RE: of the different methods to get a user-id
> From: André Warnier [mailto:a...@ice-sa.com] > Subject: Re: of the different methods to get a user-id > > > I would expect > > request.getRemoteUser() == request.getUserPrincipal().getName() > > But there no literature which says that must be so. > > And the reality shows it isn't. > So somehow there must be two distinct underlying "thingies" in Tomcat > where the two different answers are coming from. As Pid surmised, it's not Tomcat that is giving you different answers. Here's Tomcat's implementation of HttpServletRequest.getRemoteUser(): public String getRemoteUser() { if (userPrincipal != null) { return (userPrincipal.getName()); } else { return (null); } } [Aside: Don't know why people think return statements need parentheses; maybe they get paid for programming based on the number of characters used.] - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: of the different methods to get a user-id
André Warnier wrote: > Tim Funk wrote: >> Personally - >> >> I would expect >> request.getRemoteUser() == request.getUserPrincipal().getName() >> >> But there no literature which says that must be so. > > And the reality shows it isn't. > So somehow there must be two distinct underlying "thingies" in Tomcat > where the two different answers are coming from. The Tomcat source code would be a reasonable place to look and see what Tomcat does, but if a Filter is operating on the request, it may be replacing it with a Servlet[Response/Request]Wrapper that only overrides one of the two method return values. p > So in that absence >> of that - you'll probably need a RemoteUserHackFilter to unify the >> various behaviors and then you standardize on one model and >> RemoteUserHackFilter would adapt to that. >> > What worries me is not so much my own code, which I can indeed adapt. > What worries me more is other webapps which I do not write. > > Somehow it seems to me that there is some inconsistency there. It seems > to me that a webapp should have one source it should be able to rely on > for a user-id, and not have to hack, no ? > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: of the different methods to get a user-id
Tim Funk wrote: Personally - I would expect request.getRemoteUser() == request.getUserPrincipal().getName() But there no literature which says that must be so. And the reality shows it isn't. So somehow there must be two distinct underlying "thingies" in Tomcat where the two different answers are coming from. So in that absence of that - you'll probably need a RemoteUserHackFilter to unify the various behaviors and then you standardize on one model and RemoteUserHackFilter would adapt to that. What worries me is not so much my own code, which I can indeed adapt. What worries me more is other webapps which I do not write. Somehow it seems to me that there is some inconsistency there. It seems to me that a webapp should have one source it should be able to rely on for a user-id, and not have to hack, no ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: of the different methods to get a user-id
Personally - I would expect request.getRemoteUser() == request.getUserPrincipal().getName() But there no literature which says that must be so. So in that absence of that - you'll probably need a RemoteUserHackFilter to unify the various behaviors and then you standardize on one model and RemoteUserHackFilter would adapt to that. -Tim André Warnier wrote: Hi. I am currently testing/comparing two user authentication methods for webapps, in a Windows NTLM context. Despite my abysmal lack of knowledge in matters Java and Tomcat, I notice a difference between the two, and I would like to ask here if it matters, and if yes how. Both authentication methods work as servlet filters. One is/was the jCIFS HTTP NTLM filter, the other a commercial product which would replace it for NTLMv2. I have asked the same question to the developer of both but I'm asking again here, to get a confirmation or additional observations. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org