[ https://issues.jboss.org/browse/TEIID-3380?page=com.atlassian.jira.plugin... ] Steven Hawkins commented on TEIID-3380: --------------------------------------- I think we could go further to: {code} public abstract class SecurityHelper { public abstract Object associateSecurityContext(Object context); public abstract void clearSecurityContext(); public abstract Object getSecurityContext(); public abstract Subject getSubjectInContext(Object securityContext, String securityDomain); public abstract Object authenticate(String securityDomain, String userName, String baseUserName, Credentials credentials, String applicationName) throws LoginException; public abstract GSSResult neogitiateGssLogin(String securityDomain, byte[] serviceTicket) throws LoginException; public boolean sameSubject(String securityDomain, Object context, Subject subject) { ... {code} Such that there are just 6 methods that need to be implemented. Alternatively we could leave it as an interface and move the sameSubject method off. Either way it can be rewritten to just use other methods already on the SecurityHelper. Also we could just remove the use of the TeiidLoginContext and move the GSSResult into the org.teiid.security package. Also we seem to have issues with the old \@domain login logic in that the login name that we pass to the full username in the Principle for authentication, when it should just the base username - and we should be escaping the username that is put in the session. Let me know if you are ok with changes like this. -- This message was sent by Atlassian JIRA (v6.3.11#6341)