You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2013/11/09 20:35:42 UTC
svn commit: r1540376 - in /tomcat/tc6.0.x/trunk: ./
webapps/docs/changelog.xml webapps/docs/config/realm.xml
Author: markt
Date: Sat Nov 9 19:35:42 2013
New Revision: 1540376
URL: http://svn.apache.org/r1540376
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55746
Add documentation for AllRolesMode and CombinedRealm
Patch by Cédric Couralet
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml
Propchange: tomcat/tc6.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1540374
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1540376&r1=1540375&r2=1540376&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sat Nov 9 19:35:42 2013
@@ -102,6 +102,11 @@
<code>notifyLifecycleListenerOnFailure</code> and
<code>heartbeatBackgroundEnabled</code>. (kfujino)
</add>
+ <fix>
+ <bug>55746</bug>: Add documentation on the <code>allRolesMode</code> to
+ the <code>CombinedRealm</code> and <code>LockOutRealm</code>. Patch by
+ Cédric Couralet. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Other">
Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml?rev=1540376&r1=1540375&r2=1540376&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml Sat Nov 9 19:35:42 2013
@@ -798,14 +798,30 @@
will be attempted against each <code>Realm</code> in the order they are
listed. Authentication against any Realm will be sufficient to authenticate
the user.</p>
-
- <p>The CombinedRealm implementation does not support any additional
- attributes.</p>
-
+
<p>See the <a href="../realm-howto.html">Container-Managed Security
Guide</a> for more information on setting up container managed security
using the CombinedRealm component.</p>
+ <p>The CombinedRealm implementation supports the following additional
+ attributes.</p>
+
+ <attributes>
+
+ <attribute name="allRolesMode" required="false">
+ <p>This attribute controls how the special role name <code>*</code> is
+ handled when processing authorization constraints in web.xml. By
+ default, the specification compliant value of <code>strict</code> is
+ used which means that the user must be assigned one of the roles defined
+ in web.xml. The alternative values are <code>authOnly</code> which means
+ that the user must be authenticated but no check is made for assigned
+ roles and <code>strictAuthOnly</code> which means that the user must be
+ authenticated and no check will be made for assigned roles unless roles
+ are defined in web.xml in which case the user must be assigned at least
+ one of those roles.</p>
+ </attribute>
+
+ </attributes>
</subsection>
@@ -836,7 +852,19 @@
attributes.</p>
<attributes>
-
+ <attribute name="allRolesMode" required="false">
+ <p>This attribute controls how the special role name <code>*</code> is
+ handled when processing authorization constraints in web.xml. By
+ default, the specification compliant value of <code>strict</code> is
+ used which means that the user must be assigned one of the roles defined
+ in web.xml. The alternative values are <code>authOnly</code> which means
+ that the user must be authenticated but no check is made for assigned
+ roles and <code>strictAuthOnly</code> which means that the user must be
+ authenticated and no check will be made for assigned roles unless roles
+ are defined in web.xml in which case the user must be assigned at least
+ one of those roles.</p>
+ </attribute>
+
<attribute name="cacheRemovalWarningTime" required="false">
<p>If a failed user is removed from the cache because the cache is too
big before it has been in the cache for at least this period of time (in
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org