DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=12428>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=12428 request.getUserPrincipal(): Misinterpretation of specification? [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | ------- Additional Comments From [EMAIL PROTECTED] 2004-09-06 23:19 ------- I truly think this is a wrong interpretation of the spec. From the JavaDoc of HttpServletRequest: "Returns a java.security.Principal object containing the name of the current authenticated user. If the user has not been authenticated, the method returns null." This clearly states that the getUserPrincipal()-method should only return null when the user has not been authenticated. There is no exception to this rule, as earlier comments would suggest. Clearly it would not be against the spec to always return the principal when authentication has been done wether or not the viewed resource is protected or not. This is clearly needed for many web-applications. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
