Author: markt
Date: Tue Apr 15 01:02:31 2008
New Revision: 648161
URL: http://svn.apache.org/viewvc?rev=648161&view=rev
Log:
Align realm config doc and realm howto doc..
Modified:
tomcat/trunk/webapps/docs/config/realm.xml
tomcat/trunk/webapps/docs/realm-howto.xml
Modified: tomcat/trunk/webapps/docs/config/realm.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/realm.xml?rev=648161&r1=648160&r2=648161&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/realm.xml (original)
+++ tomcat/trunk/webapps/docs/config/realm.xml Tue Apr 15 01:02:31 2008
@@ -209,6 +209,13 @@
user passwords are assumed to be stored in clear-text.</p>
</attribute>
+ <attribute name="localDataSource" required="false">
+ <p>When the realm is nested inside a Context element, this allows the
+ realm to use a DataSource defined for the Context rather than a global
+ DataSource. If not specified, the default is <code>false</code>: use
a
+ global DataSource.</p>
+ </attribute>
+
<attribute name="roleNameCol" required="true">
<p>Name of the column, in the "user roles" table, which contains
a role name assigned to the corresponding user.</p>
@@ -330,6 +337,15 @@
"finding" and "searching". If not specified, "always" is used.</p>
</attribute>
+ <attribute name="digest" required="false">
+ <p>The digest algorithm to apply to the plaintext password offered
+ by the user before comparing it with the value retrieved from the
+ directory. Valid values are those accepted for the algorithm name
+ by the <code>java.security.MessageDigest</code> class. If not
+ specified the plaintext password is assumed to be retrieved. Not
+ required unless <code>userPassword</code> is specified</p>
+ </attribute>
+
<attribute name="protocol" required="false">
<p>A string specifying the security protocol to use. If not given
the providers default is used.</p>
@@ -451,6 +467,13 @@
<attributes>
+ <attribute name="digest" required="false">
+ <p>The digest algorithm used to store passwords in non-plaintext
+ formats. Valid values are those accepted for the algorithm name by the
+ <code>java.security.MessageDigest</code> class. If not specified,
+ passwords are stored in clear text.</p>
+ </attribute>
+
<attribute name="pathname" required="false">
<p>Absolute or relative (to $CATALINA_BASE) pathname to the XML file
containing our user information. See below for details on the
@@ -483,6 +506,64 @@
information on setting up container managed security using the
Memory Based Realm component.</p>
+ <h3>JAAS Realm (org.apache.catalina.realm.JAASRealm)</h3>
+
+ <p><strong>JAASRealm</strong> is an implementation of the Tomcat 6
+ <code>Realm</code> interface that authenticates users through the Java
+ Authentication & Authorization Service (JAAS) framework which is now
+ provided as part of the standard J2SE API.</p>
+
+ <p>Using JAASRealm gives the developer the ability to combine practically
+ any conceivable security realm with Tomcat's CMA.</p>
+
+ <p>JAASRealm is prototype for Tomcat of the JAAS-based J2EE authentication
+ framework for J2EE v1.4, based on the <a
+ href="http://www.jcp.org/en/jsr/detail?id=196";>JCP Specification Request
+ 196</a> to enhance container-managed security and promote 'pluggable'
+ authentication mechanisms whose implementations would be
+ container-independent.</p>
+
+ <p>Based on the JAAS login module and principal
+ (see <code>javax.security.auth.spi.LoginModule</code> and
+ <code>javax.security.Principal</code>), you can develop your own security
+ mechanism or wrap another third-party mechanism for integration with the
CMA
+ as implemented by Tomcat.</p>
+
+ <p>The JAAS Realm implementation supports the following additional
+ attributes:</p>
+
+ <attributes>
+
+ <attribute name="appName" required="true">
+ <p>The name of the application as configured in your login configuration
+ file
+ (<a
href="http://java.sun.com/j2se/1.4.1/docs/guide/security/jaas/tutorials/LoginConfigFile.html";>JAAS
LoginConfig</a>).</p>
+ </attribute>
+
+ <attribute name="userClassNames" required="true">
+ <p>A comma-seperated list of the names of the classes that you have
made
+ for your user <code>Principals</code>.</p>
+ </attribute>
+
+ <attribute name="roleClassNames" required="false">
+ <p>A comma-seperated list of the names of the classes that you have
made
+ for your role <code>Principals</code>.</p>
+ </attribute>
+
+ <attribute name="useContextClassLoader" required="false">
+ <p>Instructs JAASRealm to use the context class loader for loading the
+ user-specified <code>LoginModule</code> class and associated
+ <code>Principal</code> classes. The default value is <code>true</code>,
+ which is backwards-compatible with the way Tomcat 5 works. To load
+ classes using the container's classloader, specify
+ <code>false</code>.</p>
+ </attribute>
+
+ </attributes>
+
+ <p>See the <a href="../realm-howto.html">Container-Managed Security
+ Guide</a> for more information on setting up container managed security
+ using the JAAS Realm component.</p>
</subsection>
Modified: tomcat/trunk/webapps/docs/realm-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/realm-howto.xml?rev=648161&r1=648160&r2=648161&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/realm-howto.xml (original)
+++ tomcat/trunk/webapps/docs/realm-howto.xml Tue Apr 15 01:02:31 2008
@@ -847,6 +847,17 @@
"<code>org.apache.catalina.realm.JNDIRealm</code>" here.</p>
</attribute>
+ <attribute name="alternateURL" required="false">
+ <p>If a socket connection can not be made to the provider at
+ the <code>connectionURL</code> an attempt will be made to use the
+ <code>alternateURL</code>.</p>
+ </attribute>
+
+ <attribute name="authentication" required="false">
+ <p>A string specifying the type of authentication to use.
+ "none", "simple", "strong" or a provider specific definition
+ can be used. If no value is given the providers default is used.</p>
+ </attribute>
<attribute name="connectionName" required="false">
<p>The directory username to use when establishing a
@@ -887,6 +898,11 @@
specified</p>
</attribute>
+ <attribute name="protocol" required="false">
+ <p>A string specifying the security protocol to use. If not given
+ the providers default is used.</p>
+ </attribute>
+
<attribute name="roleBase" required="false">
<p>The base directory entry for performing role searches. If
not specified, the top level element in the directory context
@@ -1282,13 +1298,12 @@
<h3>Introduction</h3>
<p><strong>JAASRealm</strong> is an implementation of the Tomcat
-4 <code>Realm</code> interface that authenticates users through the Java
-Authentication & Authorization Service (JAAS) framework, a Java
-package that is available as an optional package in Java 2 SDK 1.3 and
-is fully integrated as of SDK 1.4 .</p>
+6 <code>Realm</code> interface that authenticates users through the Java
+Authentication & Authorization Service (JAAS) framework which is now
+provided as part of the standard J2SE API.</p>
<p>Using JAASRealm gives the developer the ability to combine
practically any conceivable security realm with Tomcat's CMA. </p>
- <p>JAASRealm is prototype for Tomcat of the proposed JAAS-based
+ <p>JAASRealm is prototype for Tomcat of the JAAS-based
J2EE authentication framework for J2EE v1.4, based on the <a
href="http://www.jcp.org/en/jsr/detail?id=196";>JCP Specification
Request 196</a> to enhance container-managed security and promote
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
