Bug 57706 - Documentation for tomcatAuthentication too vague: confusion over authentication and authorization
Summary: Documentation for tomcatAuthentication too vague: confusion over authenticati...
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 6
Classification: Unclassified
Component: Documentation (show other bugs)
Version: 6.0.43
Hardware: PC Mac OS X 10.1
: P2 normal (vote)
Target Milestone: default
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-03-14 17:29 UTC by Graham Leggett
Modified: 2015-03-18 21:46 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Graham Leggett 2015-03-14 17:29:55 UTC
At http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html the documentation for tomcatAuthentication states as follows:

"If set to true, the authentication will be done in Tomcat. Otherwise, the authenticated principal will be propagated from the native webserver and used for authorization in Tomcat. The default value is true."

This documentation is incorrect, it should instead read as follows:

"If set to true, authentication and authorization will be done in Tomcat. Otherwise, the authenticated principal will be propagated from the native webserver and used for authentication in Tomcat, while all role memberships will be considered false. The default value is true."
Comment 1 Mark Thomas 2015-03-18 21:39:27 UTC
With the implementation of tomcatAuthorization this only applied to 6.0.x now.
Comment 2 Mark Thomas 2015-03-18 21:46:08 UTC
Fixed in 6.0.x for 6.0.44 onwards.