Shiro custom JDBC realm

Question

I'm messing around with the Shiro Security Framework and implementing a custom JDBC realm.

The following value is currently set in my shiro.ini file

jdbcRealm.authenticationQuery = SELECT password FROM user WHERE username = ?

My question is if I extend JdbcRealm and override its doGetAuthenticationInfo(AuthenticationToken token) method will the jdbcRealm.authenticationQuery set in my shiro.ini file still be called? Or does the method override take preference over the settings in the shiro.ini file?

public class CustomJdbcRealm extends JdbcRealm 
{
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException 
    {
        // Connect to DB to get password and salt values
    }
}

Answer 1

doGetAuthenticationInfo is the main method where authentication is done from database. SO if you override it generally you are overriding authentication process. So better call super class method first then get its ino and then use it so you will not have to change anything. Also sqls in shiro.ini are automatically mapped. and they will not be changed until you override
setAuthenticationQuery, setUserRolesQuery, etc

You can easily call following method to simulate the actual process then customize it.

AuthenticationInfo  info = super.doGetAuthenticationInfo(token); 

Note, that super is a reference to the parent, but super() is it's constructor.

like:

public class CustomJdbcRealm extends JdbcRealm 
{
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException 
    {

       AuthenticationInfo  info = super.doGetAuthenticationInfo(token);
      // Your own code here 
    }
}