Authenticator Documentation
Browsing the documentation for 4.1.x, I couldn't find any information on how to configure an Authenticator. I know that is probably belongs on tomcat-user :), and I know how it is done. What I'm looking for is the page (if any) to update. -- To unsubscribe, e-mail: mailto:tomcat-dev-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-dev-help;jakarta.apache.org
Re: Authenticator Documentation
On Thu, 14 Nov 2002, Bill Barker wrote: Date: Thu, 14 Nov 2002 22:08:36 -0800 From: Bill Barker [EMAIL PROTECTED] Reply-To: Tomcat Developers List [EMAIL PROTECTED] To: Tomcat Developers List [EMAIL PROTECTED] Subject: Authenticator Documentation Browsing the documentation for 4.1.x, I couldn't find any information on how to configure an Authenticator. I know that is probably belongs on tomcat-user :), Because you're so diligent about answering TOMCAT-USER questions, we'll forgive you this time :-) and I know how it is done. What I'm looking for is the page (if any) to update. During initialization of a new webapp, Catalina uses the value of the login-method (which should be BASIC, DIGEST, FORM, or CLIENT-CERT) to look up the name of the corresponding Authenticator (which is also a Valve) class in the resource file org/apache/catalina/startup/Authenticator.properties, instantiates an instance, and adds it to the set of Valves to be used for the webapp being initialized. The Authenticator instances themselves don't have any customizable properties -- they just implement the requirements of the servlet spec. Is there some specific customization that you would like to be able to configure? Are you instead interested in how to configure where Catalina looks for users, passwords, and roles? That's done by your selection of an appropriate Realm instance, which is configured by inserting a Realm element inside the Context. If there is none, a webapp inherits the Realm configured for the owning Host or Engine element -- in the default configuration, there is one and only one Realm, configured at the Engine level, and using the $CATALINA_HOME/conf/tomcat-users.xml file. The admin app can dynamically update this for you, if you want. Craig -- To unsubscribe, e-mail: mailto:tomcat-dev-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-dev-help;jakarta.apache.org
Re: Authenticator Documentation
On Thu, 14 Nov 2002, Craig R. McClanahan wrote: During initialization of a new webapp, Catalina uses the value of the login-method (which should be BASIC, DIGEST, FORM, or CLIENT-CERT) It probably would have been useful to say that the login-method is found in the /WEB-INF/web.xml deployment descriptor of your webapp ... Craig -- To unsubscribe, e-mail: mailto:tomcat-dev-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-dev-help;jakarta.apache.org
Re: Authenticator Documentation
- Original Message - From: Craig R. McClanahan [EMAIL PROTECTED] To: Tomcat Developers List [EMAIL PROTECTED] Sent: Thursday, November 14, 2002 10:47 PM Subject: Re: Authenticator Documentation On Thu, 14 Nov 2002, Bill Barker wrote: Date: Thu, 14 Nov 2002 22:08:36 -0800 From: Bill Barker [EMAIL PROTECTED] Reply-To: Tomcat Developers List [EMAIL PROTECTED] To: Tomcat Developers List [EMAIL PROTECTED] Subject: Authenticator Documentation Browsing the documentation for 4.1.x, I couldn't find any information on how to configure an Authenticator. I know that is probably belongs on tomcat-user :), Because you're so diligent about answering TOMCAT-USER questions, we'll forgive you this time :-) and I know how it is done. What I'm looking for is the page (if any) to update. During initialization of a new webapp, Catalina uses the value of the login-method (which should be BASIC, DIGEST, FORM, or CLIENT-CERT) to look up the name of the corresponding Authenticator (which is also a Valve) class in the resource file org/apache/catalina/startup/Authenticator.properties, instantiates an instance, and adds it to the set of Valves to be used for the webapp being initialized. The Authenticator instances themselves don't have any customizable properties -- they just implement the requirements of the servlet spec. Is there some specific customization that you would like to be able to configure? This much I know. I also know that if under a Context I do: Valve className=org.apache.catalina.authenticator.FormAuthenticator noProxyCaching=false debug=10 randomClass=my.Random / than all of the above is skipped (and it is my fault if login-method != FORM :). I just added the noProxyCaching attribute, and wanted to know is if there is a page in the docs that I should change to document this (so I have less questions to answer on tomcat-user :). Are you instead interested in how to configure where Catalina looks for users, passwords, and roles? That's done by your selection of an appropriate Realm instance, which is configured by inserting a Realm element inside the Context. If there is none, a webapp inherits the Realm configured for the owning Host or Engine element -- in the default configuration, there is one and only one Realm, configured at the Engine level, and using the $CATALINA_HOME/conf/tomcat-users.xml file. The admin app can dynamically update this for you, if you want. Craig -- To unsubscribe, e-mail: mailto:tomcat-dev-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-dev-help;jakarta.apache.org -- To unsubscribe, e-mail: mailto:tomcat-dev-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-dev-help;jakarta.apache.org
Re: Authenticator Documentation
On Thu, 14 Nov 2002, Bill Barker wrote: Date: Thu, 14 Nov 2002 23:18:54 -0800 From: Bill Barker [EMAIL PROTECTED] Reply-To: Tomcat Developers List [EMAIL PROTECTED] To: Tomcat Developers List [EMAIL PROTECTED] Subject: Re: Authenticator Documentation - Original Message - From: Craig R. McClanahan [EMAIL PROTECTED] To: Tomcat Developers List [EMAIL PROTECTED] Sent: Thursday, November 14, 2002 10:47 PM Subject: Re: Authenticator Documentation On Thu, 14 Nov 2002, Bill Barker wrote: Date: Thu, 14 Nov 2002 22:08:36 -0800 From: Bill Barker [EMAIL PROTECTED] Reply-To: Tomcat Developers List [EMAIL PROTECTED] To: Tomcat Developers List [EMAIL PROTECTED] Subject: Authenticator Documentation Browsing the documentation for 4.1.x, I couldn't find any information on how to configure an Authenticator. I know that is probably belongs on tomcat-user :), Because you're so diligent about answering TOMCAT-USER questions, we'll forgive you this time :-) and I know how it is done. What I'm looking for is the page (if any) to update. During initialization of a new webapp, Catalina uses the value of the login-method (which should be BASIC, DIGEST, FORM, or CLIENT-CERT) to look up the name of the corresponding Authenticator (which is also a Valve) class in the resource file org/apache/catalina/startup/Authenticator.properties, instantiates an instance, and adds it to the set of Valves to be used for the webapp being initialized. The Authenticator instances themselves don't have any customizable properties -- they just implement the requirements of the servlet spec. Is there some specific customization that you would like to be able to configure? This much I know. I also know that if under a Context I do: Valve className=org.apache.catalina.authenticator.FormAuthenticator noProxyCaching=false debug=10 randomClass=my.Random / than all of the above is skipped (and it is my fault if login-method != FORM :). Whaddya know ... a feature I forgot about :-). Indeed, the initialization code has a special check that, if you've already configured an Authenticator valve for this webapp, it will ignore the login-method and just assume you know what you're doing. I just added the noProxyCaching attribute, and wanted to know is if there is a page in the docs that I should change to document this (so I have less questions to answer on tomcat-user :). I feel your pain :-). I don't think we have this documented at all right now. It would probably be worth adding a section on the page webapps/tomcat-docs/config/valve.xml about the standard Authenticator valves and the properties that they support. By the way, doesn't noProxyCaching end up being a double negative? Would it make more sense to call it disableProxyCaching or something like that instead? Craig -- To unsubscribe, e-mail: mailto:tomcat-dev-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-dev-help;jakarta.apache.org