Multiple times I've found myself needing the Request instance in checkSecret()
on Guard so that I can store the authenticated user's information on the
Request as an attribute. That allows me to later use it in authorize().
Maybe we need to add another method with this implementation:
public boolean checkSecret(Request request,String identity,char [] secret) {
return checkSecret(identity,secret);
}
and then people like myself can override the default implementation.
Then in the authenticate() implementation we call this new form of checkSecret()
with the request instance.
Currently, I've been doing this by recreating the authenticate method and then
calling my new checkSecret() method. That seems a bit clunky.
--Alex Milowski
