From 2e92d539bf51be5427dfb0de1e9cbf47e3bb0a88 Mon Sep 17 00:00:00 2001 From: markt Date: Tue, 15 Apr 2008 08:02:31 +0000 Subject: [PATCH] Align realm config doc and realm howto doc.. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@648161 13f79535-47bb-0310-9956-ffa450edef68 --- webapps/docs/config/realm.xml | 81 +++++++++++++++++++++++++++++++++++++++++++ webapps/docs/realm-howto.xml | 25 ++++++++++--- 2 files changed, 101 insertions(+), 5 deletions(-) diff --git a/webapps/docs/config/realm.xml b/webapps/docs/config/realm.xml index e462093df..83de6c6b9 100644 --- a/webapps/docs/config/realm.xml +++ b/webapps/docs/config/realm.xml @@ -209,6 +209,13 @@ user passwords are assumed to be stored in clear-text.

+ +

When the realm is nested inside a Context element, this allows the + realm to use a DataSource defined for the Context rather than a global + DataSource. If not specified, the default is false: use a + global DataSource.

+ +

Name of the column, in the "user roles" table, which contains a role name assigned to the corresponding user.

@@ -330,6 +337,15 @@ "finding" and "searching". If not specified, "always" is used.

 + +

The digest algorithm to apply to the plaintext password offered + by the user before comparing it with the value retrieved from the + directory. Valid values are those accepted for the algorithm name + by the java.security.MessageDigest class. If not + specified the plaintext password is assumed to be retrieved. Not + required unless userPassword is specified

+ +

A string specifying the security protocol to use. If not given the providers default is used.

@@ -451,6 +467,13 @@ + +

The digest algorithm used to store passwords in non-plaintext + formats. Valid values are those accepted for the algorithm name by the + java.security.MessageDigest class. If not specified, + passwords are stored in clear text.

+ +

Absolute or relative (to $CATALINA_BASE) pathname to the XML file containing our user information. See below for details on the @@ -483,6 +506,64 @@ information on setting up container managed security using the Memory Based Realm component.

+

JAAS Realm (org.apache.catalina.realm.JAASRealm)

+ +

JAASRealm is an implementation of the Tomcat 6 + Realm interface that authenticates users through the Java + Authentication & Authorization Service (JAAS) framework which is now + provided as part of the standard J2SE API.

+ +

Using JAASRealm gives the developer the ability to combine practically + any conceivable security realm with Tomcat's CMA.

+ +

JAASRealm is prototype for Tomcat of the JAAS-based J2EE authentication + framework for J2EE v1.4, based on the JCP Specification Request + 196 to enhance container-managed security and promote 'pluggable' + authentication mechanisms whose implementations would be + container-independent.

+ +

Based on the JAAS login module and principal + (see javax.security.auth.spi.LoginModule and + javax.security.Principal), you can develop your own security + mechanism or wrap another third-party mechanism for integration with the CMA + as implemented by Tomcat.

+ +

The JAAS Realm implementation supports the following additional + attributes:

+ + + + +

The name of the application as configured in your login configuration + file + (JAAS LoginConfig).

+ + + +

A comma-seperated list of the names of the classes that you have made + for your user Principals.

+ + + +

A comma-seperated list of the names of the classes that you have made + for your role Principals.

+ + + +

Instructs JAASRealm to use the context class loader for loading the + user-specified LoginModule class and associated + Principal classes. The default value is true, + which is backwards-compatible with the way Tomcat 5 works. To load + classes using the container's classloader, specify + false.

+ + + + +

See the Container-Managed Security + Guide for more information on setting up container managed security + using the JAAS Realm component.

diff --git a/webapps/docs/realm-howto.xml b/webapps/docs/realm-howto.xml index 8c0104be1..6a26b38ad 100644 --- a/webapps/docs/realm-howto.xml +++ b/webapps/docs/realm-howto.xml @@ -847,6 +847,17 @@ attributes are supported by this implementation:

"org.apache.catalina.realm.JNDIRealm" here.

 + +

If a socket connection can not be made to the provider at + the connectionURL an attempt will be made to use the + alternateURL.

+ + + +

A string specifying the type of authentication to use. + "none", "simple", "strong" or a provider specific definition + can be used. If no value is given the providers default is used.

+

The directory username to use when establishing a @@ -887,6 +898,11 @@ attributes are supported by this implementation:

specified

 + +

A string specifying the security protocol to use. If not given + the providers default is used.

+ +

The base directory entry for performing role searches. If not specified, the top level element in the directory context @@ -1282,13 +1298,12 @@ to all virtual hosts and web applications. The default contents of the

Introduction

JAASRealm is an implementation of the Tomcat -4 Realm interface that authenticates users through the Java -Authentication & Authorization Service (JAAS) framework, a Java -package that is available as an optional package in Java 2 SDK 1.3 and -is fully integrated as of SDK 1.4 .

+6 Realm interface that authenticates users through the Java +Authentication & Authorization Service (JAAS) framework which is now +provided as part of the standard J2SE API.

Using JAASRealm gives the developer the ability to combine practically any conceivable security realm with Tomcat's CMA.

-

JAASRealm is prototype for Tomcat of the proposed JAAS-based +

JAASRealm is prototype for Tomcat of the JAAS-based J2EE authentication framework for J2EE v1.4, based on the JCP Specification Request 196 to enhance container-managed security and promote -- 2.11.0