package com.yuanchu.limslaboratory.shiro; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.pam.AuthenticationStrategy; import org.apache.shiro.authc.pam.ModularRealmAuthenticator; import org.apache.shiro.realm.Realm; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.util.Collection; public class MultiRealmAuthenticator extends ModularRealmAuthenticator { private static final Logger log = LoggerFactory.getLogger(MultiRealmAuthenticator.class); @Override protected AuthenticationInfo doMultiRealmAuthentication(Collection realms, AuthenticationToken token) throws AuthenticationException { AuthenticationStrategy strategy = getAuthenticationStrategy(); AuthenticationInfo aggregate = strategy.beforeAllAttempts(realms, token); if (log.isTraceEnabled()) { log.trace("Iterating through {} realms for PAM authentication", realms.size()); } AuthenticationException authenticationException = null; for (Realm realm : realms) { aggregate = strategy.beforeAttempt(realm, token, aggregate); if (realm.supports(token)) { log.trace("Attempting to authenticate token [{}] using realm [{}]", token, realm); AuthenticationInfo info = null; try { info = realm.getAuthenticationInfo(token); } catch (AuthenticationException e) { authenticationException = e; if (log.isDebugEnabled()) { String msg = "Realm [" + realm + "] threw an exception during a multi-realm authentication attempt:"; log.debug(msg, e); } } aggregate = strategy.afterAttempt(realm, token, info, aggregate, authenticationException); } else { log.debug("Realm [{}] does not support token {}. Skipping realm.", realm, token); } } if (authenticationException != null) { throw authenticationException; } aggregate = strategy.afterAllAttempts(token, aggregate); return aggregate; } }