From: markt Date: Mon, 21 Mar 2011 17:46:38 +0000 (+0000) Subject: Further additions to mbeans and docs for authentication valves X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=68352d3af74c0cea3c76880ea05aee140e252625;p=tomcat7.0 Further additions to mbeans and docs for authentication valves git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1083879 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/java/org/apache/catalina/authenticator/mbeans-descriptors.xml b/java/org/apache/catalina/authenticator/mbeans-descriptors.xml index 0b4fd9d69..72910ccf1 100644 --- a/java/org/apache/catalina/authenticator/mbeans-descriptors.xml +++ b/java/org/apache/catalina/authenticator/mbeans-descriptors.xml @@ -23,15 +23,31 @@ group="Valve" type="org.apache.catalina.authenticator.BasicAuthenticator"> + + + + + + + + @@ -57,15 +73,31 @@ group="Valve" type="org.apache.catalina.authenticator.DigestAuthenticator"> + + + + + + + + @@ -90,15 +122,31 @@ group="Valve" type="org.apache.catalina.authenticator.FormAuthenticator"> - + + + + + + + + @@ -127,11 +175,23 @@ description="Should we cache authenticated Principals if the request is part of an HTTP session?" type="boolean"/> + + + + + + + + + + + + diff --git a/webapps/docs/config/valve.xml b/webapps/docs/config/valve.xml index 37481186a..38d0dc6cf 100644 --- a/webapps/docs/config/valve.xml +++ b/webapps/docs/config/valve.xml @@ -417,11 +417,6 @@ - -

Java class name of the implementation to use. This MUST be set to - org.apache.catalina.authenticator.BasicAuthenticator.

- -

Should a session always be used once a user is authenticated? This may offer some performance benefits since the session can then be used @@ -433,6 +428,12 @@ default value of false will be used.

 + +

Should we cache authenticated Principals if the request is part of an + HTTP session? If not specified, the default value of true + will be used.

+ +

Controls if the session ID is changed if a session exists at the point where users are authenticated. This is to prevent session fixation @@ -440,6 +441,11 @@ used.

 + +

Java class name of the implementation to use. This MUST be set to + org.apache.catalina.authenticator.BasicAuthenticator.

+ +

Controls the caching of pages that are protected by security constraints. Setting this to false may help work around @@ -459,6 +465,18 @@ If not set, the default value of true will be used.

 + +

Name of the algorithm to use to create the + java.security.SecureRandom instances that generate session + IDs. If an invalid algorithm and/or provider is specified, the platform + default provider and the default algorithm will be used. If not + specified, the default algorithm of SHA1PRNG will be used. If the + default algorithm is not supported, the platform default will be used. + To specify that the platform default should be used, do not set the + secureRandomProvider attribute and set this attribute to the empty + string.

+ +

Name of the Java class that extends java.security.SecureRandom to use to generate SSO session @@ -474,18 +492,6 @@ specified, the platform default provider will be used.

 - -

Name of the algorithm to use to create the - java.security.SecureRandom instances that generate session - IDs. If an invalid algorithm and/or provider is specified, the platform - default provider and the default algorithm will be used. If not - specified, the default algorithm of SHA1PRNG will be used. If the - default algorithm is not supported, the platform default will be used. - To specify that the platform default should be used, do not set the - secureRandomProvider attribute and set this attribute to the empty - string.

- - @@ -514,9 +520,21 @@ - -

Java class name of the implementation to use. This MUST be set to - org.apache.catalina.authenticator.DigestAuthenticator.

+ +

Should a session always be used once a user is authenticated? This + may offer some performance benefits since the session can then be used + to cache the authenticated Principal, hence removing the need to + authenticate the user via the Realm on every request. This may be of + help for combinations such as BASIC authentication used with the + JNDIRealm or DataSourceRealms. However there will also be the + performance cost of creating and GC'ing the session. If not set, the + default value of false will be used.

+ + + +

Should we cache authenticated Principals if the request is part of an + HTTP session? If not specified, the default value of true + will be used.

 @@ -526,6 +544,11 @@ used.

 + +

Java class name of the implementation to use. This MUST be set to + org.apache.catalina.authenticator.DigestAuthenticator.

+ +

Controls the caching of pages that are protected by security constraints. Setting this to false may help work around @@ -545,6 +568,18 @@ If not set, the default value of true will be used.

 + +

Name of the algorithm to use to create the + java.security.SecureRandom instances that generate session + IDs. If an invalid algorithm and/or provider is specified, the platform + default provider and the default algorithm will be used. If not + specified, the default algorithm of SHA1PRNG will be used. If the + default algorithm is not supported, the platform default will be used. + To specify that the platform default should be used, do not set the + secureRandomProvider attribute and set this attribute to the empty + string.

+ +

Name of the Java class that extends java.security.SecureRandom to use to generate SSO session @@ -560,18 +595,6 @@ specified, the platform default provider will be used.

 - -

Name of the algorithm to use to create the - java.security.SecureRandom instances that generate session - IDs. If an invalid algorithm and/or provider is specified, the platform - default provider and the default algorithm will be used. If not - specified, the default algorithm of SHA1PRNG will be used. If the - default algorithm is not supported, the platform default will be used. - To specify that the platform default should be used, do not set the - secureRandomProvider attribute and set this attribute to the empty - string.

- - @@ -600,11 +623,6 @@ - -

Java class name of the implementation to use. This MUST be set to - org.apache.catalina.authenticator.FormAuthenticator.

- -

Controls if the session ID is changed if a session exists at the point where users are authenticated. This is to prevent session fixation @@ -618,6 +636,11 @@ used.

 + +

Java class name of the implementation to use. This MUST be set to + org.apache.catalina.authenticator.FormAuthenticator.

+ +

Controls the caching of pages that are protected by security constraints. Setting this to false may help work around @@ -650,6 +673,18 @@ If not set, the default value of true will be used.

 + +

Name of the algorithm to use to create the + java.security.SecureRandom instances that generate session + IDs. If an invalid algorithm and/or provider is specified, the platform + default provider and the default algorithm will be used. If not + specified, the default algorithm of SHA1PRNG will be used. If the + default algorithm is not supported, the platform default will be used. + To specify that the platform default should be used, do not set the + secureRandomProvider attribute and set this attribute to the empty + string.

+ +

Name of the Java class that extends java.security.SecureRandom to use to generate SSO session @@ -665,18 +700,6 @@ specified, the platform default provider will be used.

 - -

Name of the algorithm to use to create the - java.security.SecureRandom instances that generate session - IDs. If an invalid algorithm and/or provider is specified, the platform - default provider and the default algorithm will be used. If not - specified, the default algorithm of SHA1PRNG will be used. If the - default algorithm is not supported, the platform default will be used. - To specify that the platform default should be used, do not set the - secureRandomProvider attribute and set this attribute to the empty - string.

- - @@ -705,6 +728,12 @@ + +

Should we cache authenticated Principals if the request is part of an + HTTP session? If not specified, the default value of true + will be used.

+ +

Java class name of the implementation to use. This MUST be set to org.apache.catalina.authenticator.SSLAuthenticator.

@@ -736,6 +765,18 @@ If not set, the default value of true will be used.

 + +

Name of the algorithm to use to create the + java.security.SecureRandom instances that generate session + IDs. If an invalid algorithm and/or provider is specified, the platform + default provider and the default algorithm will be used. If not + specified, the default algorithm of SHA1PRNG will be used. If the + default algorithm is not supported, the platform default will be used. + To specify that the platform default should be used, do not set the + secureRandomProvider attribute and set this attribute to the empty + string.

+ +

Name of the Java class that extends java.security.SecureRandom to use to generate SSO session @@ -751,18 +792,6 @@ specified, the platform default provider will be used.

 - -

Name of the algorithm to use to create the - java.security.SecureRandom instances that generate session - IDs. If an invalid algorithm and/or provider is specified, the platform - default provider and the default algorithm will be used. If not - specified, the default algorithm of SHA1PRNG will be used. If the - default algorithm is not supported, the platform default will be used. - To specify that the platform default should be used, do not set the - secureRandomProvider attribute and set this attribute to the empty - string.

- -