Return-Path: 
 <dev-return-118325-apmail-tomcat-dev-archive=tomcat.apache.org@tomcat.apache.org>
X-Original-To: apmail-tomcat-dev-archive@www.apache.org
Delivered-To: apmail-tomcat-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 894687689
	for <apmail-tomcat-dev-archive@www.apache.org>;
 Fri, 22 Jul 2011 12:11:03 +0000 (UTC)
Received: (qmail 77490 invoked by uid 500); 22 Jul 2011 12:11:02 -0000
Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org
Received: (qmail 77224 invoked by uid 500); 22 Jul 2011 12:11:00 -0000
Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@tomcat.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@tomcat.apache.org>
List-Post: <mailto:dev@tomcat.apache.org>
List-Id: <dev.tomcat.apache.org>
Reply-To: "Tomcat Developers List" <dev@tomcat.apache.org>
Delivered-To: mailing list dev@tomcat.apache.org
Received: (qmail 76920 invoked by uid 99); 22 Jul 2011 12:11:00 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 22 Jul 2011 12:11:00 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 22 Jul 2011 12:10:56 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
	by eris.apache.org (Postfix) with ESMTP id 50A3A23888CF
	for <dev@tomcat.apache.org>; Fri, 22 Jul 2011 12:10:35 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1149583 - in /tomcat/tc6.0.x/trunk/webapps/docs:
 changelog.xml
 config/realm.xml
Date: Fri, 22 Jul 2011 12:10:34 -0000
To: dev@tomcat.apache.org
From: markt@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20110722121035.50A3A23888CF@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: markt
Date: Fri Jul 22 12:10:33 2011
New Revision: 1149583

URL: http://svn.apache.org/viewvc?rev=1149583&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=41498
Add info for allRolesMode

Modified:
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
    tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1149583&r1=1149582&r2=1149583&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Fri Jul 22 12:10:33 2011
@@ -274,6 +274,10 @@
   <subsection name="Webapps">
     <changelog>
       <fix>
+        <bug>41498</bug>: Add the allRolesMode attribute to the Realm
+        configuration page in the documentation web application. (markt)
+      </fix>
+      <fix>
         <bug>50804</bug>: Update links for Servlet 2.5 and JSP 2.1 Javadoc.
         (markt)
       </fix>

Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml?rev=1149583&r1=1149582&r2=1149583&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml Fri Jul 22 12:10:33 2011
@@ -107,6 +107,19 @@
 
     <attributes>
 
+      <attribute name="allRolesMode" required="false">
+        <p>This attribute controls how the special role name <code>*</code> is
+        handled when processing authorization constraints in web.xml. By
+        default, the specification compliant value of <code>strict</code> is
+        used which means that the user must be assigned one of the roles defined
+        in web.xml. The alternative values are <code>authOnly</code> which means
+        that the user must be authenticated but no check is made for assigned
+        roles and <code>strictAuthOnly</code> which means that the user must be
+        authenticated and no check will be made for assigned roles unless roles
+        are defined in web.xml in which case the user must be assigned at least
+        one of those roles.</p>
+      </attribute>
+
       <attribute name="connectionName" required="true">
         <p>The database username to use when establishing the JDBC
         connection.</p>
@@ -202,6 +215,19 @@
 
     <attributes>
 
+      <attribute name="allRolesMode" required="false">
+        <p>This attribute controls how the special role name <code>*</code> is
+        handled when processing authorization constraints in web.xml. By
+        default, the specification compliant value of <code>strict</code> is
+        used which means that the user must be assigned one of the roles defined
+        in web.xml. The alternative values are <code>authOnly</code> which means
+        that the user must be authenticated but no check is made for assigned
+        roles and <code>strictAuthOnly</code> which means that the user must be
+        authenticated and no check will be made for assigned roles unless roles
+        are defined in web.xml in which case the user must be assigned at least
+        one of those roles.</p>
+      </attribute>
+
       <attribute name="dataSourceName" required="true">
         <p>The name of the JNDI JDBC DataSource for this Realm.</p>
       </attribute>
@@ -304,6 +330,19 @@
         The default value is "false".</p>
       </attribute>
 
+      <attribute name="allRolesMode" required="false">
+        <p>This attribute controls how the special role name <code>*</code> is
+        handled when processing authorization constraints in web.xml. By
+        default, the specification compliant value of <code>strict</code> is
+        used which means that the user must be assigned one of the roles defined
+        in web.xml. The alternative values are <code>authOnly</code> which means
+        that the user must be authenticated but no check is made for assigned
+        roles and <code>strictAuthOnly</code> which means that the user must be
+        authenticated and no check will be made for assigned roles unless roles
+        are defined in web.xml in which case the user must be assigned at least
+        one of those roles.</p>
+      </attribute>
+
       <attribute name="alternateURL" required="false">
         <p>If a socket connection can not be made to the provider at
         the <code>connectionURL</code> an attempt will be made to use the
@@ -497,6 +536,19 @@
 
     <attributes>
 
+      <attribute name="allRolesMode" required="false">
+        <p>This attribute controls how the special role name <code>*</code> is
+        handled when processing authorization constraints in web.xml. By
+        default, the specification compliant value of <code>strict</code> is
+        used which means that the user must be assigned one of the roles defined
+        in web.xml. The alternative values are <code>authOnly</code> which means
+        that the user must be authenticated but no check is made for assigned
+        roles and <code>strictAuthOnly</code> which means that the user must be
+        authenticated and no check will be made for assigned roles unless roles
+        are defined in web.xml in which case the user must be assigned at least
+        one of those roles.</p>
+      </attribute>
+
       <attribute name="resourceName" required="true">
         <p>The name of the resource that this realm will use for user, password
         and role information.</p>
@@ -526,6 +578,19 @@
 
     <attributes>
 
+      <attribute name="allRolesMode" required="false">
+        <p>This attribute controls how the special role name <code>*</code> is
+        handled when processing authorization constraints in web.xml. By
+        default, the specification compliant value of <code>strict</code> is
+        used which means that the user must be assigned one of the roles defined
+        in web.xml. The alternative values are <code>authOnly</code> which means
+        that the user must be authenticated but no check is made for assigned
+        roles and <code>strictAuthOnly</code> which means that the user must be
+        authenticated and no check will be made for assigned roles unless roles
+        are defined in web.xml in which case the user must be assigned at least
+        one of those roles.</p>
+      </attribute>
+
       <attribute name="digest" required="false">
         <p>The digest algorithm used to store passwords in non-plaintext
         formats. Valid values are those accepted for the algorithm name by the
@@ -593,6 +658,19 @@
 
     <attributes>
 
+      <attribute name="allRolesMode" required="false">
+        <p>This attribute controls how the special role name <code>*</code> is
+        handled when processing authorization constraints in web.xml. By
+        default, the specification compliant value of <code>strict</code> is
+        used which means that the user must be assigned one of the roles defined
+        in web.xml. The alternative values are <code>authOnly</code> which means
+        that the user must be authenticated but no check is made for assigned
+        roles and <code>strictAuthOnly</code> which means that the user must be
+        authenticated and no check will be made for assigned roles unless roles
+        are defined in web.xml in which case the user must be assigned at least
+        one of those roles.</p>
+      </attribute>
+
       <attribute name="appName" required="true">
        <p>The name of the application as configured in your login configuration
        file 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org