Craig R. McClanahan wrote: > > On Tue, 2 Apr 2002, Phase Web and Multimedia wrote: > >>I will be providing mechanisms equal to the isUserInRole(), getRemoteUser(), >>and getUserPrincipal(). But these objects will be context-session specific > > Faking the values returned by these methods is pretty easy in a Servlet > 2.3 environment, where you can create a request wrapper. That would be > sufficient for dealing with what Struts-ish things like tiles needs.
I feel that isUserInRole() & getRemoteUser() is inferior to anything provided by principals, but the servlet spec only defined getUserPrincipal(), not getRolePrincipals(), or even better getSubject(). I was hoping that JSR-115 (http://java.sun.com/j2ee/javaacc/index.html) would clarify the principal-to-role mapping for servlet containers (It kind of advertices that it does), but instead it chooses not to touch the issue (sec B6). Craig, since you seems to have such inside knowledge of these things, can you elaborate a bit on what will happen to the servlet spec with regards to this? Will there be a standard for Realms (in the Tomcat sense)? Will there be the possibility to get the logged in user as a JAAS style Subject in servlets in a portable manner? -- -Torgeir -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
