ASF Bugzilla – Attachment 13109 Details for
Bug 31739
Minor documentation additions for realm-howto and AJP
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch: realm-howto.xml
realm-howto.xml.PATCH (text/plain), 4.42 KB, created by
Andrew Jaquith
on 2004-10-16 00:27:04 UTC
(
hide
)
Description:
Patch: realm-howto.xml
Filename:
MIME Type:
Creator:
Andrew Jaquith
Created:
2004-10-16 00:27:04 UTC
Size:
4.42 KB
patch
obsolete
>Index: realm-howto.xml >=================================================================== >RCS file: /home/cvspublic/jakarta-tomcat-catalina/webapps/docs/realm-howto.xml,v >retrieving revision 1.14.2.2 >diff -u -r1.14.2.2 realm-howto.xml >--- realm-howto.xml 3 Sep 2004 21:58:39 -0000 1.14.2.2 >+++ realm-howto.xml 16 Oct 2004 00:14:19 -0000 >@@ -8,6 +8,7 @@ > > <properties> > <author email="craigmcc@apache.org">Craig R. McClanahan</author> >+ <author email="arjaquith@mindspring.com">Andrew R. Jaquith</author> > <title>Realm Configuration HOW-TO</title> > </properties> > >@@ -1221,12 +1222,15 @@ > JAAS Authentication Tutorial</a> and > <a href="http://java.sun.com/j2se/1.4.1/docs/guide/security/jaas/JAASLMDevGuide.html">the JAAS Login Module > Developer's Guide</a>) to be managed by the JAAS Login >-Context (<code>javax.security.auth.login.LoginContext</code>) >+Context (<code>javax.security.auth.login.LoginContext</code>). >+When developing your LoginModule, note that JAASRealm's built-in <code>CallbackHandler</code> >+only recognizes the <code>NameCallback</code> and <code>PasswordCallback</code> at present. > </li> > <li>Although not specified in JAAS, you should create >-seperate classes to distinguish between users and roles, extending <code>javax.security.Principal</code>, >+separate classes to distinguish between users and roles, extending <code>javax.security.Principal</code>, > so that Tomcat can tell which Principals returned from your login > module are users and which are roles (see <code>org.apache.catalina.realm.JAASRealm</code>). >+Regardless, the first Principal returned is <em>always</em> treated as the user Principal. > </li> > <li>Place the compiled classes on Tomcat's classpath > </li> >@@ -1234,7 +1238,7 @@ > href="http://java.sun.com/j2se/1.4.1/docs/guide/security/jaas/tutorials/LoginConfigFile.html">JAAS > LoginConfig file</a>) and tell Tomcat where to find it by specifying > its location to the JVM, for instance by setting the environment >-variable: JAVA_OPTS=-D<code>JAVA_OPTS=-Djava.security.auth.login.config==$CATALINA_HOME/conf/jaas.config</code></li> >+variable: <code>JAVA_OPTS=-DJAVA_OPTS=-Djava.security.auth.login.config==$CATALINA_HOME/conf/jaas.config</code></li> > <li>Configure your security-constraints in your web.xml for > the resources you want to protect</li> > <li>Configure the JAASRealm module in your server.xml </li> >@@ -1263,20 +1267,28 @@ > </attribute> > > <attribute name="appName" required="true"> >- <p>The name of the realm as configured in your login configuration file >+ <p>The name of the application as configured in your login configuration file > (<a href="http://java.sun.com/j2se/1.4.1/docs/guide/security/jaas/tutorials/LoginConfigFile.html">JAAS LoginConfig</a>).</p> > </attribute> > > <attribute name="userClassNames" required="true"> >- <p>A comma-seperated list of the names of the classes that you have made >+ <p>A comma-separated list of the names of the classes that you have made > for your user <code>Principals</code>.</p> > </attribute> > > <attribute name="roleClassNames" required="false"> >- <p>A comma-seperated list of the names of the classes that you have made >+ <p>A comma-separated list of the names of the classes that you have made > for your role <code>Principals</code>.</p> > </attribute> > >+ <attribute name="useContextClassLoader" required="false"> >+ <p>Instructs JAASRealm to use the context class loader for loading the user-specified >+ <code>LoginModule</code> class and associated <code>Principal</code> classes. The >+ default value is <code>true</code>, which is backwards-compatible with the way >+ Tomcat 4 works. To load classes using the container's classloader, specify >+ <code>true</code>.</p> >+ </attribute> >+ > </attributes> > > <h3>Example</h3> >@@ -1327,6 +1339,10 @@ > surrounding <code>Context</code>, <code>Host</code>, or <code>Engine</code>. > By default, the corresponding Logger will create a log file in the <code>$CATALINA_HOME/logs</code> > directory.</li> >+ <li>As with other <code>Realm</code> implementations, digested passwords >+ are supported if the <code><Realm></code> element in <code>server.xml</code> >+ contains a <code>digest</code> attribute; JAASRealm's <code>CallbackHandler</code> >+ will digest the password prior to passing it back to the <code>LoginModule</code></li> > </ul> > > </subsection>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=13109">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 31739
: 13109 |
13110
|
13111