You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2013/11/09 20:34:19 UTC
svn commit: r1540375 - in /tomcat/tc7.0.x/trunk: ./
webapps/docs/changelog.xml webapps/docs/config/realm.xml
Author: markt
Date: Sat Nov 9 19:34:19 2013
New Revision: 1540375
URL: http://svn.apache.org/r1540375
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55746
Add documentation for AllRolesMode for CombinedRealm
Patch by Cédric Couralet
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc7.0.x/trunk/webapps/docs/config/realm.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1540374
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1540375&r1=1540374&r2=1540375&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Sat Nov 9 19:34:19 2013
@@ -200,6 +200,11 @@
<bug>55703</bug>: Clarify the role of the singleton attribute for JNDI
resource factories. (markt)
</fix>
+ <fix>
+ <bug>55746</bug>: Add documentation on the <code>allRolesMode</code> to
+ the <code>CombinedRealm</code> and <code>LockOutRealm</code>. Patch by
+ Cédric Couralet. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Extras">
Modified: tomcat/tc7.0.x/trunk/webapps/docs/config/realm.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/config/realm.xml?rev=1540375&r1=1540374&r2=1540375&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/config/realm.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/config/realm.xml Sat Nov 9 19:34:19 2013
@@ -911,14 +911,30 @@
will be attempted against each <code>Realm</code> in the order they are
listed. Authentication against any Realm will be sufficient to authenticate
the user.</p>
-
- <p>The CombinedRealm implementation does not support any additional
- attributes.</p>
-
+
<p>See the <a href="../realm-howto.html">Container-Managed Security
Guide</a> for more information on setting up container managed security
using the CombinedRealm component.</p>
+ <p>The CombinedRealm implementation supports the following additional
+ attributes.</p>
+
+ <attributes>
+
+ <attribute name="allRolesMode" required="false">
+ <p>This attribute controls how the special role name <code>*</code> is
+ handled when processing authorization constraints in web.xml. By
+ default, the specification compliant value of <code>strict</code> is
+ used which means that the user must be assigned one of the roles defined
+ in web.xml. The alternative values are <code>authOnly</code> which means
+ that the user must be authenticated but no check is made for assigned
+ roles and <code>strictAuthOnly</code> which means that the user must be
+ authenticated and no check will be made for assigned roles unless roles
+ are defined in web.xml in which case the user must be assigned at least
+ one of those roles.</p>
+ </attribute>
+
+ </attributes>
</subsection>
@@ -949,7 +965,19 @@
attributes.</p>
<attributes>
-
+ <attribute name="allRolesMode" required="false">
+ <p>This attribute controls how the special role name <code>*</code> is
+ handled when processing authorization constraints in web.xml. By
+ default, the specification compliant value of <code>strict</code> is
+ used which means that the user must be assigned one of the roles defined
+ in web.xml. The alternative values are <code>authOnly</code> which means
+ that the user must be authenticated but no check is made for assigned
+ roles and <code>strictAuthOnly</code> which means that the user must be
+ authenticated and no check will be made for assigned roles unless roles
+ are defined in web.xml in which case the user must be assigned at least
+ one of those roles.</p>
+ </attribute>
+
<attribute name="cacheRemovalWarningTime" required="false">
<p>If a failed user is removed from the cache because the cache is too
big before it has been in the cache for at least this period of time (in
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org