In my application I perform remote authentication against a RESTful HTTP
api. Depending on the user that accesses my application, I authenticate
against different instances of the API (distinguished by hostname/port
only). My object model encapsulates this as an "AuthenticationTemplate" - an
interface which provides the method "authenticate()". Each host/port that
exposes the service maps 1-to-1 to an AuthenticationTemplate object.
I created a custom Realm implementation that calls
getSubject().getSession().getAttribute("AuthTemplateKey"), then
authenticates as required by my backing service. I like this because I only
need to register a single realm with the system security manager. However,
I'm wondering if there is a better way to do this than passing objects in a
session map. Also, is there a possibility that the Realm would be consulted
for authentication in a different thread, causing my call to getSubject() to
return an unrelated instance of Subject?
Thanks,
Ryan
