A user is an entity with a user name. That's all you know about them unless
you have more info stored locally. A Principal is an object that contains a
name as a minimum, but also contains other data that varies depending on
what type of security system is used.
>From the docs:
getRemoteUser()
Returns the login of the user making this request, if the user has
been authenticated, or null if the user has not been authenticated.
getUserPrincipal()
Returns a java.security.Principal object containing the name of
the current authenticated user.
public interface Principal
This interface represents the abstract notion of a principal, which can be
used to represent any entity, such as an individual, a corporation, and a
login id.
See Also:
X509Certificate
----- Original Message -----
From: "Michael Echerer" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, December 16, 2002 5:20 PM
Subject: Re: Retrieve User - Realm
> >
> > More specifically, he may be looking for:
> >
> > request.getUserPrincipal().getName(), which returns the
> > actual user name.
> >
> > I believe that request.getRemoteUser() only returns the
> > username if the
> > user is authenticated using BASIC authentication.
>
> Actually not true, although I don't say I got the whole difference between
Principal and RemoteUser in practical terms. What is it? ;-)
>
> request.getRemoteUser() also works with form based authentication as it
mimics basic auth.
> Have a look for tomcat's examples app under jsp/security/protected.
> Both methods show the same user name and it is also stored in the realm
like basic auth does as you can see if you have a look after login using the
examples' snoop.jsp.
>
>
>
>
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>
>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
