michael-o commented on PR #473: URL: https://github.com/apache/tomcat/pull/473#issuecomment-3189874167
> I kinda think this is out of scope for the container. There are _loads_ of wonderful things we could add to `GenericPrincipal` and eventually Tomcat becomes an application framework. > > When I started out with the servlet spec, it was clear to me that Principal wasn't going to be enough to handle "real" user information and so we load our own `User` object after authentication and stick it into the user's session. You can do whatever you want, there, of course, and it doesn't require container support, and remains portable between containers. > > I might even recommend reverting [fd5b0fb](https://github.com/apache/tomcat/commit/fd5b0fb6ea4aeeea8a3b3c95064b803068d531f9). That would break some stuff. I'd the gain worth the pain? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
