You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@portals.apache.org by wo...@apache.org on 2010/07/20 03:09:47 UTC
svn commit: r965707 -
/portals/site/applications/src/site/xdoc/webcontent/rproxy.xml
Author: woonsan
Date: Tue Jul 20 01:09:46 2010
New Revision: 965707
URL: http://svn.apache.org/viewvc?rev=965707&view=rev
Log:
APA-42: Adding security checking option based on roles
Modified:
portals/site/applications/src/site/xdoc/webcontent/rproxy.xml
Modified: portals/site/applications/src/site/xdoc/webcontent/rproxy.xml
URL: http://svn.apache.org/viewvc/portals/site/applications/src/site/xdoc/webcontent/rproxy.xml?rev=965707&r1=965706&r2=965707&view=diff
==============================================================================
--- portals/site/applications/src/site/xdoc/webcontent/rproxy.xml (original)
+++ portals/site/applications/src/site/xdoc/webcontent/rproxy.xml Tue Jul 20 01:09:46 2010
@@ -441,6 +441,18 @@ proxy.reverse.pass.site1.response.cookie
</td>
</tr>
<tr>
+ <td>proxy.reverse.pass.reverseProxyRequestContextProviderClassName</td>
+ <td></td>
+ <td></td>
+ <td>
+ The request context information provider class name, which should implement org.apache.portals.applications.webcontent.proxy.ReverseProxyRequestContextProvider.
+ The reverse proxy service will use this provider to check if the user of the request is in the specific role when the reverse proxy path resource is secured and
+ so some specificed allowed roles are configured.
+ <br/>
+ If not configured, then the default implementation checks if the user is in the specified role via the provided HttpServletRequest object.
+ </td>
+ </tr>
+ <tr>
<td>proxy.reverse.pass.<pathname>.local</td>
<td></td>
<td>
@@ -479,6 +491,26 @@ proxy.reverse.pass.site1.response.cookie
</td>
</tr>
<tr>
+ <td>proxy.reverse.pass.<pathname>.roles.allow</td>
+ <td></td>
+ <td>
+ dev<br/>
+ or<br/>
+ account, engineering
+ </td>
+ <td>
+ <pathname> should be replaced by the real path name.
+ With this example, you may use 'apache' or 'portals' for <pathname>.
+ <br/>
+ When this property is set, the reverse proxy path resource is secured.
+ The request user should be in the specified roles to access this resource.
+ <br/>
+ By default, it is checked via javax.servlet.http.HttpServletRequest#isUserInRole(role).
+ However, you could provide a customized request context provider implementation with
+ <CODE>proxy.reverse.pass.reverseProxyRequestContextProviderClassName</CODE> property.
+ </td>
+ </tr>
+ <tr>
<td>proxy.reverse.pass.<pathname>.rewriter.basic</td>
<td></td>
<td>