edalquist/gist:1267964

## gistfile1.java
public class RemoteUserNexusSecureHttpAuthenticationFilter extends NexusSecureHttpAuthenticationFilter {

    /* (non-Javadoc)
     * @see org.apache.shiro.web.filter.authc.AuthenticatingFilter#createToken(java.lang.String, java.lang.String, javax.servlet.ServletRequest, javax.servlet.ServletResponse)
     */
    @Override
    protected AuthenticationToken createToken(String username, String password, ServletRequest request, ServletResponse response) {
        final HttpServletRequest httpServletRequest = (HttpServletRequest)request;

        final String remoteUser = httpServletRequest.getRemoteUser();
        if (remoteUser != null) {
            return new RemoteUserAuthenticationToken(remoteUser);
        }

        //Fall back to normal auth
        return super.createToken(username, password, request, response);
    }

}

public class RemoteUserAuthenticationToken implements AuthenticationToken {
    private final String remoteUser;

    public RemoteUserAuthenticationToken(String remoteUser) {
        this.remoteUser = remoteUser;
    }

    public String getRemoteUser() {
        return remoteUser;
    }

    /* (non-Javadoc)
     * @see org.apache.shiro.authc.AuthenticationToken#getPrincipal()
     */
    @Override
    public Object getPrincipal() {
        return getRemoteUser();
    }

    /* (non-Javadoc)
     * @see org.apache.shiro.authc.AuthenticationToken#getCredentials()
     */
    @Override
    public Object getCredentials() {
        // RemoteUser auth never has credentials
        return null;
    }

}
	public class RemoteUserNexusSecureHttpAuthenticationFilter extends NexusSecureHttpAuthenticationFilter {

	/* (non-Javadoc)
	* @see org.apache.shiro.web.filter.authc.AuthenticatingFilter#createToken(java.lang.String, java.lang.String, javax.servlet.ServletRequest, javax.servlet.ServletResponse)
	*/
	@Override
	protected AuthenticationToken createToken(String username, String password, ServletRequest request, ServletResponse response) {
	final HttpServletRequest httpServletRequest = (HttpServletRequest)request;

	final String remoteUser = httpServletRequest.getRemoteUser();
	if (remoteUser != null) {
	return new RemoteUserAuthenticationToken(remoteUser);
	}

	//Fall back to normal auth
	return super.createToken(username, password, request, response);
	}

	}

	public class RemoteUserAuthenticationToken implements AuthenticationToken {
	private final String remoteUser;

	public RemoteUserAuthenticationToken(String remoteUser) {
	this.remoteUser = remoteUser;
	}

	public String getRemoteUser() {
	return remoteUser;
	}

	/* (non-Javadoc)
	* @see org.apache.shiro.authc.AuthenticationToken#getPrincipal()
	*/
	@Override
	public Object getPrincipal() {
	return getRemoteUser();
	}

	/* (non-Javadoc)
	* @see org.apache.shiro.authc.AuthenticationToken#getCredentials()
	*/
	@Override
	public Object getCredentials() {
	// RemoteUser auth never has credentials
	return null;
	}

	}