On Mon, 10 Feb 2003, Erik Price wrote:
> Date: Mon, 10 Feb 2003 11:17:31 -0500 > From: Erik Price <[EMAIL PROTECTED]> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: Tomcat Users List <[EMAIL PROTECTED]> > Subject: Re: Valve Access to Principal > > > > Craig R. McClanahan wrote: > > > > Tomcat 5 has integrated support for JSR 115, but that's for authorization, > > not authentication. > > Oh no, there's a difference? Is there an explanatory document somewhere > that I missed? > Authentication == who are you? In servlet API terms: getRemoteUser() and getUserPrincipal(), and login methods. Authorization == what can you do? In servlet API terms: isUserInRole() and role-based security constraints. > > Erik > Craig --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
