> From: André Warnier [mailto:[EMAIL PROTECTED]
> Subject: Re: HttpServletRequest.getUserPrincipal
>
> As for the 1.5 Java specs, there are indeed a couple of
> black holes in the "Principal" area.
I think you have to look at the security discussion in the spec in light of the
JAAS and related security documentation in the JRE (not in Tomcat).
Unfortunately, that doc is somewhat obtuse, so it takes some digging and
contemplation for a real understanding.
> I tried to follow the links between doc pages in that
> respect, but could never get a clear description of
> what a "Principal" really looks like.
Basically, a Principal is just a representation of a potentially
authenticatable entity - it may or may not be a person, may or may not have a
userid (think biometrics), but it does have a label ("name") associated with it
for display purposes. In Java terms, a Principal is an interface, so its
actual implementation in any given environment is whatever that environment
chooses to make it.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: [email protected]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
