Author: markt
Date: Fri Jun 24 09:29:11 2016
New Revision: 1750056
URL: http://svn.apache.org/viewvc?rev=1750056&view=rev
Log:
Follow-up to BZ 59399. Document NullRealm and transportGuaranteeRedirectStatus
for all Realms.
Modified:
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/realm.xml
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1750056&r1=1750055&r2=1750056&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Jun 24 09:29:11 2016
@@ -134,6 +134,12 @@
Manager and HostManager applications now have a
<code>RemoteAddrValve</code> configured by default. (markt)
</fix>
+ <fix>
+ Follow-up to the fix for <bug>59399</bug>. Ensure that the new
attribute
+ <code>transportGuaranteeRedirectStatus</code> is documented for all
+ <strong>Realm</strong>s. Also document the <code>NullRealm</code> and
+ when it is automatically created for an <strong>Engine</strong>.
(markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Tribes">
Modified: tomcat/trunk/webapps/docs/config/realm.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/realm.xml?rev=1750056&r1=1750055&r2=1750056&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/realm.xml (original)
+++ tomcat/trunk/webapps/docs/config/realm.xml Fri Jun 24 09:29:11 2016
@@ -49,8 +49,9 @@
this one Realm may itself contain multiple nested Realms). In addition, the
Realm associated with an Engine or a Host is automatically inherited by
lower-level containers unless the lower level container explicitly defines
its
- own Realm.
- </p>
+ own Realm. If no Realm is configured for the Engine, an instance of the
+ <a href="#Null_Realm_-_org.apache.catalina.realm.NullRealm">Null Realm</a>
+ will be configured for the Engine automatically.</p>
<p>For more in-depth information about container managed security in web
applications, as well as more information on configuring and using the
@@ -161,7 +162,7 @@
<attribute name="transportGuaranteeRedirectStatus" required="false">
<p>The HTTP status code to use when the container needs to issue an
HTTP
redirect to meet the requirements of a configured transport
- guarantee. The prpvoded status code is not validated. If not
+ guarantee. The provided status code is not validated. If not
specified, the default value of <code>302</code> is used.</p>
</attribute>
@@ -272,6 +273,13 @@
a rare case when it can be omitted.</p>
</attribute>
+ <attribute name="transportGuaranteeRedirectStatus" required="false">
+ <p>The HTTP status code to use when the container needs to issue an
HTTP
+ redirect to meet the requirements of a configured transport
+ guarantee. The provided status code is not validated. If not
+ specified, the default value of <code>302</code> is used.</p>
+ </attribute>
+
<attribute name="stripRealmForGss" required="false">
<p>When processing users authenticated via the GSS-API, this attribute
controls if any "@..." is removed from the end of the user
@@ -592,6 +600,13 @@
limit.</p>
</attribute>
+ <attribute name="transportGuaranteeRedirectStatus" required="false">
+ <p>The HTTP status code to use when the container needs to issue an
HTTP
+ redirect to meet the requirements of a configured transport
+ guarantee. The provided status code is not validated. If not
+ specified, the default value of <code>302</code> is used.</p>
+ </attribute>
+
<attribute name="useDelegatedCredential" required="false">
<p>When the JNDIRealm is used with the SPNEGO authenticator, delegated
credentials for the user may be available. If such credentials are
@@ -736,6 +751,13 @@
that this realm will use for user, password and role information.</p>
</attribute>
+ <attribute name="transportGuaranteeRedirectStatus" required="false">
+ <p>The HTTP status code to use when the container needs to issue an
HTTP
+ redirect to meet the requirements of a configured transport
+ guarantee. The provided status code is not validated. If not
+ specified, the default value of <code>302</code> is used.</p>
+ </attribute>
+
<attribute name="X509UsernameRetrieverClassName" required="false">
<p>When using X509 client certificates, this specifies the class name
that will be used to retrieve the user name from the certificate.
@@ -797,6 +819,13 @@
name. If not specified, the default is <code>true</code>.</p>
</attribute>
+ <attribute name="transportGuaranteeRedirectStatus" required="false">
+ <p>The HTTP status code to use when the container needs to issue an
HTTP
+ redirect to meet the requirements of a configured transport
+ guarantee. The provided status code is not validated. If not
+ specified, the default value of <code>302</code> is used.</p>
+ </attribute>
+
<attribute name="X509UsernameRetrieverClassName" required="false">
<p>When using X509 client certificates, this specifies the class name
that will be used to retrieve the user name from the certificate.
@@ -906,6 +935,13 @@
name. If not specified, the default is <code>true</code>.</p>
</attribute>
+ <attribute name="transportGuaranteeRedirectStatus" required="false">
+ <p>The HTTP status code to use when the container needs to issue an
HTTP
+ redirect to meet the requirements of a configured transport
+ guarantee. The provided status code is not validated. If not
+ specified, the default value of <code>302</code> is used.</p>
+ </attribute>
+
<attribute name="useContextClassLoader" required="false">
<p>Instructs JAASRealm to use the context class loader for loading the
user-specified <code>LoginModule</code> class and associated
@@ -971,6 +1007,13 @@
one of those roles.</p>
</attribute>
+ <attribute name="transportGuaranteeRedirectStatus" required="false">
+ <p>The HTTP status code to use when the container needs to issue an
HTTP
+ redirect to meet the requirements of a configured transport
+ guarantee. The provided status code is not validated. If not
+ specified, the default value of <code>302</code> is used.</p>
+ </attribute>
+
</attributes>
</subsection>
@@ -1041,6 +1084,13 @@
will also not reset the lock out time.</p>
</attribute>
+ <attribute name="transportGuaranteeRedirectStatus" required="false">
+ <p>The HTTP status code to use when the container needs to issue an
HTTP
+ redirect to meet the requirements of a configured transport
+ guarantee. The provided status code is not validated. If not
+ specified, the default value of <code>302</code> is used.</p>
+ </attribute>
+
</attributes>
<p>See the <a href="../realm-howto.html">Container-Managed Security
@@ -1049,6 +1099,30 @@
</subsection>
+ <subsection name="Null Realm - org.apache.catalina.realm.NullRealm">
+
+ <p><strong>NullRealm</strong> is a minimal implementation of the Tomcat
+ <code>Realm</code> interface that always returns null when an attempt is
+ made to validate a user name and associated credentials. It is intended to
+ be used as a default Realm implementation when no other Realm is
+ specified.</p>
+
+ <p>The NullRealm implementation supports the following additional
+ attributes.</p>
+
+ <attributes>
+
+ <attribute name="transportGuaranteeRedirectStatus" required="false">
+ <p>The HTTP status code to use when the container needs to issue an
HTTP
+ redirect to meet the requirements of a configured transport
+ guarantee. The provided status code is not validated. If not
+ specified, the default value of <code>302</code> is used.</p>
+ </attribute>
+
+ </attributes>
+
+ </subsection>
+
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
