You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Bill Barker <wb...@wilshire.com> on 2002/11/15 07:08:36 UTC
Authenticator Documentation
Browsing the documentation for 4.1.x, I couldn't find any information on how
to configure an Authenticator. I know that is probably belongs on
tomcat-user :), and I know how it is done. What I'm looking for is the page
(if any) to update.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Authenticator Documentation
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On Thu, 14 Nov 2002, Bill Barker wrote:
> Date: Thu, 14 Nov 2002 23:18:54 -0800
> From: Bill Barker <wb...@wilshire.com>
> Reply-To: Tomcat Developers List <to...@jakarta.apache.org>
> To: Tomcat Developers List <to...@jakarta.apache.org>
> Subject: Re: Authenticator Documentation
>
>
> ----- Original Message -----
> From: "Craig R. McClanahan" <cr...@apache.org>
> To: "Tomcat Developers List" <to...@jakarta.apache.org>
> Sent: Thursday, November 14, 2002 10:47 PM
> Subject: Re: Authenticator Documentation
>
>
> >
> >
> > On Thu, 14 Nov 2002, Bill Barker wrote:
> >
> > > Date: Thu, 14 Nov 2002 22:08:36 -0800
> > > From: Bill Barker <wb...@wilshire.com>
> > > Reply-To: Tomcat Developers List <to...@jakarta.apache.org>
> > > To: Tomcat Developers List <to...@jakarta.apache.org>
> > > Subject: Authenticator Documentation
> > >
> > > Browsing the documentation for 4.1.x, I couldn't find any information on
> how
> > > to configure an Authenticator. I know that is probably belongs on
> > > tomcat-user :),
> >
> > Because you're so diligent about answering TOMCAT-USER questions, we'll
> > forgive you this time :-)
> >
> > > and I know how it is done. What I'm looking for is the page
> > > (if any) to update.
> >
> > During initialization of a new webapp, Catalina uses the value of the
> > <login-method> (which should be BASIC, DIGEST, FORM, or CLIENT-CERT) to
> > look up the name of the corresponding Authenticator (which is also a
> > Valve) class in the resource file
> > org/apache/catalina/startup/Authenticator.properties, instantiates an
> > instance, and adds it to the set of Valves to be used for the webapp being
> > initialized. The Authenticator instances themselves don't have any
> > customizable properties -- they just implement the requirements of the
> > servlet spec. Is there some specific customization that you would like to
> > be able to configure?
>
> This much I know. I also know that if under a <Context> I do:
> <Valve className="org.apache.catalina.authenticator.FormAuthenticator"
> noProxyCaching="false" debug="10" randomClass="my.Random" />
>
> than all of the above is skipped (and it is my fault if <login-method> !=
> FORM :).
>
Whaddya know ... a feature I forgot about :-).
Indeed, the initialization code has a special check that, if you've
already configured an Authenticator valve for this webapp, it will ignore
the <login-method> and just assume you know what you're doing.
> I just added the "noProxyCaching" attribute, and wanted to know is if there
> is a page in the docs that I should change to document this (so I have less
> questions to answer on tomcat-user :).
I feel your pain :-).
I don't think we have this documented at all right now. It would probably
be worth adding a section on the page
"webapps/tomcat-docs/config/valve.xml" about the standard Authenticator
valves and the properties that they support.
By the way, doesn't "noProxyCaching" end up being a double negative?
Would it make more sense to call it "disableProxyCaching" or something
like that instead?
Craig
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Authenticator Documentation
Posted by Bill Barker <wb...@wilshire.com>.
----- Original Message -----
From: "Craig R. McClanahan" <cr...@apache.org>
To: "Tomcat Developers List" <to...@jakarta.apache.org>
Sent: Thursday, November 14, 2002 10:47 PM
Subject: Re: Authenticator Documentation
>
>
> On Thu, 14 Nov 2002, Bill Barker wrote:
>
> > Date: Thu, 14 Nov 2002 22:08:36 -0800
> > From: Bill Barker <wb...@wilshire.com>
> > Reply-To: Tomcat Developers List <to...@jakarta.apache.org>
> > To: Tomcat Developers List <to...@jakarta.apache.org>
> > Subject: Authenticator Documentation
> >
> > Browsing the documentation for 4.1.x, I couldn't find any information on
how
> > to configure an Authenticator. I know that is probably belongs on
> > tomcat-user :),
>
> Because you're so diligent about answering TOMCAT-USER questions, we'll
> forgive you this time :-)
>
> > and I know how it is done. What I'm looking for is the page
> > (if any) to update.
>
> During initialization of a new webapp, Catalina uses the value of the
> <login-method> (which should be BASIC, DIGEST, FORM, or CLIENT-CERT) to
> look up the name of the corresponding Authenticator (which is also a
> Valve) class in the resource file
> org/apache/catalina/startup/Authenticator.properties, instantiates an
> instance, and adds it to the set of Valves to be used for the webapp being
> initialized. The Authenticator instances themselves don't have any
> customizable properties -- they just implement the requirements of the
> servlet spec. Is there some specific customization that you would like to
> be able to configure?
This much I know. I also know that if under a <Context> I do:
<Valve className="org.apache.catalina.authenticator.FormAuthenticator"
noProxyCaching="false" debug="10" randomClass="my.Random" />
than all of the above is skipped (and it is my fault if <login-method> !=
FORM :).
I just added the "noProxyCaching" attribute, and wanted to know is if there
is a page in the docs that I should change to document this (so I have less
questions to answer on tomcat-user :).
>
> Are you instead interested in how to configure where Catalina looks for
> users, passwords, and roles? That's done by your selection of an
> appropriate Realm instance, which is configured by inserting a <Realm>
> element inside the <Context>. If there is none, a webapp inherits the
> Realm configured for the owning <Host> or <Engine> element -- in the
> default configuration, there is one and only one Realm, configured at the
> <Engine> level, and using the $CATALINA_HOME/conf/tomcat-users.xml file.
> The admin app can dynamically update this for you, if you want.
>
>
> Craig
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Authenticator Documentation
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On Thu, 14 Nov 2002, Craig R. McClanahan wrote:
> During initialization of a new webapp, Catalina uses the value of the
> <login-method> (which should be BASIC, DIGEST, FORM, or CLIENT-CERT)
It probably would have been useful to say that the <login-method> is found
in the "/WEB-INF/web.xml" deployment descriptor of your webapp ...
Craig
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Authenticator Documentation
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On Thu, 14 Nov 2002, Bill Barker wrote:
> Date: Thu, 14 Nov 2002 22:08:36 -0800
> From: Bill Barker <wb...@wilshire.com>
> Reply-To: Tomcat Developers List <to...@jakarta.apache.org>
> To: Tomcat Developers List <to...@jakarta.apache.org>
> Subject: Authenticator Documentation
>
> Browsing the documentation for 4.1.x, I couldn't find any information on how
> to configure an Authenticator. I know that is probably belongs on
> tomcat-user :),
Because you're so diligent about answering TOMCAT-USER questions, we'll
forgive you this time :-)
> and I know how it is done. What I'm looking for is the page
> (if any) to update.
During initialization of a new webapp, Catalina uses the value of the
<login-method> (which should be BASIC, DIGEST, FORM, or CLIENT-CERT) to
look up the name of the corresponding Authenticator (which is also a
Valve) class in the resource file
org/apache/catalina/startup/Authenticator.properties, instantiates an
instance, and adds it to the set of Valves to be used for the webapp being
initialized. The Authenticator instances themselves don't have any
customizable properties -- they just implement the requirements of the
servlet spec. Is there some specific customization that you would like to
be able to configure?
Are you instead interested in how to configure where Catalina looks for
users, passwords, and roles? That's done by your selection of an
appropriate Realm instance, which is configured by inserting a <Realm>
element inside the <Context>. If there is none, a webapp inherits the
Realm configured for the owning <Host> or <Engine> element -- in the
default configuration, there is one and only one Realm, configured at the
<Engine> level, and using the $CATALINA_HOME/conf/tomcat-users.xml file.
The admin app can dynamically update this for you, if you want.
Craig
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>