-$Header: /cvsroot/securityfilter/securityfilter/README,v 1.1 2002/08/08 13:20:46 maxcooper Exp $
-$Revision: 1.1 $
-$Date: 2002/08/08 13:20:46 $
+$Id: /cvsroot/securityfilter/securityfilter/README,v 1.1.1.1 2002/08/08
+13:20:46 maxcooper Exp $
+$Revision: 1.2 $
+$Date: 2002/08/09 10:21:41 $
- Security Filter v1.0-b4
+ Security Filter v1.0
======================================
-http://www.securityfilter.org/
-http://securityfilter.sourceforge.com/
+http://securityfilter.sourceforge.net/
What is SecurityFilter?
-----------------------
-SecurityFilter is a filter that mimics container-based security. It looks just
-like container-based security to your app, as you can call
+SecurityFilter is a Java Servlet Filter that mimics container-based security. It
+looks just like container-based security to your app, as you can call
request.getRemoteUser(), request.isUserInRole(), and request.getUserPrincipal()
and get valid responses. However, it can be deployed within your web app, so you
do not need to set the realm in the server configuration, or put any classes in
the server classpath. The realm interface for SecurityFilter is proprietary, but
it is very simple (2 methods) and should be easy to implement for your project.
-The other main advantage is that you can submit the login form without being
-forced there by the security mechanism.
+The other main advantage over container-based security is that users can submit
+login form without being forced to the login page by the security mechanism.
-Securityfilter is free software, available under the Apache Software License
-v1.1.
+License Information
+-------------------
+Securityfilter is available under the SecurityFilter Software License, Version
+1.1. This license is derived from and fully compatible with the Apache Software
+License. See the LICENSE file for details.
+
+This product includes software developed by the Apache Software Foundation
+(http://www.apache.org/).
What's in this package?
Tomcat (Catalina) realm implementation and realm adapter class.
A securityfilter-blank.war example app is also provided as a skeleton to use to
-start a new securityfilter application.
+start a new securityfilter application, or integrate into an existing
+application. Source code and JavaDocs are also included.
How to use SecurityFilter
-------------------------
-To use the SecurityFilter, you need to do these things:
-
-- Have jakarta-regexp in your classpath (tested with v1.2)
-- Declare the SecurityFilter in your web.xml file, and map everything to it
-- Declare your security preferences in WEB-INF/securityfilter-config.xml
-- Provide an implementation of SecurityRealmInterface (or extend
-SecurityRealmBase) for your app (and give its classname in securityfilter-
-config.xml)
+To use the SecurityFilter for your application, you need to do these things:
+
+1. Declare the SecurityFilter filter in your web.xml file, and map all requests
+to it (with a url pattern like '/*' -- for examples, see web.xml in the example
+apps).
+
+2. Create a SecurityRealmInterface implementation (from scratch, or by extending
+SecurityRealmBase). You can also use a Tomcat (Catalina) realm with the
+CatalinaRealmAdapter (see securityfilter-catalina-example app for details). If
+you create your own realm adapter class, be sure to include a setRealm(Object
+realm) method so the filter can properly nest your realms at run time. Only the
+first realm specified in the config file (described below) need implement the
+SecurityRealmInterface interface -- there are no type restrictions for realms
+that will be adapted.
+
+2. Declare your security preferences in WEB-INF/securityfilter-config.xml. The
+format for security preferences closely mimics the web.xml standard (so you can
+but and paste if you have been using container-managed security). In addition to
+the web.xml syntax, you can also specify a form-default-page to send users to if
+they spontaneously issue a login request without being forced there by the
+security mechanism. You will also need to specify your realm (or realms, if you
+are using a realm adapter or decorator class). Realm properties can be set with
+the realm-param tag.
The example apps include web.xml and securityfilter-config.xml file examples.
-Future Direction
-----------------
-This is the first release. It is ready for use and should support everything
-needed for most apps.
+Future Direction / Current Issues
+---------------------------------
+SecurityFilter is ready for use and should support everything needed for many
+apps. Compliance with the servlet 2.3 spec is a top priority for the project,
+but it is not 100% compliant yet. There are a few things that are not yet
+supported that may be important to you:
+
+1. Requests are evaluated against the url-patterns in the order that the
+patterns appear in the config file, rather than by the rules defined in the
+servlet spec.
+
+2. http-method tags can be included in the config file, but they are not yet
+supported (and thus are ignored)
+
+3. user-data-constraint tags can be included in the config file, but they are
+not yet supported (and thus are ignored)
Contributors
------------
-1. Max Cooper maintains the project and wrote much of the code.
-2. Torgeir Veimo contributed the Digester-based security-config.xml reader and
-did some additional work on supporting the structures in the file (like multiple
-roles per constraint).
-3. Prakash Malani provided review and Ant help.
+1. Max Cooper maintains the project and wrote most of the code.
+
+2. Torgeir Veimo contributed the initial version of the Digester-based security-
+config.xml reader and improved the supporting data structures.
+
+3. Prakash Malani provided review information and Ant build file help.
+
+4. Steve Ditlinger provided review information.
Feedback
--------
Let me know what your priorities are, and if there is anything else you would
-like to see. Contact me via email (max@maxcooper.com) or use SourceForge to
-report bugs or make feature requests (http://securityfilter.sourceforge.com/).
+like to see. Please use the SourceForge facilities to seek support, report bugs,
+and make feature requests: http://sourceforge.net/projects/securityfilter/
Thank you,
Max Cooper
+
+
+
+
projects / securityfilter.git / commitdiff