Howdy, Just out of curiosity, what prevents you from extending / wrapping GenericPrincipal in one of your own classes, and using that in a custom realm you write?
Yoav Shapira Millennium ChemInformatics >-----Original Message----- >From: Tomcat User [mailto:[EMAIL PROTECTED] >Sent: Thursday, June 26, 2003 2:06 PM >To: [EMAIL PROTECTED] >Subject: GenericPrincipal & Realms > >Is there a reason why org.apache.catalina.realm.GenericPrincipal is always >used to mask the true principal behind the authenticaion process within >each realm? > >Why does Tomcat limit the ability to provide a more complex Principal when >HttpServletRequest.getUserPrincipal() is called? > >If anyone knows of any security risks by providing this more complex type >(other than what the designer of the type introduces by faulty >programming), I would like to hear them as well.... > >Randy Secrist This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
