I would guess it was due to either Tomcat7 or Servlet3 implementation. I can check.
I think it picketlink, we need methods to both support the earlier AB and the latest AB sig changes.
Any time you do server bindings,you have to be careful about changing signatures.
I agree that supporting both AB signatures is highly desirable.
Supporting both versions of the abstract "authenticate" method is relatively easy. Simply supply stubs for both versions that delegate to a third private method that does the work.
Supporting both versions of the concrete "register" method is not so easy if we want code that is compiled under the old signature to run against the new signature. In fact I think that it requires the use of reflection.
A better solution would be to put the "authenticate" method in AB back to its old signature. I can't see how this would hurt the subclasses since they are free to treat the Request object they are given as an HttpServletRequest object.
As for the "register" method, a good suggestion made here https://community.jboss.org/message/546561#546561 is that both the old and new signatures are maintained in the AB class.
If you agree, Anil, perhaps you could suggest this fix to the appropriate folk.
Just FYI this change in the AB signature also seems to have broken the JBoss Negotiation (for SPNEGO authentication) since that contains an authentication module built against the old signature.