Method A:
HttpServletRequest request = .... // get HttpServletRequest request.getAuthType() // http or https request.getRemoteUser() // the user principal (in string) request.getUserPrincipal() // get a Principal object request.isUserInRole(String)
Method B: (Recommended)
- Not tied to Servlet spec
- Help in unit testing
Have the action implements PrincipalAware and add 'servlet-config' interceptor to it. a PrincipalProxy object will be set to method setPrincipalProxy(PrincipalProxy). With PrincipalProxy, one could have access to methods such as isUserInRole(), getUserPrincipal(), getRemoteUser(), isRequestSecure() etc.
@see com.opensymphony.webwork.interceptor.PrincipalProxy
@see com.opensymphony.webwork.interceptor.PrincipalAware
@see com.opensymphony.webwork.interceptor.ServletConfigInterceptor