I am writing a custom login module. This will be the only acceptable way to authenticate for my application. Is there any reason to check for the exitstence of a principal stored with javax.security.auth.login.name?

Parts of the application will depend on a custom principal object, so any other principal that may be retrieved from the shared state would not be sufficient.

Am I missing something else of significance?