You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by st...@wissel.net on 2005/05/04 18:40:53 UTC
Implementing a custom REALM and storing retrieved information
Hi there,
I'm about to code my own authentication realm implementation. I'm facing
an interesting problem. My authentication mechanism returns not only
username/password but an additional security token that I need in my
servlets to communicate with a backend system.
I will implement org.apache.catalina.Realm. When implementing the
authenticate method I intend to give back not a java.security.Principal
but
org.demo.MyPrincipal Object (which extends the java.security.Principal
object using a decorator pattern).
Questions: is that the object that later is available in my servlet when I
call: HttpServletRequest.getUserPrincipal() ? If I then would cast it into
a org.demo.MyPricipal Object would it return the additional properties I
have defined?
Or alternatively: what would be the appropriate process to get more
information delivered from the authentication process to the code running
inside the container?
:-) stw