Hey, I had this same doubt once and somebody in another mailing list helped me with this:
>
>
> > Giselle,
> >
> > What you want is request.getUserPrincipal(). This will return a
> > java.security.Principal object. You can get the name by calling
> > getName() on that object.
> >
> > Unfortunately, you can't get the role or roles for the user. You have to
> > know the roles beforehand and then use request.isUserInRole to determine
> > wether they are or are not in a given role.
> >
> > -chris