Hi, I am working on authentication and I have almost everything working. I have my security Valve which does its thing and it populates Subject object with my own Principals.
The problem I have is that if my Principals are not implementing GeronimoCallerPrincipal than request.getUserPrincipal() is returning null. My understanding is that this is because of the way GeronimoIdentityService.newUserIdentity() method is implemented. Now there are the questions: 1. Is there any reason why we have special GeronimoCallerPrincipal marker interface? Why we can not use just java.security.Principal? 2. Following first question: If one would replace GeronimoIdentityService with his own implementation which will distinguish between user and group type of Principal, will it break anything else? 3. How to inform Geronimo to use my implementation of IdentityService? Thank you in advance Jerzy -- View this message in context: http://apache-geronimo.328035.n3.nabble.com/GeronimoIdentityService-tp3986343.html Sent from the Users mailing list archive at Nabble.com.
