Hi,
On Wed, Dec 30, 2015 at 12:08 PM, Rudy De Busscher <rdebusscher_at_gmail.com>
wrote:
> I would use a Principal instead of the "String getCallerName()". It also
> has the getName() method and has the benefit that an implementation can
> return a subtype of java.security.Principal. (as you mention)
>
I did a quick implementation of this here:
https://github.com/arjantijms/mechanism-to-store-x/commit/b8522ee7c60de2ad2b11e00dddcd8e1a45b3e4d0
For this I introduced a new type, javax.security.CallerPrincipal. It's a
class for now, but maybe this one can better be an interface (not sure
yet). Another thing it was contemplating is adding a wrapper type,
e.g. javax.security.CallerPrincipalWrapper, for when an existing Principal
needs to be used that can not be made to extend or
implement javax.security.CallerPrincipal.
I'm not 100% sure if we can add types to javax.security directly, but since
the JSR proposed "javax.security" I guess we can.
The nice thing of consistently using CallerPrincipal is also that it sort
of standardises the Principal type used for the caller principal (something
Java EE failed to do before). Of course to really standardise it some more
work is needed (alignment with JASPIC, JACC, Servlet, etc).
Kind regards,
Arjan Tijms