Hi there!
This question is about Authenticator package. I appreciate if anyone can help me. Im implementing a Valve and a Realm to provides authentication and authorization using two authentications methods at the same time : FORM and CERT-CLIENT. Obviously, Im looking to authenticator package code, more precisely to AuthenticatorBase.class and FormAuthenticator.class, and analyzing that. In this analyze has emerged some questions about what the author are doing in invoke method in AuthenticatiorBase class. In other words, what I would like to know is, why the author are putting the Principal on the request, and the next step is authenticate the request?! I dont understand the reason why we have to pass the request to authenticate method in FormAuthenticator class, because that method isnt doing anything if the request has a principal. This doesnt make any sense, because first we put the principal on the request and next, in the authenticate method, we just test if the request has a principal. Why we have to put the principal on the request?! Why we cannot just authenticate the user if the request has a principal, or if the principal is in internal session?! Im a little bit confused about that J Thanks for everything, Regards from Braga, Portugal, Bárbara Vieira
