DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=12428>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=12428 request.getUserPrincipal(): Misinterpretation of specification? ------- Additional Comments From [EMAIL PROTECTED] 2004-06-15 18:21 ------- I've been reading again the servlet 2.3 specification, and, actually, i don't see in it anything that give the opposite position, ie always return the principal when one has been authenticated, when the requested url is protected or not. Further, Tomcat 4 behaves as expected (i mean, i expect), which is, i think, the 2.3 implementation. What about the 2.4 version, which is the base for the new Tomcat 5 ?... More, what about the 'isUserInRole' ? Does it follow the same rule ? How a simple menu page could take decision according to identity or roles of the authenticated user, and show or hide links for example, even if this page itself is not protected ? Thanks for your precisions. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
