waffle.shiro.negotiate

Class NegotiateAuthenticationStrategy

java.lang.Object

org.apache.shiro.authc.pam.AbstractAuthenticationStrategy

waffle.shiro.negotiate.NegotiateAuthenticationStrategy

All Implemented Interfaces:

org.apache.shiro.authc.pam.AuthenticationStrategy

public class NegotiateAuthenticationStrategy
extends org.apache.shiro.authc.pam.AbstractAuthenticationStrategy

Custom authentication strategy for the negotiate logic required for SSO/Negotiate auth realm NegotiateAuthenticationRealm. When the negotiate logic is executing, one of more round trips with the client occur. When the NegotiateAuthenticationRealm determines another handshake is needed, it throws the exception: AuthenticationInProgressException. This custom strategy detects this exception, and immediately re-throws it so classes higher up in the call stack will allow the handshake to proceed. Without this added logic, the handshake could be halted after the first connection by the existing error handling.

This strategy is needed when using NegotiateAuthenticationFilter and more than one realm is configured in shiro.ini. If only one realm is defined, the current error handling in ModularRealmAuthenticator.doSingleRealmAuthentication(org.apache.shiro.realm.Realm, org.apache.shiro.authc.AuthenticationToken) works fine without requiring this strategy. However, the current error handling in ModularRealmAuthenticator.doMultiRealmAuthentication(java.util.Collection, org.apache.shiro.authc.AuthenticationToken) does require the NegotiateAuthenticationStrategy to ensure negotiate 'continue' calls will proceed. So for now, the most reliable approach is to use this strategy.

Author:

Dan Rollo Date: 3/18/13 Time: 3:31 PM

See Also:

afterAttempt(org.apache.shiro.realm.Realm, org.apache.shiro.authc.AuthenticationToken, org.apache.shiro.authc.AuthenticationInfo, org.apache.shiro.authc.AuthenticationInfo, Throwable)

Constructor Summary

Constructors

Constructor and Description
NegotiateAuthenticationStrategy()

Method Summary

Methods

Modifier and Type	Method and Description
org.apache.shiro.authc.AuthenticationInfo	afterAttempt(org.apache.shiro.realm.Realm realm, org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.authc.AuthenticationInfo singleRealmInfo, org.apache.shiro.authc.AuthenticationInfo aggregateInfo, Throwable t) When the negotiate logic is executing, one of more round trips with the client occur.

Methods inherited from class org.apache.shiro.authc.pam.AbstractAuthenticationStrategy

afterAllAttempts, beforeAllAttempts, beforeAttempt, merge

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

NegotiateAuthenticationStrategy

public NegotiateAuthenticationStrategy()

Method Detail

afterAttempt

public org.apache.shiro.authc.AuthenticationInfo afterAttempt(org.apache.shiro.realm.Realm realm,
                                                     org.apache.shiro.authc.AuthenticationToken token,
                                                     org.apache.shiro.authc.AuthenticationInfo singleRealmInfo,
                                                     org.apache.shiro.authc.AuthenticationInfo aggregateInfo,
                                                     Throwable t)

When the negotiate logic is executing, one of more round trips with the client occur. When the negotiate realm determines another handshake is needed, it throws the exception: AuthenticationInProgressException. This custom strategy detects this exception, and immediately re-throws it so classes higher up in the call stack will allow the handshake to proceed. Without this added logic, the handshake would be halted after the first connection by the existing error handling.

Specified by:

afterAttempt in interface org.apache.shiro.authc.pam.AuthenticationStrategy

Overrides:

afterAttempt in class org.apache.shiro.authc.pam.AbstractAuthenticationStrategy