tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject Re: Authenticator Documentation
Date Fri, 15 Nov 2002 07:26:52 GMT


On Thu, 14 Nov 2002, Bill Barker wrote:

> Date: Thu, 14 Nov 2002 23:18:54 -0800
> From: Bill Barker <wbarker@wilshire.com>
> Reply-To: Tomcat Developers List <tomcat-dev@jakarta.apache.org>
> To: Tomcat Developers List <tomcat-dev@jakarta.apache.org>
> Subject: Re: Authenticator Documentation
>
>
> ----- Original Message -----
> From: "Craig R. McClanahan" <craigmcc@apache.org>
> To: "Tomcat Developers List" <tomcat-dev@jakarta.apache.org>
> Sent: Thursday, November 14, 2002 10:47 PM
> Subject: Re: Authenticator Documentation
>
>
> >
> >
> > On Thu, 14 Nov 2002, Bill Barker wrote:
> >
> > > Date: Thu, 14 Nov 2002 22:08:36 -0800
> > > From: Bill Barker <wbarker@wilshire.com>
> > > Reply-To: Tomcat Developers List <tomcat-dev@jakarta.apache.org>
> > > To: Tomcat Developers List <tomcat-dev@jakarta.apache.org>
> > > Subject: Authenticator Documentation
> > >
> > > Browsing the documentation for 4.1.x, I couldn't find any information on
> how
> > > to configure an Authenticator.  I know that is probably belongs on
> > > tomcat-user :),
> >
> > Because you're so diligent about answering TOMCAT-USER questions, we'll
> > forgive you this time :-)
> >
> > > and I know how it is done.  What I'm looking for is the page
> > > (if any) to update.
> >
> > During initialization of a new webapp, Catalina uses the value of the
> > <login-method> (which should be BASIC, DIGEST, FORM, or CLIENT-CERT) to
> > look up the name of the corresponding Authenticator (which is also a
> > Valve) class in the resource file
> > org/apache/catalina/startup/Authenticator.properties, instantiates an
> > instance, and adds it to the set of Valves to be used for the webapp being
> > initialized.  The Authenticator instances themselves don't have any
> > customizable properties -- they just implement the requirements of the
> > servlet spec.  Is there some specific customization that you would like to
> > be able to configure?
>
> This much I know.  I also know that if under a <Context> I do:
> <Valve className="org.apache.catalina.authenticator.FormAuthenticator"
>             noProxyCaching="false" debug="10" randomClass="my.Random" />
>
> than all of the above is skipped (and it is my fault if <login-method> !=
> FORM :).
>

Whaddya know ... a feature I forgot about :-).

Indeed, the initialization code has a special check that, if you've
already configured an Authenticator valve for this webapp, it will ignore
the <login-method> and just assume you know what you're doing.

> I just added the "noProxyCaching" attribute, and wanted to know is if there
> is a page in the docs that I should change to document this (so I have less
> questions to answer on tomcat-user :).

I feel your pain :-).

I don't think we have this documented at all right now.  It would probably
be worth adding a section on the page
"webapps/tomcat-docs/config/valve.xml" about the standard Authenticator
valves and the properties that they support.

By the way, doesn't "noProxyCaching" end up being a double negative?
Would it make more sense to call it "disableProxyCaching" or something
like that instead?

Craig


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message