getRemoteUser and getAuthType methods

The getRemoteUser and getAuthType methods are methods of the javax.servlet.http.HttpServletRequest interface. If the user has been authenticated, the getRemoteUser method returns the login of the user that makes the request. If the user is not authenticated, the getRemoteUser method returns null. The getAuthType method returns the name of the authentication scheme that is used to protect the servlet (for example, BASIC or SSL). If the servlet is not protected, the getAuthType method returns null.

For both methods, the data that is returned depends upon whether security is enabled in the application server where the servlet is deployed. The following possibilities exist:
  • If security is not enabled, a servlet is requested and it is configured with Web server protection. The getRemoteUser method returns the login and getAuthType method returns the authentication scheme.
  • If security is enabled and a servlet is requested, both methods return null when WebSphere® Application Server protection is not configured for the servlet.
  • If security is enabled, a servlet is requested, and the servlet is configured with WebSphere Application Server protection, then the getRemoteUser method returns the login and the getAuthType method returns the configured authentication scheme.
Attention: You can disable security at the application server level by overriding the administrative security setting. For more information, see Securing specific application servers.



Related tasks
Developing with programmatic security APIs for Web applications
Reference topic Reference topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Jun 11, 2013 8:40:09 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v701sca&product=was-nd-mp&topic=rsec_secgetru
File name: rsec_secgetru.html