Personally -
I would expect
request.getRemoteUser() == request.getUserPrincipal().getName()
But there no literature which says that must be so. So in that absence
of that - you'll probably need a RemoteUserHackFilter to unify the
various behaviors and then you standardize on one model and
RemoteUserHackFilter would adapt to that.
-Tim
André Warnier wrote:
Hi.
I am currently testing/comparing two user authentication methods for
webapps, in a Windows NTLM context.
Despite my abysmal lack of knowledge in matters Java and Tomcat, I
notice a difference between the two, and I would like to ask here if it
matters, and if yes how.
Both authentication methods work as servlet filters. One is/was the
jCIFS HTTP NTLM filter, the other a commercial product which would
replace it for NTLMv2. I have asked the same question to the developer
of both but I'm asking again here, to get a confirmation or additional
observations.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
