Programmatic security is used by security aware applications when declarative security alone is not sufficient to express the security model of the application. Programmatic security consists of the following methods of the HttpServletRequest interface:
The getRemoteUser method returns the user name that the client authenticated with. The isUserInRole queries the underlying security mechanism of the container to determine if a particular user is in a given security role. The getUserPrincipal method returns a java.security.Principal object. These APIs allow servlets to make business logic decisions based on the logical role of the remote user. They also allow the servlet to determine the principal name of the current user. If getRemoteUser returns null (which means that no user has been authenticated), the isUserInRole method will always return false , and the getUserPrincipal will always return null . |