您需要在ModularRealmAuthenticator中指定自己的AuthenticationStrategy。ModularRealmAuthenticator默认使用AtLeastOneSuccessfulStrategy并且AtLeastOneSuccessfulStrategy忽略异常并继续尝试使用所有可用领域登录用户。
我们在tynamo项目中有一个类似的场景,为了解决这个问题,我实现了我自己的AuthenticationStrategy,称为FirstExceptionStrategy,它适用于多个领域并抛出它得到的第一个异常。只要每个Token type只有一个Realm ,这种方法就可以正常工作。
实现相当简单:
/**
* {@link org.apache.shiro.authc.pam.AuthenticationStrategy} implementation that throws the first exception it gets
* and ignores all subsequent realms. If there is no exceptions it works as the {@link FirstSuccessfulStrategy}
*
* WARN: This approach works fine as long as there is ONLY ONE Realm per Token type.
*
*/
public class FirstExceptionStrategy extends FirstSuccessfulStrategy {
@Override
public AuthenticationInfo afterAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo singleRealmInfo, AuthenticationInfo aggregateInfo, Throwable t) throws AuthenticationException {
if ((t != null) && (t instanceof AuthenticationException)) throw (AuthenticationException) t;
return super.afterAttempt(realm, token, singleRealmInfo, aggregateInfo, t);
}
}
我再说一遍,这只有在每个 Token 类型只有一个Realm 时才有效。
有关我的特定场景的更多信息,请参见此处:http: //jira.codehaus.org/browse/TYNAMO-154