UsernamePasswordAuthenticationToken usage in Acegi Cas

[lumpynose]

I'm writing some code for Acegi for our local web proxy authentication service which is sort of like Cas but with fewer features (ours is called AWS). I'm using the Acegi Cas source files as per Ben Alex's suggestion.

One of the things that sort of bothers me with the Cas code is that CasProcessingFilter is using a UsernamePasswordAuthenticationToken as a temporary holding place for stuff and then later on it's replaced with a CasAuthenticationToken. It seems to me that the UsernamePasswordAuthenticationToken is being "bent" into service for something it wasn't originally designed for since the principal stores the CAS_xxx_IDENTIFIER and the credentials stores the Cas service ticket.

Another problem for me is that I need more fields than principal, credentials, and details. I'm thinking that instead of using UsernamePasswordAuthenticationToken I'd make a something called AwsPreAuthenticationToken, which is later replaced with AwsAuthenticationToken like CasAuthenticationToken.

Alternatively I could put my 2 bits of information into some class that mimics a C struct and store that as credentials.

I was wondering if either way is better?

Thanks

[Ben Alex]

If you're writing your own authentication mechanism (replacement for CasProcessingFilter) and authentication provider (replacement for CasAuthenticationProvider) you are free to use whichever implementation of Authentication that you like. So in this case you would just use an Authentication that has your extra properties in it.