Support for Principal object in AbstractPreAuthenticatedProcessingFilter

Hi there

I noticed that the AbstractPreAuthenticatedProcessingFilter provides a nice way for customization by retrieving principal and credential from some sort of context:

protected abstract Object getPreAuthenticatedPrincipal(HttpServletRequest request);
protected abstract Object getPreAuthenticatedCredentials(HttpServletRequest request);

Unfortunately, the following lines enforce that the returned object is of type String:

private boolean requiresAuthentication(HttpServletRequest request) {
...
Object principal = getPreAuthenticatedPrincipal(request);

if (currentUser.getName().equals(principal)) {
return false;
}
...

If the principal is of type "String" we can use this kind of comparism, if it's of type Principal, we could use this:

if (currentUser.getName().equals(principal.getName()) ) {
return false;
}

or

if (currentUser.equals(principal)) {
return false;
}

What do you think?

Thanks
Oli