[WFCORE-4496] Adding principal-transformer in aggregate-realm
Elytron currently has an aggregate security realm which is a combination of two or more realms: an authentication realm and one or more authorization realms. Currently, the principal undergoes transformations before being used to load the aggregate identity, but there is no way to transform the principal in between loading the authentication identity and loading the authorization identity. This would be needed in the case where the principal stored in the authentication realm is different than the principal stored in the authorization realm(s).
This enhancement would allow transformations to be applied to the principal after loading the authentication identity and before loading the authorization identity. The principal-transformer attribute will be added to aggregate-realm and would be a reference to a transformer defined in the mappers configuration. It will be an optional attribute.
It should be possible to configure an
with the optional attribute
which will define transformations to the principal after the authentication identity is obtained but before the authorization identity is obtained. This principal transformer will be a reference to a
that has been defined in the
configuration in the Elytron subsystem.
Subsystem parsing and transformer tests will be added. Tests will also be added to the Elytron testsuite and the Elytron subsystem tests to ensure that the principal is correctly transformed after authentication and before authorization.
Documentation will be added in the "Aggregate Security Realm" section under elytron/components in the WildFly documentation to indicate that a
principal transformer can be used between authentication and authorization for