ESAPI Authentication

Feature Overview
TODO

Possible Enhancements

 * Wrap Principal don't extend (a "principal" is an authenticated user in Java. Typically, a 'claimant' would be an unauthenticated user. User could be either authenticated or unauthenticated, depending on the context.)


 * Work to make compatible with container based authentication


 * Should work with more generic Credential type rather than assuming username / password. That would allow certificates, smart cards, and other more advanced means of authentication.


 * Provide a reauthentication API


 * consider mechanisms provided by vm to associate authentication state with the invocation (e.g. Java AccessControlContext including Subject)