Author: markt Date: Tue Apr 15 01:02:31 2008 New Revision: 648161 URL: http://svn.apache.org/viewvc?rev=648161&view=rev Log: Align realm config doc and realm howto doc..
Modified: tomcat/trunk/webapps/docs/config/realm.xml tomcat/trunk/webapps/docs/realm-howto.xml Modified: tomcat/trunk/webapps/docs/config/realm.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/realm.xml?rev=648161&r1=648160&r2=648161&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/config/realm.xml (original) +++ tomcat/trunk/webapps/docs/config/realm.xml Tue Apr 15 01:02:31 2008 @@ -209,6 +209,13 @@ user passwords are assumed to be stored in clear-text.</p> </attribute> + <attribute name="localDataSource" required="false"> + <p>When the realm is nested inside a Context element, this allows the + realm to use a DataSource defined for the Context rather than a global + DataSource. If not specified, the default is <code>false</code>: use a + global DataSource.</p> + </attribute> + <attribute name="roleNameCol" required="true"> <p>Name of the column, in the "user roles" table, which contains a role name assigned to the corresponding user.</p> @@ -330,6 +337,15 @@ "finding" and "searching". If not specified, "always" is used.</p> </attribute> + <attribute name="digest" required="false"> + <p>The digest algorithm to apply to the plaintext password offered + by the user before comparing it with the value retrieved from the + directory. Valid values are those accepted for the algorithm name + by the <code>java.security.MessageDigest</code> class. If not + specified the plaintext password is assumed to be retrieved. Not + required unless <code>userPassword</code> is specified</p> + </attribute> + <attribute name="protocol" required="false"> <p>A string specifying the security protocol to use. If not given the providers default is used.</p> @@ -451,6 +467,13 @@ <attributes> + <attribute name="digest" required="false"> + <p>The digest algorithm used to store passwords in non-plaintext + formats. Valid values are those accepted for the algorithm name by the + <code>java.security.MessageDigest</code> class. If not specified, + passwords are stored in clear text.</p> + </attribute> + <attribute name="pathname" required="false"> <p>Absolute or relative (to $CATALINA_BASE) pathname to the XML file containing our user information. See below for details on the @@ -483,6 +506,64 @@ information on setting up container managed security using the Memory Based Realm component.</p> + <h3>JAAS Realm (org.apache.catalina.realm.JAASRealm)</h3> + + <p><strong>JAASRealm</strong> is an implementation of the Tomcat 6 + <code>Realm</code> interface that authenticates users through the Java + Authentication & Authorization Service (JAAS) framework which is now + provided as part of the standard J2SE API.</p> + + <p>Using JAASRealm gives the developer the ability to combine practically + any conceivable security realm with Tomcat's CMA.</p> + + <p>JAASRealm is prototype for Tomcat of the JAAS-based J2EE authentication + framework for J2EE v1.4, based on the <a + href="http://www.jcp.org/en/jsr/detail?id=196">JCP Specification Request + 196</a> to enhance container-managed security and promote 'pluggable' + authentication mechanisms whose implementations would be + container-independent.</p> + + <p>Based on the JAAS login module and principal + (see <code>javax.security.auth.spi.LoginModule</code> and + <code>javax.security.Principal</code>), you can develop your own security + mechanism or wrap another third-party mechanism for integration with the CMA + as implemented by Tomcat.</p> + + <p>The JAAS Realm implementation supports the following additional + attributes:</p> + + <attributes> + + <attribute name="appName" required="true"> + <p>The name of the application as configured in your login configuration + file + (<a href="http://java.sun.com/j2se/1.4.1/docs/guide/security/jaas/tutorials/LoginConfigFile.html">JAAS LoginConfig</a>).</p> + </attribute> + + <attribute name="userClassNames" required="true"> + <p>A comma-seperated list of the names of the classes that you have made + for your user <code>Principals</code>.</p> + </attribute> + + <attribute name="roleClassNames" required="false"> + <p>A comma-seperated list of the names of the classes that you have made + for your role <code>Principals</code>.</p> + </attribute> + + <attribute name="useContextClassLoader" required="false"> + <p>Instructs JAASRealm to use the context class loader for loading the + user-specified <code>LoginModule</code> class and associated + <code>Principal</code> classes. The default value is <code>true</code>, + which is backwards-compatible with the way Tomcat 5 works. To load + classes using the container's classloader, specify + <code>false</code>.</p> + </attribute> + + </attributes> + + <p>See the <a href="../realm-howto.html">Container-Managed Security + Guide</a> for more information on setting up container managed security + using the JAAS Realm component.</p> </subsection> Modified: tomcat/trunk/webapps/docs/realm-howto.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/realm-howto.xml?rev=648161&r1=648160&r2=648161&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/realm-howto.xml (original) +++ tomcat/trunk/webapps/docs/realm-howto.xml Tue Apr 15 01:02:31 2008 @@ -847,6 +847,17 @@ "<code>org.apache.catalina.realm.JNDIRealm</code>" here.</p> </attribute> + <attribute name="alternateURL" required="false"> + <p>If a socket connection can not be made to the provider at + the <code>connectionURL</code> an attempt will be made to use the + <code>alternateURL</code>.</p> + </attribute> + + <attribute name="authentication" required="false"> + <p>A string specifying the type of authentication to use. + "none", "simple", "strong" or a provider specific definition + can be used. If no value is given the providers default is used.</p> + </attribute> <attribute name="connectionName" required="false"> <p>The directory username to use when establishing a @@ -887,6 +898,11 @@ specified</p> </attribute> + <attribute name="protocol" required="false"> + <p>A string specifying the security protocol to use. If not given + the providers default is used.</p> + </attribute> + <attribute name="roleBase" required="false"> <p>The base directory entry for performing role searches. If not specified, the top level element in the directory context @@ -1282,13 +1298,12 @@ <h3>Introduction</h3> <p><strong>JAASRealm</strong> is an implementation of the Tomcat -4 <code>Realm</code> interface that authenticates users through the Java -Authentication & Authorization Service (JAAS) framework, a Java -package that is available as an optional package in Java 2 SDK 1.3 and -is fully integrated as of SDK 1.4 .</p> +6 <code>Realm</code> interface that authenticates users through the Java +Authentication & Authorization Service (JAAS) framework which is now +provided as part of the standard J2SE API.</p> <p>Using JAASRealm gives the developer the ability to combine practically any conceivable security realm with Tomcat's CMA. </p> - <p>JAASRealm is prototype for Tomcat of the proposed JAAS-based + <p>JAASRealm is prototype for Tomcat of the JAAS-based J2EE authentication framework for J2EE v1.4, based on the <a href="http://www.jcp.org/en/jsr/detail?id=196">JCP Specification Request 196</a> to enhance container-managed security and promote --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]