Hi all, I'm having a hard time understanding the differences between ClientInfo.getPrincipals() and getUser() and when to use which method.
I'm trying to get hold of the username in a ServerResource and figured I should use one of these methods. When using a ChallengeAuthenticator from the restlet package, the username is (only) available via getUser(). But when running inside Tomcat and relying on a servlet security-constraint, the username is only available via the getPrincipals() method. I'm using on HTTP Basic authentication in both cases. Looking through the ServerServlet's code, it seems that the user principals are copied from the incoming HttpServletRequest. HttpServletRequest.getRemoveUser() is never called though. Is this is bug in the connector? Any insights in this subject are highly appreciated! -- Arjohn ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2435769
