Authenticator
From Resin 3.0
(renamed tag to directive) |
|||
Line 24: | Line 24: | ||
= JaasAuthenticator - using a JAAS LoginModule= | = JaasAuthenticator - using a JAAS LoginModule= | ||
− | {{ | + | {{main|JaasAuthenticator}} |
+ | |||
+ | ==== resin-web.xml ==== | ||
+ | <web-app xmlns="http://caucho.com/ns/resin"> | ||
+ | |||
+ | <authenticator type="com.caucho.server.security.JaasAuthenticator"> | ||
+ | <init> | ||
+ | <login-module>com.sun.security.auth.module.Krb5LoginModule</login-module> | ||
+ | <init-param> | ||
+ | <debug>true</debug> | ||
+ | </init-param> | ||
+ | </init> | ||
+ | </authenticator> | ||
+ | |||
+ | </web-app> | ||
= LDAP authentication = | = LDAP authentication = | ||
{{:LDAP authentication}} | {{:LDAP authentication}} |
Revision as of 19:21, 3 April 2006
The <authenticator> directive configures Resin's built-in authentication for the Servlet login, i.e. to support getUserPrincipal and isUserInRole.
Contents |
directives
directive | description |
---|---|
jndi-name | JNDI name to store the authenticator |
type | Java class implementing the authenticator |
init | Bean-style/Inversion of Control configuration for the authenticator |
XmlAuthenticator
This article requires cleanup and may refer to a legacy version of Resin.
Please visit http://www.caucho.com/documentation/ for the most up-to-date documentation. |
The XmlAuthenticator is a simple authentication scheme where an XML file or a configuration file specifies the users directly. XmlAuthenticator is useful when you have a small number of known users.
<init> directives
directive | description | |
---|---|---|
logout-on-session-timeout | If true, principals should be logged out when a session times out | true |
password-digest | Password digest type of form: MD5-base64 | MD5-base64 |
password-digest-algorithm | Sets the password digest algorithm | MD5 |
password-digest-realm | Sets the realm to use for the digest | resin |
path | Path to an XML file containing the configuration | |
principal-cache-size | Size of the principal cache | 4096 |
user | Inline user configuration in the form "name:password:roles" |
Example
resin-web.xml
<web-app xmlns="http://caucho.com/ns/resin"> <authenticator> <type>com.caucho.server.security.XmlAuthenticator</type> <init> <password-digest>none</password-digest> <user>Harry Potter:quidditch:user</user> </init> </authenticator> ... </web-app>
JdbcAuthenticator
This article requires cleanup and may refer to a legacy version of Resin.
Please visit http://www.caucho.com/documentation/ for the most up-to-date documentation. |
The JdbcAuthenticator uses a database to store user authentication.
<init> directives
directive | description | |
---|---|---|
cookie-auth-query | Sets a query for cookie-based authentication | |
cookie-auth-update | Sets the update SQL for cookie-based authentication | |
cookie-domain | Sets the domain value for cookie-based authentication | |
cookie-logout | If true remove cookie on logout | |
cookie-max-age | Sets the max-age value for cookie-based authentication | |
cookie-version | Sets the cookie version for cookie-based authentication | |
data-source | Specifies the configured <database> | required |
logout-on-session-timeout | If true, principals should be logged out when a session times out | true |
password-digest | Password digest type of form: MD5-base64 | MD5-base64 |
password-digest-algorithm | Sets the password digest algorithm | MD5 |
password-digest-realm | Sets the realm to use for the digest | resin |
password-query | Sets a custom password query | |
principal-cache-size | Size of the principal cache | 4096 |
role-query | Specifies the query to test for a role | |
use-cookie | If true, use the resinauth cookie |
Example
resin-web.xml
<web-app xmlns="http://caucho.com/ns/resin"> <database jndi-name="java:comp/env/jdbc/test"> <driver type="org.postgresql.Driver"> <url>jdbc:postgresql://localhost/test</url> <user>harry</user> </driver> </database> <authenticator> <type>com.caucho.server.security.JdbcAuthenticator</type> <init> <data-source>java:comp/env/jdbc/test</data-source> </init> </authenticator> ... </web-app>
Here is how this needs to be configured for FORM authentication:
<authenticator type='com.caucho.server.security.JdbcAuthenticator'> <init> <data-source>jdbc/MyDataSource</data-source> ... <password-digest> <realm>resin</realm> <algorithm>md5</algorithm> <format>base64</format> </password-digest> </init> </authenticator>
JaasAuthenticator - using a JAAS LoginModule
- Main article: JaasAuthenticator
resin-web.xml
<web-app xmlns="http://caucho.com/ns/resin"> <authenticator type="com.caucho.server.security.JaasAuthenticator"> <init> <login-module>com.sun.security.auth.module.Krb5LoginModule</login-module> <init-param> <debug>true</debug> </init-param> </init> </authenticator> </web-app>
LDAP authentication
The Sun JDK includes a JndiLoginModule, which in turn is used with Resin's JaasAuthenticator to authenticate against an LDAP server.
Example
resin-web.xml
<web-app xmlns="http://caucho.com/ns/resin"> <authenticator type="com.caucho.server.security.JaasAuthenticator"> <init> <login-module>com.sun.security.auth.module.JndiLoginModule</login-module> <init-param user.provider.url="ldap://ldap.hogwarts.com/ou=People"/> <init-param group.provider.url="ldap://ldap.hogwarts.com/ou=Groups"/> <init-param debug="true"/> </init> </authenticator> </web-app>
<init-param> directives
directive | description | default |
---|---|---|
debug | If true, show debug information on stdout | false |