where is setUserPrincipal() ?

[Bob Langford]

I've been looking at the various methods of doing access control, and
many of the messages I've seen (on this list and elsewhere) mention
doing something like:
hrequest.setUserPrincipal( new MyPrincipal(username) );

so that other code can call getUserPrincipal(), etc.

But there is no setUserPrincipal method on the HttpServletRequest,
as far as I (and my compiler) can see.  What's going on?  Am I supposed
to use some non-standard wrapper for the request?
Thanks for any help!

--
Bob Langford
Silicon Masters Consulting, Inc.8207 Stone River Court, Richmond, VA  23235
phone:  804-674-1253  fax:  804-745-7803 
http://www.silicon-masters.com/  



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: where is setUserPrincipal() ?

[Robert Hall]

In case you haven't already gotten to the bottom of this, here's a 
perspective;
afaik, HttpRequest.setUserPrincipal() is implemented by the container 
(ie - Tomcat).

From the docs:

public void *setUserPrincipal*(java.security.Principal principal)

  "Set the Principal who has been authenticated for this Request.
   This value is also used to calculate the value to be returned
   by the |getRemoteUser()| method."
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/catalina/docs/api/org/apache/catalina/HttpRequest.html

Robert

Bob Langford wrote:

I've been looking at the various methods of doing access control, and
many of the messages I've seen (on this list and elsewhere) mention
doing something like:
hrequest.setUserPrincipal( new MyPrincipal(username) );

so that other code can call getUserPrincipal(), etc.

But there is no setUserPrincipal method on the HttpServletRequest,
as far as I (and my compiler) can see.  What's going on?  Am I supposed
to use some non-standard wrapper for the request?
Thanks for any help!

--
Bob Langford
Silicon Masters Consulting, Inc.8207 Stone River Court, Richmond, 
VA  23235
phone:  804-674-1253  fax:  804-745-7803 
http://www.silicon-masters.com/ 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: where is setUserPrincipal() ?

[Shapira, Yoav]

Howdy,
HttpRequest is a tomcat-specific class, unlike HttpServletRequest.  I
know the names are similar, but be careful not to confuse them.

HttpServletRequest does not include setUserPrincipal in its interface.
You can use a custom HttpServletRequestWrapper in combination with a
filter to provide this functionality.  What most containers do in the
J2EE world, however, is connect the authentication/authorization
mechanisms (Realms in the tomcat implementation) such that they set the
user principal on a custom server implementation of the
HttpServletRequest interface.

Yoav Shapira
Millennium Research Informatics


>-Original Message-
>From: Robert Hall [mailto:[EMAIL PROTECTED]
>Sent: Monday, March 22, 2004 8:52 PM
>To: Tomcat Users List
>Subject: Re: where is setUserPrincipal() ?
>
>In case you haven't already gotten to the bottom of this, here's a
>perspective;
>afaik, HttpRequest.setUserPrincipal() is implemented by the container
>(ie - Tomcat).
>
> From the docs:
>
>public void *setUserPrincipal*(java.security.Principal principal)
>
>   "Set the Principal who has been authenticated for this Request.
>This value is also used to calculate the value to be returned
>by the |getRemoteUser()| method."
>
>http://jakarta.apache.org/tomcat/tomcat-4.0-
>doc/catalina/docs/api/org/apache/catalina/HttpRequest.html
>
>Robert
>
>Bob Langford wrote:
>
>> I've been looking at the various methods of doing access control, and
>> many of the messages I've seen (on this list and elsewhere) mention
>> doing something like:
>>
>> hrequest.setUserPrincipal( new MyPrincipal(username) );
>>
>> so that other code can call getUserPrincipal(), etc.
>>
>> But there is no setUserPrincipal method on the HttpServletRequest,
>> as far as I (and my compiler) can see.  What's going on?  Am I
supposed
>> to use some non-standard wrapper for the request?
>>
>> Thanks for any help!
>>
>> --
>> Bob Langford
>> Silicon Masters Consulting, Inc.8207 Stone River Court, Richmond,
>> VA  23235
>> phone:  804-674-1253  fax:  804-745-7803
>> http://www.silicon-masters.com/
>>
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>



This e-mail, including any attachments, is a confidential business communication, and 
may contain information that is confidential, proprietary and/or privileged.  This 
e-mail is intended only for the individual(s) to whom it is addressed, and may not be 
saved, copied, printed, disclosed or used by anyone else.  If you are not the(an) 
intended recipient, please immediately delete this e-mail from your computer system 
and notify the sender.  Thank you.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]