Authenticator

From Resin 3.0

(Difference between revisions)
Jump to: navigation, search
Line 41: Line 41:
  
 
= LDAP authentication =
 
= LDAP authentication =
 +
 +
{{main|LdapAuthenticator}}
  
 
{{:LDAP authentication}}
 
{{:LDAP authentication}}

Revision as of 00:00, 13 April 2006


The <authenticator> directive configures Resin's built-in authentication for the Servlet login, i.e. to support getUserPrincipal and isUserInRole.

Contents

directives

directive description
jndi-name JNDI name to store the authenticator
type Java class implementing the authenticator
init Bean-style/Inversion of Control configuration for the authenticator

XmlAuthenticator

40px-Edit-clear.png This article requires cleanup and may refer to a legacy version of Resin.

Please visit http://www.caucho.com/documentation/ for the most up-to-date documentation.

The XmlAuthenticator is a simple authentication scheme where an XML file or a configuration file specifies the users directly. XmlAuthenticator is useful when you have a small number of known users.

<init> directives

directive description
logout-on-session-timeout If true, principals should be logged out when a session times out true
password-digest Password digest type of form: MD5-base64 MD5-base64
password-digest-algorithm Sets the password digest algorithm MD5
password-digest-realm Sets the realm to use for the digest resin
path Path to an XML file containing the configuration
principal-cache-size Size of the principal cache 4096
user Inline user configuration in the form "name:password:roles"

Example

resin-web.xml

<web-app xmlns="http://caucho.com/ns/resin">
  <authenticator>
    <type>com.caucho.server.security.XmlAuthenticator</type>
    <init>
      <password-digest>none</password-digest>
      <user>Harry Potter:quidditch:user</user>
    </init>
  </authenticator>
  ...
</web-app>

JdbcAuthenticator

40px-Edit-clear.png This article requires cleanup and may refer to a legacy version of Resin.

Please visit http://www.caucho.com/documentation/ for the most up-to-date documentation.

The JdbcAuthenticator uses a database to store user authentication.

<init> directives

directive description
cookie-auth-query Sets a query for cookie-based authentication
cookie-auth-update Sets the update SQL for cookie-based authentication
cookie-domain Sets the domain value for cookie-based authentication
cookie-logout If true remove cookie on logout
cookie-max-age Sets the max-age value for cookie-based authentication
cookie-version Sets the cookie version for cookie-based authentication
data-source Specifies the configured <database> required
logout-on-session-timeout If true, principals should be logged out when a session times out true
password-digest Password digest type of form: MD5-base64 MD5-base64
password-digest-algorithm Sets the password digest algorithm MD5
password-digest-realm Sets the realm to use for the digest resin
password-query Sets a custom password query
principal-cache-size Size of the principal cache 4096
role-query Specifies the query to test for a role
use-cookie If true, use the resinauth cookie

Example

resin-web.xml

<web-app xmlns="http://caucho.com/ns/resin">
  <database jndi-name="java:comp/env/jdbc/test">
    <driver type="org.postgresql.Driver">
      <url>jdbc:postgresql://localhost/test</url>
      <user>harry</user>
    </driver>
  </database>

  <authenticator>
    <type>com.caucho.server.security.JdbcAuthenticator</type>
    <init>
      <data-source>java:comp/env/jdbc/test</data-source>
    </init>
  </authenticator>
  ...
</web-app>


Here is how this needs to be configured for FORM authentication:

     <authenticator type='com.caucho.server.security.JdbcAuthenticator'>
       <init>
         <data-source>jdbc/MyDataSource</data-source>
         ...
         <password-digest>
            <realm>resin</realm>
            <algorithm>md5</algorithm>
            <format>base64</format>
         </password-digest>
       </init>
     </authenticator>

JaasAuthenticator - using a JAAS LoginModule

Main article: JaasAuthenticator

resin-web.xml

<web-app xmlns="http://caucho.com/ns/resin">

 <authenticator type="com.caucho.server.security.JaasAuthenticator">
     <init>
         <login-module>com.sun.security.auth.module.Krb5LoginModule</login-module>
         <init-param>
              <debug>true</debug>
        </init-param>
     </init>
 </authenticator>

</web-app>

LDAP authentication

Main article: LdapAuthenticator

The Sun JDK includes a JndiLoginModule, which in turn is used with Resin's JaasAuthenticator to authenticate against an LDAP server.

Example

resin-web.xml

<web-app xmlns="http://caucho.com/ns/resin">
  <authenticator type="com.caucho.server.security.JaasAuthenticator">
   <init>
     <login-module>com.sun.security.auth.module.JndiLoginModule</login-module>

     <init-param user.provider.url="ldap://ldap.hogwarts.com/ou=People"/>
     <init-param group.provider.url="ldap://ldap.hogwarts.com/ou=Groups"/>

     <init-param debug="true"/>
   </init>
  </authenticator>
</web-app>

<init-param> directives

directive description default
debug If true, show debug information on stdout false
Personal tools