opt/tomcat/tomcat-6/src/main/java/flex/messaging/security/TomcatValve.java [176:209]:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
            if (realm == null)
                return null;

            Principal principal = realm.authenticate(username, password);
            if (principal == null)
                return null;

            if (servletRequestMatches(servletRequest)) {
                request.setAuthType(AUTH_TYPE);
                request.setUserPrincipal(principal);

                Session session = getSession(request, true);

                // Cache the authentication information in our session.
                if (session != null) {
                    session.setAuthType(AUTH_TYPE);
                    session.setPrincipal(principal);

                    if (username != null)
                        session.setNote(Constants.SESS_USERNAME_NOTE, username);
                    else
                        session.removeNote(Constants.SESS_USERNAME_NOTE);

                    if (password != null)
                        session.setNote(Constants.SESS_PASSWORD_NOTE, password);
                    else
                        session.removeNote(Constants.SESS_PASSWORD_NOTE);
                }
            }

            return principal;
        }

        public boolean authorize(Principal principal, List roles) {
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



opt/tomcat/tomcat-7/src/main/java/flex/messaging/security/Tomcat7Valve.java [180:213]:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
            if (realm == null)
                return null;

            Principal principal = realm.authenticate(username, password);
            if (principal == null)
                return null;

            if (servletRequestMatches(servletRequest)) {
                request.setAuthType(AUTH_TYPE);
                request.setUserPrincipal(principal);

                Session session = getSession(request, true);

                // Cache the authentication information in our session.
                if (session != null) {
                    session.setAuthType(AUTH_TYPE);
                    session.setPrincipal(principal);

                    if (username != null)
                        session.setNote(Constants.SESS_USERNAME_NOTE, username);
                    else
                        session.removeNote(Constants.SESS_USERNAME_NOTE);

                    if (password != null)
                        session.setNote(Constants.SESS_PASSWORD_NOTE, password);
                    else
                        session.removeNote(Constants.SESS_PASSWORD_NOTE);
                }
            }

            return principal;
        }

        public boolean authorize(Principal principal, List roles) {
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -