> From: André Warnier [mailto:[EMAIL PROTECTED] > Subject: HttpServletRequest.getUserPrincipal > > To get the authenticated user-id from within a filter or a > servlet, one calls HttpServletRequest.getUserPrincipal.getName()
or HttpServletRequest.getRemoteUser() > But where and more mysteriously how, does this Principal get set ? > I cannot find any setUserPrincipal() anywhere. That's the responsibility of the servlet container, not any webapp code. The appropriate Realm does the authentication, driven by (in Tomcat) an authenticator class such as BasicAuthenticator, FormAuthenticator, or SSLAuthenticator. These authenticators are subclasses of AuthenticatorBase, which includes a register() method that does the actual setUserPrincipal() call to StandardSession. The register() method is called when the Realm validates the authentication. Other servlet containers will have similar implementations, but not necessarily the same class names. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]