Hello I have a question about propagating the java.security.Principal returned from a call to HttpServletRequest.getUserPrincipal(). At some point deep in the application code (not EJB, sorry), it is necessary to carry out authorization checks. At that point the Principal is required in order to determine access rights, etc. Unf there is no way of just pulling the current principal out of the enviroment, and I would prefer not to require every method call to explicity pass the principal. The only way that I can think of of passing this information is to create a thread local object in which to hold the principal (using ThreadLocal). Then each thread started for a request can hold the principal. This seems somewhat cumbersome. Is there an easier way? thanks!
<i>Truth is one; the wise call it by many names</i> (Rig Veda I.64.46)