Populate JAAS Subject From Client Provider
The Populate JAAS Subject From Client provider requires that a user be successfully authenticated, it does not depend on the authenticated principal name. Once a user is authenticated by another provider, Populate JAAS Subject From Client adds the configured HTTP header and cookie values from the client request as credentials and principals into the authenticated JAAS subject.
Since other login modules may depend on the principals that the Populate JAAS Subject From Client provider adds, it is always called first in a stack of providers.
Principals identify who the user is; roles determine the permissions the user may have; credentials provide single sign-on material for back-end systems.
This provider copies request values, and makes them available downstream in the authentication process; it always fails authentication because it does not validate user credentials.