Authenticator
From Resin 3.0
|
This article requires cleanup and may refer to a legacy version of Resin.
Please visit http://www.caucho.com/documentation/ for the most up-to-date documentation. |
The <authenticator> directive configures Resin's built-in authentication for the Servlet login, i.e. to support getUserPrincipal and isUserInRole.
Contents |
directives
| directive | description |
|---|---|
| jndi-name | JNDI name to store the authenticator |
| type | Java class implementing the authenticator |
| init | Bean-style/Inversion of Control configuration for the authenticator |
XmlAuthenticator
|
|
This article requires cleanup and may refer to a legacy version of Resin.
Please visit http://www.caucho.com/documentation/ for the most up-to-date documentation. |
The XmlAuthenticator is a simple authentication scheme where an XML file or a configuration file specifies the users directly. XmlAuthenticator is useful when you have a small number of known users.
<init> directives
| directive | description | |
|---|---|---|
| logout-on-session-timeout | If true, principals should be logged out when a session times out | true |
| password-digest | Password digest type of form: MD5-base64 | MD5-base64 |
| password-digest-algorithm | Sets the password digest algorithm | MD5 |
| password-digest-realm | Sets the realm to use for the digest | resin |
| path | Path to an XML file containing the configuration | |
| principal-cache-size | Size of the principal cache | 4096 |
| user | Inline user configuration in the form "name:password:roles" |
Example
resin-web.xml
<web-app xmlns="http://caucho.com/ns/resin"> <authenticator> <type>com.caucho.server.security.XmlAuthenticator</type> <init> <password-digest>none</password-digest> <user>Harry Potter:quidditch:user</user> </init> </authenticator> ... </web-app>
JdbcAuthenticator
|
|
This article requires cleanup and may refer to a legacy version of Resin.
Please visit http://www.caucho.com/documentation/ for the most up-to-date documentation. |
The JdbcAuthenticator uses a database to store user authentication.
<init> directives
| directive | description | |
|---|---|---|
| cookie-auth-query | Sets a query for cookie-based authentication | |
| cookie-auth-update | Sets the update SQL for cookie-based authentication | |
| cookie-domain | Sets the domain value for cookie-based authentication | |
| cookie-logout | If true remove cookie on logout | |
| cookie-max-age | Sets the max-age value for cookie-based authentication | |
| cookie-version | Sets the cookie version for cookie-based authentication | |
| data-source | Specifies the configured <database> | required |
| logout-on-session-timeout | If true, principals should be logged out when a session times out | true |
| password-digest | Password digest type of form: MD5-base64 | MD5-base64 |
| password-digest-algorithm | Sets the password digest algorithm | MD5 |
| password-digest-realm | Sets the realm to use for the digest | resin |
| password-query | Sets a custom password query | |
| principal-cache-size | Size of the principal cache | 4096 |
| role-query | Specifies the query to test for a role | |
| use-cookie | If true, use the resinauth cookie |
Example
resin-web.xml
<web-app xmlns="http://caucho.com/ns/resin"> <database jndi-name="java:comp/env/jdbc/test"> <driver type="org.postgresql.Driver"> <url>jdbc:postgresql://localhost/test</url> <user>harry</user> </driver> </database> <authenticator> <type>com.caucho.server.security.JdbcAuthenticator</type> <init> <data-source>java:comp/env/jdbc/test</data-source> </init> </authenticator> ... </web-app>
Here is how this needs to be configured for FORM authentication:
<authenticator type='com.caucho.server.security.JdbcAuthenticator'>
<init>
<data-source>jdbc/MyDataSource</data-source>
...
<password-digest>
<realm>resin</realm>
<algorithm>md5</algorithm>
<format>base64</format>
</password-digest>
</init>
</authenticator>
JaasAuthenticator - using a JAAS LoginModule
- Main article: JaasAuthenticator
resin-web.xml
<web-app xmlns="http://caucho.com/ns/resin"> <authenticator type="com.caucho.server.security.JaasAuthenticator"> <init> <login-module>com.sun.security.auth.module.Krb5LoginModule</login-module> <init-param> <debug>true</debug> </init-param> </init> </authenticator> </web-app>
LDAP authentication
- Main article: LdapAuthenticator
