这两个似乎在做同样的事情。任何人都可以解释两者之间的主要区别是什么？当你使用一个相较于其他？

These two seem to be doing the same things. Can anyone explain the main difference between the two? When would you use one vs the other?

HttpServletRequest.getRemoteUser()

HttpServletRequest.getUserPrincipal().getName()

推荐答案

A 主要重presents人谁可以与您的应用程序可能会进行身份验证。校长的名称的取决于所使用的身份验证方法：

A Principal represents someone who could potentially authenticate with your application. The Principal's name depends on the authentication method used:

在一个用户名，如弗雷德（在HTTP基本身份验证的情况下） 在一个专有名称，例如CN =鲍勃，O = MYORG（在X.509客户端证书的情况下 - 在这种情况下，X500Principal可退还） a username such as "fred" (in the case of HTTP Basic authentication) a Distinguished Name such as "CN=bob,O=myorg" (in the case of X.509 client certificates - in which case a X500Principal may be returned)

getRemoteUser（）返回它在HTTP基本身份验证的情况下，也将是用户名用​​户登录;它不干净映射在X.509客户端证书的情况下，虽然，因为用户没有输入一个登录本身 - 在上面的例子中，我们可以使用专有名称或简称为CN，鲍勃。

getRemoteUser() returns "the login of the user" which, in the case of HTTP Basic authentication, will also be the username; it doesn't map cleanly in the X.509 client certificate case though, since the user doesn't enter a "login" as such - in the example above, we could use the Distinguished Name or simply the CN, "bob".

Javadoc中指出，无论是用户名发送与每个后续请求取决于浏览器和身份验证类型，这表明 getRemoteUser（）原本打算提供数据的仅对于其中一个用户名被输入请求的。然而，这将导致其返回空为广大的请求时，基于Cookie的身份验证是在使用中 - ！没有太大的帮助。

The Javadocs state that "whether the user name is sent with each subsequent request depends on the browser and type of authentication", suggesting that getRemoteUser() was originally meant to provide data only for requests in which a username was entered. This, however, would result in it returning null for the majority of requests when cookie-based auth is in use - not too helpful!

在现实中， getRemoteUser（）往往只是调用 getUserPrincipal（）的getName（）。在Tomcat中6和Jetty 6/7验证。

In reality, getRemoteUser() often just calls getUserPrincipal().getName(); verified in Tomcat 6 and Jetty 6/7.