You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@portals.apache.org by wo...@apache.org on 2010/07/20 03:09:47 UTC

svn commit: r965707 - /portals/site/applications/src/site/xdoc/webcontent/rproxy.xml

Author: woonsan
Date: Tue Jul 20 01:09:46 2010
New Revision: 965707

URL: http://svn.apache.org/viewvc?rev=965707&view=rev
Log:
APA-42: Adding security checking option based on roles

Modified:
    portals/site/applications/src/site/xdoc/webcontent/rproxy.xml

Modified: portals/site/applications/src/site/xdoc/webcontent/rproxy.xml
URL: http://svn.apache.org/viewvc/portals/site/applications/src/site/xdoc/webcontent/rproxy.xml?rev=965707&r1=965706&r2=965707&view=diff
==============================================================================
--- portals/site/applications/src/site/xdoc/webcontent/rproxy.xml (original)
+++ portals/site/applications/src/site/xdoc/webcontent/rproxy.xml Tue Jul 20 01:09:46 2010
@@ -441,6 +441,18 @@ proxy.reverse.pass.site1.response.cookie
             </td>
           </tr>
           <tr>
+            <td>proxy.reverse.pass.reverseProxyRequestContextProviderClassName</td>
+            <td></td>
+            <td></td>
+            <td>
+              The request context information provider class name, which should implement org.apache.portals.applications.webcontent.proxy.ReverseProxyRequestContextProvider.
+              The reverse proxy service will use this provider to check if the user of the request is in the specific role when the reverse proxy path resource is secured and
+              so some specificed allowed roles are configured.
+              <br/>
+              If not configured, then the default implementation checks if the user is in the specified role via the provided HttpServletRequest object.
+            </td>
+          </tr>
+          <tr>
             <td>proxy.reverse.pass.&lt;pathname&gt;.local</td>
             <td></td>
             <td>
@@ -479,6 +491,26 @@ proxy.reverse.pass.site1.response.cookie
             </td>
           </tr>
           <tr>
+            <td>proxy.reverse.pass.&lt;pathname&gt;.roles.allow</td>
+            <td></td>
+            <td>
+              dev<br/>
+              or<br/>
+              account, engineering
+            </td>
+            <td>
+              &lt;pathname&gt; should be replaced by the real path name.
+              With this example, you may use 'apache' or 'portals' for &lt;pathname&gt;.
+              <br/>
+              When this property is set, the reverse proxy path resource is secured.
+              The request user should be in the specified roles to access this resource.
+              <br/>
+              By default, it is checked via javax.servlet.http.HttpServletRequest#isUserInRole(role).
+              However, you could provide a customized request context provider implementation with 
+              <CODE>proxy.reverse.pass.reverseProxyRequestContextProviderClassName</CODE> property.
+            </td>
+          </tr>
+          <tr>
             <td>proxy.reverse.pass.&lt;pathname&gt;.rewriter.basic</td>
             <td></td>
             <td>