tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject Re: formbased security
Date Wed, 06 Dec 2000 02:37:36 GMT
John de la Garza wrote:

> Can someone tell me what the difference is between remote user and principal
> name is?
> For example at:
> I see:
> You are logged in as remote user johnd
> Your user principal name is johnd

It depends on how your servlet container implements security.  For Tomcat, the
following rules apply:

* For BASIC, DIGEST, or FORM-BASED authentication,
  using the default SimpleRealm (i.e. the names and roles
  in the tomcat-users.xml file), Tomcat constructs a very
  simple implementation, using the
  authenticated username as the name, and returns it
  to you.

* For CLIENT-CERT authentication (Tomcat 4.0 only), this
  will be the object from the first
  certificate in the client certificate chain that was submitted
  by the client.

* If you define your own custom authenticator Realm
  implementation, the returned Principal can be some
  environment-specific object (implements
  containing other security related information relevant to your

Craig McClanahan

View raw message