The Authenticator is a plugable interface:

package ...

public abstract class Authenticator {

    public boolean Login(String username, String password, HttpServletRequest request){
        Wiki wiki = ...;
        WikiUserPrincipal user = getWikiUserPrincipal(username,password,wiki);
        if ( user == null)
            return false;
            request.getSession.setAttribute("user", user);

    * This method is responsible for controlling the username and password against 
    * some persistently saved mapping of these. The method returns a WikiUserPrincipal if 
    * the user can log in else null is returned (Maybe an exception or error should be thrown instead).
    protected abstract WikiUserPrincipal getWikiUserPrincipal(String username, String password, WikiEngine wiki);