Lines 8-13
Link Here
|
8 |
|
8 |
|
9 |
<properties> |
9 |
<properties> |
10 |
<author email="craigmcc@apache.org">Craig R. McClanahan</author> |
10 |
<author email="craigmcc@apache.org">Craig R. McClanahan</author> |
|
|
11 |
<author email="arjaquith@mindspring.com">Andrew R. Jaquith</author> |
11 |
<title>Realm Configuration HOW-TO</title> |
12 |
<title>Realm Configuration HOW-TO</title> |
12 |
</properties> |
13 |
</properties> |
13 |
|
14 |
|
Lines 1221-1232
Link Here
|
1221 |
JAAS Authentication Tutorial</a> and |
1222 |
JAAS Authentication Tutorial</a> and |
1222 |
<a href="http://java.sun.com/j2se/1.4.1/docs/guide/security/jaas/JAASLMDevGuide.html">the JAAS Login Module |
1223 |
<a href="http://java.sun.com/j2se/1.4.1/docs/guide/security/jaas/JAASLMDevGuide.html">the JAAS Login Module |
1223 |
Developer's Guide</a>) to be managed by the JAAS Login |
1224 |
Developer's Guide</a>) to be managed by the JAAS Login |
1224 |
Context (<code>javax.security.auth.login.LoginContext</code>) |
1225 |
Context (<code>javax.security.auth.login.LoginContext</code>). |
|
|
1226 |
When developing your LoginModule, note that JAASRealm's built-in <code>CallbackHandler</code> |
1227 |
only recognizes the <code>NameCallback</code> and <code>PasswordCallback</code> at present. |
1225 |
</li> |
1228 |
</li> |
1226 |
<li>Although not specified in JAAS, you should create |
1229 |
<li>Although not specified in JAAS, you should create |
1227 |
seperate classes to distinguish between users and roles, extending <code>javax.security.Principal</code>, |
1230 |
separate classes to distinguish between users and roles, extending <code>javax.security.Principal</code>, |
1228 |
so that Tomcat can tell which Principals returned from your login |
1231 |
so that Tomcat can tell which Principals returned from your login |
1229 |
module are users and which are roles (see <code>org.apache.catalina.realm.JAASRealm</code>). |
1232 |
module are users and which are roles (see <code>org.apache.catalina.realm.JAASRealm</code>). |
|
|
1233 |
Regardless, the first Principal returned is <em>always</em> treated as the user Principal. |
1230 |
</li> |
1234 |
</li> |
1231 |
<li>Place the compiled classes on Tomcat's classpath |
1235 |
<li>Place the compiled classes on Tomcat's classpath |
1232 |
</li> |
1236 |
</li> |
Lines 1234-1240
Link Here
|
1234 |
href="http://java.sun.com/j2se/1.4.1/docs/guide/security/jaas/tutorials/LoginConfigFile.html">JAAS |
1238 |
href="http://java.sun.com/j2se/1.4.1/docs/guide/security/jaas/tutorials/LoginConfigFile.html">JAAS |
1235 |
LoginConfig file</a>) and tell Tomcat where to find it by specifying |
1239 |
LoginConfig file</a>) and tell Tomcat where to find it by specifying |
1236 |
its location to the JVM, for instance by setting the environment |
1240 |
its location to the JVM, for instance by setting the environment |
1237 |
variable: JAVA_OPTS=-D<code>JAVA_OPTS=-Djava.security.auth.login.config==$CATALINA_HOME/conf/jaas.config</code></li> |
1241 |
variable: <code>JAVA_OPTS=-DJAVA_OPTS=-Djava.security.auth.login.config==$CATALINA_HOME/conf/jaas.config</code></li> |
1238 |
<li>Configure your security-constraints in your web.xml for |
1242 |
<li>Configure your security-constraints in your web.xml for |
1239 |
the resources you want to protect</li> |
1243 |
the resources you want to protect</li> |
1240 |
<li>Configure the JAASRealm module in your server.xml </li> |
1244 |
<li>Configure the JAASRealm module in your server.xml </li> |
Lines 1263-1282
Link Here
|
1263 |
</attribute> |
1267 |
</attribute> |
1264 |
|
1268 |
|
1265 |
<attribute name="appName" required="true"> |
1269 |
<attribute name="appName" required="true"> |
1266 |
<p>The name of the realm as configured in your login configuration file |
1270 |
<p>The name of the application as configured in your login configuration file |
1267 |
(<a href="http://java.sun.com/j2se/1.4.1/docs/guide/security/jaas/tutorials/LoginConfigFile.html">JAAS LoginConfig</a>).</p> |
1271 |
(<a href="http://java.sun.com/j2se/1.4.1/docs/guide/security/jaas/tutorials/LoginConfigFile.html">JAAS LoginConfig</a>).</p> |
1268 |
</attribute> |
1272 |
</attribute> |
1269 |
|
1273 |
|
1270 |
<attribute name="userClassNames" required="true"> |
1274 |
<attribute name="userClassNames" required="true"> |
1271 |
<p>A comma-seperated list of the names of the classes that you have made |
1275 |
<p>A comma-separated list of the names of the classes that you have made |
1272 |
for your user <code>Principals</code>.</p> |
1276 |
for your user <code>Principals</code>.</p> |
1273 |
</attribute> |
1277 |
</attribute> |
1274 |
|
1278 |
|
1275 |
<attribute name="roleClassNames" required="false"> |
1279 |
<attribute name="roleClassNames" required="false"> |
1276 |
<p>A comma-seperated list of the names of the classes that you have made |
1280 |
<p>A comma-separated list of the names of the classes that you have made |
1277 |
for your role <code>Principals</code>.</p> |
1281 |
for your role <code>Principals</code>.</p> |
1278 |
</attribute> |
1282 |
</attribute> |
1279 |
|
1283 |
|
|
|
1284 |
<attribute name="useContextClassLoader" required="false"> |
1285 |
<p>Instructs JAASRealm to use the context class loader for loading the user-specified |
1286 |
<code>LoginModule</code> class and associated <code>Principal</code> classes. The |
1287 |
default value is <code>true</code>, which is backwards-compatible with the way |
1288 |
Tomcat 4 works. To load classes using the container's classloader, specify |
1289 |
<code>true</code>.</p> |
1290 |
</attribute> |
1291 |
|
1280 |
</attributes> |
1292 |
</attributes> |
1281 |
|
1293 |
|
1282 |
<h3>Example</h3> |
1294 |
<h3>Example</h3> |
Lines 1327-1332
Link Here
|
1327 |
surrounding <code>Context</code>, <code>Host</code>, or <code>Engine</code>. |
1339 |
surrounding <code>Context</code>, <code>Host</code>, or <code>Engine</code>. |
1328 |
By default, the corresponding Logger will create a log file in the <code>$CATALINA_HOME/logs</code> |
1340 |
By default, the corresponding Logger will create a log file in the <code>$CATALINA_HOME/logs</code> |
1329 |
directory.</li> |
1341 |
directory.</li> |
|
|
1342 |
<li>As with other <code>Realm</code> implementations, digested passwords |
1343 |
are supported if the <code><Realm></code> element in <code>server.xml</code> |
1344 |
contains a <code>digest</code> attribute; JAASRealm's <code>CallbackHandler</code> |
1345 |
will digest the password prior to passing it back to the <code>LoginModule</code></li> |
1330 |
</ul> |
1346 |
</ul> |
1331 |
|
1347 |
|
1332 |
</subsection> |
1348 |
</subsection> |