Getting the user from the http request no longer working

We have some code that we add as a jar to our Confluence (and JIRA) installs that is in the web.xml and runs as a tomcat filter. This code wraps all calls so that we can get the user, which hosts, the URL (action), and once whatever the user chose to do finishes the duration so we can track who is using JIRA, when, what actions, and if there performance is getting better or worse.

We were using request.getRemoteUser() for the last 4 years in Confluence 5 up until Confluence 6.2.3.
We are finding that the user is no longer on the request and the only way we can find the user is via session attributes and pull it off

session.getAttribute(“seraph_defaultauthenticator_user”).toString() returns:
ConfluenceUserPrincipal{userKey=XXXXXXXXXXXXXXX, username=YYYYYYYYY}

Is this the only/correct way to get the user? Is JIRA development moving this way too?

I would think you would use SAL - The UserManager class and getRemoteUser(HttpRequest request) method, I would think, should suit you well.

Within Jira alone, I typically ask JiraAuthenticationContext for getLoggedInUser().