Hi again,
in the various realm implementations we generate our own
GenericPrincipal nearly always using the user name supplied by the
authenticate() call. In the JAAS case there could be implementations
which provide their own "real" user names in the userPrincipal they
return. We do make the userPrincipal available in our GenericPrincipal
but I wonder whether it would be nicer to set the name in the
GenericPrincipal the the name from the userPrincipal if a userPrincipal
was found and it's name is not null or empty.
We noticed the situation when looking at the session list in Tomcat
manager. In our case the user name in authenticate() is empty (and
retrieved via a different mechanism) but the JAAS realm gets a usable
userPrincipal back which would contain the real user name. So this is
not about how an application can access that name, it is more about what
Tomcat provides as the user name (including the session list in manager).
Note that getRemoteUser() also returns the name from the GenericPrincipal.
Would such a change make sense in the JAAS realm, maybe only optionally?
Can we think of other realm, that might want to change the user name? I
have no immediate candidates except JAAS.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
