shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lhazlew...@apache.org
Subject svn commit: r816686 - /incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/pam/ModularRealmAuthenticator.java
Date Fri, 18 Sep 2009 15:54:38 GMT
Author: lhazlewood
Date: Fri Sep 18 15:54:38 2009
New Revision: 816686

URL: http://svn.apache.org/viewvc?rev=816686&view=rev
Log:
SHIRO-104 - changed the default AuthenticationStrategy to AtLeastOneSuccessfulStrategy to
cater to most users' needs.

Modified:
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/pam/ModularRealmAuthenticator.java

Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/pam/ModularRealmAuthenticator.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/pam/ModularRealmAuthenticator.java?rev=816686&r1=816685&r2=816686&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/pam/ModularRealmAuthenticator.java
(original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authc/pam/ModularRealmAuthenticator.java
Fri Sep 18 15:54:38 2009
@@ -18,35 +18,29 @@
  */
 package org.apache.shiro.authc.pam;
 
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
+import org.apache.shiro.authc.*;
+import org.apache.shiro.realm.Realm;
+import org.apache.shiro.subject.PrincipalCollection;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import org.apache.shiro.authc.AbstractAuthenticator;
-import org.apache.shiro.authc.AuthenticationException;
-import org.apache.shiro.authc.AuthenticationInfo;
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.authc.LogoutAware;
-import org.apache.shiro.authc.UnknownAccountException;
-import org.apache.shiro.realm.Realm;
-import org.apache.shiro.subject.PrincipalCollection;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
 
 /**
  * A <tt>ModularRealmAuthenticator</tt> delgates account lookups to a pluggable
(modular) collection of
  * {@link Realm}s.  This enables PAM (Pluggable Authentication Module) behavior in Shiro.
  * In addition to authorization duties, a Shiro Realm can also be thought of a PAM 'module'.
- *
+ * <p/>
  * <p>Using this Authenticator allows you to &quot;plug-in&quot; your own
  * <tt>Realm</tt>s as you see fit.  Common realms are those based on accessing
  * LDAP, relational databases, file systems, etc.
- *
+ * <p/>
  * <p>If only one realm is configured (this is often the case for most applications),
authentication success is naturally
  * only dependent upon invoking this one Realm's
  * {@link Realm#getAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)} method.
- *
+ * <p/>
  * <p>But if two or more realms are configured, PAM behavior is implemented by iterating
over the collection of realms
  * and interacting with each over the course of the authentication attempt.  As this is more
complicated, this
  * authenticator allows customized behavior for interpreting what happens when interacting
with multiple realms - for
@@ -54,11 +48,11 @@
  * successful, or some other interpretation.  This customized behavior can be performed via
the use of a
  * {@link #setAuthenticationStrategy(AuthenticationStrategy) AuthenticationStrategy}, which
  * you can inject as a property of this class.
- *
+ * <p/>
  * <p>The strategy object provides callback methods that allow you to
  * determine what constitutes a success or failure in a multi-realm (PAM) scenario.  And
because this only makes sense
  * in a mult-realm scenario, the strategy object is only utilized when more than one Realm
is configured.
- *
+ * <p/>
  * <p>For greater security in a multi-realm configuration, unless overridden, the default
implementation is the
  * {@link AllSuccessfulStrategy AllSuccessfulAuthenticationStrategy}
  *
@@ -99,7 +93,7 @@
      * by default.
      */
     public ModularRealmAuthenticator() {
-        AuthenticationStrategy strategy = new AllSuccessfulStrategy();
+        AuthenticationStrategy strategy = new AtLeastOneSuccessfulStrategy();
         setAuthenticationStrategy(strategy);
     }
 
@@ -163,7 +157,7 @@
     /**
      * Returns the <tt>AuthenticationStrategy</tt> utilized by this modular authenticator
during a multi-realm
      * log-in attempt.  This object is only used when two or more Realms are configured.
-     *
+     * <p/>
      * <p>Unless overridden by
      * the {@link #setAuthenticationStrategy(AuthenticationStrategy)} method, the default
implementation
      * is the {@link AllSuccessfulStrategy}.
@@ -282,14 +276,14 @@
      * <p>Attempts to authenticate the given token by iterating over the internal collection
of
      * {@link Realm}s.  For each realm, first the {@link Realm#supports(org.apache.shiro.authc.AuthenticationToken)}
      * method will be called to determine if the realm supports the <tt>authenticationToken</tt>
method argument.
-     *
+     * <p/>
      * If a realm does support
      * the token, its {@link Realm#getAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)}
      * method will be called.  If the realm returns a non-null account, the token will be
      * considered authenticated for that realm and the account data recorded.  If the realm
returns <tt>null</tt>,
      * the next realm will be consulted.  If no realms support the token or all supporting
realms return null,
      * an {@link AuthenticationException} will be thrown to indicate that the user could
not be authenticated.
-     *
+     * <p/>
      * <p>After all realms have been consulted, the information from each realm is
aggregated into a single
      * {@link AuthenticationInfo} object and returned.
      *
@@ -315,7 +309,7 @@
      * wrapped <tt>Realm</tt> that implements the {@link LogoutAware LogoutAware}
interface, calls
      * <code>((LogoutAware)realm).onLogout(principals)</code> to allow each realm
the opportunity to perform
      * logout/cleanup operations during an user-logout.
-     *
+     * <p/>
      * <p>Shiro's Realm implementations all implement the <tt>LogoutAware</tt>
interface by default and can be
      * overridden for realm-specific logout logic.
      *



Mime
View raw message