According to servlet spec, the only way to tell if a request has been authenticated is request.getUserPrincipal() returning a non-null Prinicpal object. Is it possible to obtain such an object from the current HttpSession instead? Or, I should say is there any facility provided by Tomcat to copy the Principal from request into the session. It is more natural to associate the user principal with its session. For example, an administration servlet having a reference to a session object can enquire the principal attribute to determine whom the session belong to.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]