Use getRemoteUser() and getAuthType() methods

The getRemoteUser() and getAuthType() methods are methods of the HttpServletRequest interface (javax.servlet.http.HttpServletRequest). If the user has been authenticated, the getRemoteUser() method returns the login of the user making the request. If the user has not been authenticated, the getRemoteUser() method returns null. The getAuthType() method returns the name of the authentication scheme used to protect the servlet (for example, BASIC or SSL) or, if the servlet is not protected, the getAuthType() method returns null.

For both methods, the data returned depends on whether security is enabled in the application server where the servlet is deployed:

• If security is not enabled, a servlet is requested, and the servlet is configured with Web server protection, then the getRemoteUser() method returns the login, and getAuthType() returns the authentication scheme.
• If security is enabled and a servlet is requested, both methods return null when WebSphere protection is not configured for the servlet.
• If security is enabled, a servlet is requested, and the servlet is configured with WebSphere protection, then the getRemoteUser() method returns the login, and the getAuthType() method returns the configured authentication scheme.

Note: Security can be disabled at the application server level (Network Deployment product only) by overriding the global security setting. See Configure server security for more information.