Caldarale, Charles R wrote:
From: André Warnier [mailto:[EMAIL PROTECTED]
Subject: HttpServletRequest.getUserPrincipal
To get the authenticated user-id from within a filter or a
servlet, one calls HttpServletRequest.getUserPrincipal.getName()
or HttpServletRequest.getRemoteUser()
Are these *really* equivalent ?
The 1.5 specs for HttpServletRequest.getRemoteUser say :
Returns the login of the user making this request, if the user has been
authenticated, or null if the user has not been authenticated. Whether
the user name is sent with each subsequent request depends on the
browser and type of authentication. Same as the value of the CGI
variable REMOTE_USER.
It is the association with the CGI variable and with the browser sending
or not a header that makes me have a doubt. This CGI variable is
usually set as per the HTTP Header "Authorization", which is only
present in case of Basic or Digest authentication.
In the case of a Windows-based authentication, or a form-based
authentication, this HTTP header would not be sent by the browser.
Another way to phrase my question would be : is getRemoteUser() merely a
shortcut, under which happens a getUserPrincipal.getName(), or do those
two use a different underlying source to provide a user name ?
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
