Hello nasradu8, thanks for the response.
I must say, I came across your blog post earlier today and it was very helpful and like to say thanks. I actually plugged your implementation into my container and was able to get it working fairly easily. The issue I do have however, is casting the principal that I get out of the request to my custom principal. It appears that the custom principal set in the LoginModule gets turned into a com.sun.web.security.WebPrincipal somewhere along the way which will not allow me to cast back to my custom principal.
This brings me to two questions:
1) I am implementing form based authentication compared to your basic authentication example. Either there is something wrong with my implementation (most likely) or there is something different/unique between a custom authentication module for form based authentication and basic authentication. If there should be no differences or obstacles between the two, then I should be able to get my implementation working by following your code example. Do you know of any differences between the two that would be causing me issues or should I just look more at the code?
2) Is there a way to replace the com.sun.web.security.WebPrincipal or use another technique (maybe a servlet filter) that will allow me to access my custom principal from a servlet? I am trying to keep this as not tied to a specific container as possible, and not have to resort to servlet filters if possible. One possible solution I've toyed with is just storing my custom principal in the user's session and just providing documentation on how to access it. I need a few additional attributes, like organization that seem like they fit into the principal/authentication scheme best, which is why I'm trying to accomplish this at this layer.
Again, thanks for the reply and your blog entry.
[Message sent by forum member 'unistd_h']
http://forums.java.net/jive/thread.jspa?messageID=476813