Howdy, HttpRequest is a tomcat-specific class, unlike HttpServletRequest. I know the names are similar, but be careful not to confuse them.
HttpServletRequest does not include setUserPrincipal in its interface. You can use a custom HttpServletRequestWrapper in combination with a filter to provide this functionality. What most containers do in the J2EE world, however, is connect the authentication/authorization mechanisms (Realms in the tomcat implementation) such that they set the user principal on a custom server implementation of the HttpServletRequest interface. Yoav Shapira Millennium Research Informatics >-----Original Message----- >From: Robert Hall [mailto:[EMAIL PROTECTED] >Sent: Monday, March 22, 2004 8:52 PM >To: Tomcat Users List >Subject: Re: where is setUserPrincipal() ? > >In case you haven't already gotten to the bottom of this, here's a >perspective; >afaik, HttpRequest.setUserPrincipal() is implemented by the container >(ie - Tomcat). > > From the docs: > >public void *setUserPrincipal*(java.security.Principal principal) > > "Set the Principal who has been authenticated for this Request. > This value is also used to calculate the value to be returned > by the |getRemoteUser()| method." > >http://jakarta.apache.org/tomcat/tomcat-4.0- >doc/catalina/docs/api/org/apache/catalina/HttpRequest.html > >Robert > >Bob Langford wrote: > >> I've been looking at the various methods of doing access control, and >> many of the messages I've seen (on this list and elsewhere) mention >> doing something like: >> >> hrequest.setUserPrincipal( new MyPrincipal(username) ); >> >> so that other code can call getUserPrincipal(), etc. >> >> But there is no setUserPrincipal method on the HttpServletRequest, >> as far as I (and my compiler) can see. What's going on? Am I supposed >> to use some non-standard wrapper for the request? >> >> Thanks for any help! >> >> -- >> Bob Langford >> Silicon Masters Consulting, Inc. 8207 Stone River Court, Richmond, >> VA 23235 >> phone: 804-674-1253 fax: 804-745-7803 >> http://www.silicon-masters.com/ >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
