tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <>
Subject Re: of the different methods to get a user-id
Date Thu, 12 Feb 2009 14:34:36 GMT
Personally -

I would expect
request.getRemoteUser() == request.getUserPrincipal().getName()

But there no literature which says that must be so. So in that absence 
of that - you'll probably need a RemoteUserHackFilter to unify the 
various behaviors and then you standardize on one model and 
RemoteUserHackFilter would adapt to that.


André Warnier wrote:
> Hi.
> I am currently testing/comparing two user authentication methods for 
> webapps, in a Windows NTLM context.
> Despite my abysmal lack of knowledge in matters Java and Tomcat, I 
> notice a difference between the two, and I would like to ask here if it 
> matters, and if yes how.
> Both authentication methods work as servlet filters. One is/was the 
> jCIFS HTTP NTLM filter, the other a commercial product which would 
> replace it for NTLMv2. I have asked the same question to the developer 
> of both but I'm asking again here, to get a confirmation or additional 
> observations.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message