> > More specifically, he may be looking for: > > request.getUserPrincipal().getName(), which returns the > actual user name. > > I believe that request.getRemoteUser() only returns the > username if the > user is authenticated using BASIC authentication.
Actually not true, although I don't say I got the whole difference between Principal and RemoteUser in practical terms. What is it? ;-) request.getRemoteUser() also works with form based authentication as it mimics basic auth. Have a look for tomcat's examples app under jsp/security/protected. Both methods show the same user name and it is also stored in the realm like basic auth does as you can see if you have a look after login using the examples' snoop.jsp. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
