Method A:
HttpServletRequest request = .... // get HttpServletRequest
request.getAuthType() // http or https
request.getRemoteUser() // the user principal (in string)
request.getUserPrincipal() // get a Principal object
request.isUserInRole(String)
*Method B: (Recomended) *
- Not tied to Servlet spec
- Help in unit testing
Have the action implements PrincipalAware and add 'servlet-config' interceptor to it. a PrincipalProxy object will be set to method setPrincipalProxy(PrincipalProxy). With PrincipalProxy, one could have access to methods such as isUserInRole(), getUserPrincipal(), getRemoteUser(), isRequestSecure() etc.
@see com.opensymphony.webwork.interceptor.PrincipalProxy
@see com.opensymphony.webwork.interceptor.PrincipalAware
@see com.opensymphony.webwork.interceptor.ServletConfigInterceptor