You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Christopher Schultz <ch...@christopherschultz.net> on 2023/01/09 18:43:15 UTC
Re: Apache Tomcat 10.0.27 - UML sequence diagram of the authentication process
Alexander,
On 1/9/23 07:21, Alexander Ghyoot wrote:
> For my thesis, I'm looking into access control in open-source software and am curious how the authentication process works in the Apache Tomcat (10.0.27) architecture. However, the documentation on this seems incomplete. The PNG is a screenshot of the image, only half shown, the link is below.
> Can someone give me a complete picture of the authentication flow in Apache Tomcat? Thanks in advance.
>
> https://tomcat.apache.org/tomcat-10.0-doc/architecture/requestProcess.html
> https://tomcat.apache.org/tomcat-10.0-doc/architecture/requestProcess/authentication-process.png
> [https://tomcat.apache.org/tomcat-10.0-doc/architecture/requestProcess/authentication-process.png]
My wild guess is those diagrams are very old and possibly out of date. I
haven't looked at the revision-control history to see ... how old they are.
Which kind of authentication are you interested in? Tomcat supports many
kinds, and some of them work differently than others. Are you interested
in how the credentials are gathered from the client, how they are
verified, or both?
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Apache Tomcat 10.0.27 - UML sequence diagram of the authentication process
Posted by Alexander Ghyoot <al...@student.kuleuven.be>.
Christopher,
I'm interested in both, how the clients credentials are gathered and verified.
Kind regards,
Alexander
________________________________
Van: Christopher Schultz <ch...@christopherschultz.net>
Verzonden: maandag 9 januari 2023 19:43
Aan: users@tomcat.apache.org <us...@tomcat.apache.org>
Onderwerp: Re: Apache Tomcat 10.0.27 - UML sequence diagram of the authentication process
Alexander,
On 1/9/23 07:21, Alexander Ghyoot wrote:
> For my thesis, I'm looking into access control in open-source software and am curious how the authentication process works in the Apache Tomcat (10.0.27) architecture. However, the documentation on this seems incomplete. The PNG is a screenshot of the image, only half shown, the link is below.
> Can someone give me a complete picture of the authentication flow in Apache Tomcat? Thanks in advance.
>
> https://tomcat.apache.org/tomcat-10.0-doc/architecture/requestProcess.html
> https://tomcat.apache.org/tomcat-10.0-doc/architecture/requestProcess/authentication-process.png
> [https://tomcat.apache.org/tomcat-10.0-doc/architecture/requestProcess/authentication-process.png]
My wild guess is those diagrams are very old and possibly out of date. I
haven't looked at the revision-control history to see ... how old they are.
Which kind of authentication are you interested in? Tomcat supports many
kinds, and some of them work differently than others. Are you interested
in how the credentials are gathered from the client, how they are
verified, or both?
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Apache Tomcat 10.0.27 - UML sequence diagram of the authentication process
Posted by Mark Thomas <ma...@apache.org>.
On 09/01/2023 18:43, Christopher Schultz wrote:
> Alexander,
>
> On 1/9/23 07:21, Alexander Ghyoot wrote:
>> For my thesis, I'm looking into access control in open-source software
>> and am curious how the authentication process works in the Apache
>> Tomcat (10.0.27) architecture. However, the documentation on this
>> seems incomplete. The PNG is a screenshot of the image, only half
>> shown, the link is below.
>> Can someone give me a complete picture of the authentication flow in
>> Apache Tomcat? Thanks in advance.
>>
>> https://tomcat.apache.org/tomcat-10.0-doc/architecture/requestProcess.html
>> https://tomcat.apache.org/tomcat-10.0-doc/architecture/requestProcess/authentication-process.png
>> [https://tomcat.apache.org/tomcat-10.0-doc/architecture/requestProcess/authentication-process.png]
>
> My wild guess is those diagrams are very old and possibly out of date. I
> haven't looked at the revision-control history to see ... how old they are.
For the request process and server start-up, the original diagrams were
late 2003. So almost 20 years. The original Rational Rose MDL file is
available from:
https://svn.apache.org/repos/asf/tomcat/archive/tc5.0.x/trunk/container/webapps/docs/architecture/requestProcess/roseModel.mdl
The diagrams were updated in 2015 (more recently than I thought):
https://bz.apache.org/bugzilla/show_bug.cgi?id=57282
They should be complete (for that era), they just ignore the long series
of returns at the end.
We should have asked for the MDL file at the time.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org