , it tries to authenticate against database using `SaltedSha512JPARealm`. That's why i though something is wrong with my configuration. knowing ldapRealm was added first it should not happen right?
      singulars
      1. PO
      1. USblack sensei
    2. COYou are right. It seems that `ModularRealmAuthenticator` is designed so that it will always try to authenticate user by all realms. Just updated answer.
      singulars
      1. PO
      1. USsody
    3. COHi sorry for the late response. i've tried using different token and create them based on the combobox i put on the UI just like MS windows login for switching domain.That's my quick fix for now. I will try this solution in next iteration, i'm caught by deadline. so that fix works fine for the UI guy and management.
      singulars
      1. PO
      1. USblack sensei
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload