tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 12428] - request.getUserPrincipal(): Misinterpretation of specification?
Date Mon, 06 Sep 2004 23:19:09 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=12428>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=12428

request.getUserPrincipal(): Misinterpretation of specification?

cho@cubitech.dk changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |



------- Additional Comments From cho@cubitech.dk  2004-09-06 23:19 -------
I truly think this is a wrong interpretation of the spec. From the JavaDoc of
HttpServletRequest:

"Returns a java.security.Principal object containing the name of the current
authenticated user. If the user has not been authenticated, the method returns
null."

This clearly states that the getUserPrincipal()-method should only return null
when the user has not been authenticated. There is no exception to this rule, as
earlier comments would suggest.

Clearly it would not be against the spec to always return the principal when
authentication has been done wether or not the viewed resource is protected or
not. This is clearly needed for many web-applications.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message