I am writing a custom login module. This will be the only acceptable way to authenticate for my application. Is there any reason to check for the exitstence of a principal stored with javax.security.auth.login.name?
Parts of the application will depend on a custom principal object, so any other principal that may be retrieved from the shared state would not be sufficient.
Am I missing something else of significance?
Its up to you to decide whether or not the login module can be stacked with other login modules that may populate the shared state with a subject.