Dave Ford wrote:
> What is the difference between request.getRemoteUser() and
> request.getUserPrincipal().getName() ? They appear to return the same thing
> all the time? What are some examples of where you would use the Principal in
> a servlet?
>
getRemoteUser() returns the username under which this user logged in. This call
has been around since the beginning of the servlet API.
getUserPrincipal() returns an object of type java.security.Principal, and was
added in the 2.2 API. A Principal has a name that can be retrieved (for Tomcat
4.0 at least, that's what getRemoteUser() uses to get the value it returns).
But a Principal can, depending on the security environment of the server you are
running in, contain lots of other stuff (like X509 certificates) that can be
used to verify the identity of the user in ways stronger than username/password.
The details of what kind of Principal object is returned are specific to the
servlet container you are running in. If you are using container managed
security, you probably don't really care which call to use, unless your
application depends on some insider knowledge of how Principals are implemented.
>
> Thanks,
>
> Dave
>
Craig McClanahan
====================
See you at ApacheCon Europe <http://www.apachecon.com>!
Session VS01 (23-Oct 13h00-17h00): Sun Technical Briefing
Session T06 (24-Oct 14h00-15h00): Migrating Apache JServ
Applications to Tomcat
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
