John de la Garza wrote:
> Can someone tell me what the difference is between remote user and principal
> name is?
>
> For example at: http://127.0.0.1/examples/jsp/security/protected/index.jsp
>
> I see:
>
> You are logged in as remote user johnd
>
> Your user principal name is johnd
It depends on how your servlet container implements security. For Tomcat, the
following rules apply:
* For BASIC, DIGEST, or FORM-BASED authentication,
using the default SimpleRealm (i.e. the names and roles
in the tomcat-users.xml file), Tomcat constructs a very
simple java.security.Principal implementation, using the
authenticated username as the name, and returns it
to you.
* For CLIENT-CERT authentication (Tomcat 4.0 only), this
will be the java.security.Principal object from the first
certificate in the client certificate chain that was submitted
by the client.
* If you define your own custom authenticator Realm
implementation, the returned Principal can be some
environment-specific object (implements java.security.Principal)
containing other security related information relevant to your
environment.
Craig McClanahan
