Hi there, I'm about to code my own authentication realm implementation. I'm facing an interesting problem. My authentication mechanism returns not only username/password but an additional security token that I need in my servlets to communicate with a backend system.
I will implement org.apache.catalina.Realm. When implementing the authenticate method I intend to give back not a java.security.Principal but org.demo.MyPrincipal Object (which extends the java.security.Principal object using a decorator pattern). Questions: is that the object that later is available in my servlet when I call: HttpServletRequest.getUserPrincipal() ? If I then would cast it into a org.demo.MyPricipal Object would it return the additional properties I have defined? Or alternatively: what would be the appropriate process to get more information delivered from the authentication process to the code running inside the container? :-) stw