tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Fincher" <>
Subject Re: Retrieve User - Realm
Date Tue, 17 Dec 2002 00:02:42 GMT
A user is an entity with a user name.  That's all you know about them unless
you have more info stored locally. A Principal is an object that contains a
name as a minimum, but also contains other data that varies depending on
what type of security system is used.

>From the docs:

          Returns the login of the user making this request, if the user has
been authenticated, or null if the user has not been authenticated.

          Returns a object containing the name of
the current authenticated user.

  public interface Principal
This interface represents the abstract notion of a principal, which can be
used to represent any entity, such as an individual, a corporation, and a
login id.

  See Also:

----- Original Message -----
From: "Michael Echerer" <mech@RZ.FH-Augsburg.DE>
To: <>
Sent: Monday, December 16, 2002 5:20 PM
Subject: Re: Retrieve User - Realm

> >
> > More specifically, he may be looking for:
> >
> > request.getUserPrincipal().getName(), which returns the
> > actual user name.
> >
> > I believe that request.getRemoteUser() only returns the
> > username if the
> > user is authenticated using BASIC authentication.
> Actually not true, although I don't say I got the whole difference between
Principal and RemoteUser in practical terms. What is it? ;-)
> request.getRemoteUser() also works with form based authentication as it
mimics basic auth.
> Have a look for tomcat's examples app under jsp/security/protected.
> Both methods show the same user name and it is also stored in the realm
like basic auth does as you can see if you have a look after login using the
examples' snoop.jsp.
> --
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message