You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by st...@wissel.net on 2005/05/04 18:40:53 UTC

Implementing a custom REALM and storing retrieved information

Hi there,

I'm about to code my own authentication realm implementation. I'm facing 
an interesting problem. My authentication mechanism returns not only 
username/password but an additional security token that I need in my 
servlets to communicate with a backend system.

I will implement org.apache.catalina.Realm. When implementing the 
authenticate method I intend to give back not  a java.security.Principal 
but
org.demo.MyPrincipal Object (which extends the java.security.Principal 
object using a decorator pattern).

Questions: is that the object that later is available in my servlet when I 
call: HttpServletRequest.getUserPrincipal() ? If I then would cast it into 
a org.demo.MyPricipal Object would it return the additional properties I 
have defined?

Or alternatively: what would be the appropriate process to get more 
information delivered from the authentication process to the code running 
inside the container?

:-) stw