Principal returns the object implementing the Principal interface, where request.getRemoteUser is a CGI compatibility call. I know there have been instances when getRemoteUser did not work as expected for me (I thought it was with BASIC authentication but that must not be the case). Hence, I believe that using the Principal object is the recommended way to go.
Gary
Michael Echerer wrote:
More specifically, he may be looking for:Actually not true, although I don't say I got the whole difference between Principal and RemoteUser in practical terms. What is it? ;-)
request.getUserPrincipal().getName(), which returns the actual user name.
I believe that request.getRemoteUser() only returns the username if the user is authenticated using BASIC authentication.
request.getRemoteUser() also works with form based authentication as it mimics basic auth.
Have a look for tomcat's examples app under jsp/security/protected. Both methods show the same user name and it is also stored in the realm like basic auth does as you can see if you have a look after login using the examples' snoop.jsp.
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
-- Gary Gwin http://www.cafesoft.com
***************************************************************** * * * The Cafesoft Access Management System, Cams, is security * * software that provides single sign-on authentication and * * centralized access control for Apache, Tomcat, and custom * * resources. * * * ***************************************************************** -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>