tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: of the different methods to get a user-id
Date Thu, 12 Feb 2009 16:32:33 GMT
André Warnier wrote:
> Tim Funk wrote:
>> Personally -
>> I would expect
>> request.getRemoteUser() == request.getUserPrincipal().getName()
>> But there no literature which says that must be so. 
> And the reality shows it isn't.
> So somehow there must be two distinct underlying "thingies" in Tomcat
> where the two different answers are coming from.

The Tomcat source code would be a reasonable place to look and see what
Tomcat does, but if a Filter is operating on the request, it may be
replacing it with a Servlet[Response/Request]Wrapper that only overrides
one of the two method return values.


> So in that absence
>> of that - you'll probably need a RemoteUserHackFilter to unify the
>> various behaviors and then you standardize on one model and
>> RemoteUserHackFilter would adapt to that.
> What worries me is not so much my own code, which I can indeed adapt.
> What worries me more is other webapps which I do not write.
> Somehow it seems to me that there is some inconsistency there.  It seems
> to me that a webapp should have one source it should be able to rely on
> for a user-id, and not have to hack, no ?
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message