### Eclipse Workspace Patch 1.0
#P tc6.0.x
Index: webapps/docs/config/realm.xml
===================================================================
--- webapps/docs/config/realm.xml (revision 1508339)
+++ webapps/docs/config/realm.xml (working copy)
@@ -798,14 +798,30 @@
will be attempted against each Realm
in the order they are
listed. Authentication against any Realm will be sufficient to authenticate
the user.
The CombinedRealm implementation does not support any additional - attributes.
- +See the Container-Managed Security Guide for more information on setting up container managed security using the CombinedRealm component.
+The CombinedRealm implementation supports the following additional + attributes.
+ +This attribute controls how the special role name *
is
+ handled when processing authorization constraints in web.xml. By
+ default, the specification compliant value of strict
is
+ used which means that the user must be assigned one of the roles defined
+ in web.xml. The alternative values are authOnly
which means
+ that the user must be authenticated but no check is made for assigned
+ roles and strictAuthOnly
which means that the user must be
+ authenticated and no check will be made for assigned roles unless roles
+ are defined in web.xml in which case the user must be assigned at least
+ one of those roles.
This attribute controls how the special role name *
is
+ handled when processing authorization constraints in web.xml. By
+ default, the specification compliant value of strict
is
+ used which means that the user must be assigned one of the roles defined
+ in web.xml. The alternative values are authOnly
which means
+ that the user must be authenticated but no check is made for assigned
+ roles and strictAuthOnly
which means that the user must be
+ authenticated and no check will be made for assigned roles unless roles
+ are defined in web.xml in which case the user must be assigned at least
+ one of those roles.
If a failed user is removed from the cache because the cache is too big before it has been in the cache for at least this period of time (in