Just to clarify, "logged in" means that the user has logged into the webapp's
J2EE standard security system. A LAN login, such as a Windows login, only counts if the webapp server has been configured to hook into Windows LAN security.
Likewise, if you write your own login system or use one the the samples that too many books on J2EE provide, the getRemoteUser() method will just return null. You have to actually use the J2EE standard.
The secret of how to be miserable is to constantly expect things are going to happen the way that they are "supposed" to happen.
You can have faith, which carries the understanding that you may be disappointed. Then there's being a willfully-blind idiot, which virtually guarantees it.