Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 22569 invoked from network); 17 Nov 2008 19:31:30 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 17 Nov 2008 19:31:30 -0000 Received: (qmail 29156 invoked by uid 500); 17 Nov 2008 19:31:26 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 29133 invoked by uid 500); 17 Nov 2008 19:31:26 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 29122 invoked by uid 99); 17 Nov 2008 19:31:26 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Nov 2008 11:31:26 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [212.85.38.174] (HELO popeye.combios.es) (212.85.38.174) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Nov 2008 19:30:04 +0000 Received: from [192.168.245.129] (p549EA70D.dip0.t-ipconnect.de [84.158.167.13]) (authenticated bits=0) by popeye.combios.es (8.13.8/8.13.8/Debian-3) with ESMTP id mAHJUVSb031507 for ; Mon, 17 Nov 2008 20:30:31 +0100 Message-ID: <4921C5B7.9070100@ice-sa.com> Date: Mon, 17 Nov 2008 20:27:51 +0100 From: =?ISO-8859-1?Q?Andr=E9_Warnier?= User-Agent: Thunderbird 2.0.0.16 (Windows/20080708) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: HttpServletRequest.getUserPrincipal References: <49218B2E.3080206@ice-sa.com> <0AAE5AB84B013E45A7B61CB66943C17215A3942802@USEA-EXCH7.na.uis.unisys.com> In-Reply-To: <0AAE5AB84B013E45A7B61CB66943C17215A3942802@USEA-EXCH7.na.uis.unisys.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on popeye.combios.es X-Virus-Scanned: ClamAV 0.92.1/8637/Sat Nov 15 22:56:47 2008 on popeye.combios.es X-Virus-Status: Clean X-Virus-Checked: Checked by ClamAV on apache.org X-Old-Spam-Status: No, score=-97.7 required=2.5 tests=DNS_FROM_SECURITYSAGE, RCVD_IN_PBL,RCVD_IN_SORBS_DUL,USER_IN_WHITELIST autolearn=no version=3.2.3 Caldarale, Charles R wrote: >> From: Andr� Warnier [mailto:aw@ice-sa.com] >> Subject: HttpServletRequest.getUserPrincipal >> >> To get the authenticated user-id from within a filter or a >> servlet, one calls HttpServletRequest.getUserPrincipal.getName() > > or HttpServletRequest.getRemoteUser() > Are these *really* equivalent ? The 1.5 specs for HttpServletRequest.getRemoteUser say : Returns the login of the user making this request, if the user has been authenticated, or null if the user has not been authenticated. Whether the user name is sent with each subsequent request depends on the browser and type of authentication. Same as the value of the CGI variable REMOTE_USER. It is the association with the CGI variable and with the browser sending or not a header that makes me have a doubt. This CGI variable is usually set as per the HTTP Header "Authorization", which is only present in case of Basic or Digest authentication. In the case of a Windows-based authentication, or a form-based authentication, this HTTP header would not be sent by the browser. Another way to phrase my question would be : is getRemoteUser() merely a shortcut, under which happens a getUserPrincipal.getName(), or do those two use a different underlying source to provide a user name ? --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org