Author: markt
Date: Mon Mar 21 17:46:38 2011
New Revision: 1083879
URL: http://svn.apache.org/viewvc?rev=1083879&view=rev
Log:
Further additions to mbeans and docs for authentication valves
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/mbeans-descriptors.xml
tomcat/trunk/webapps/docs/config/valve.xml
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/mbeans-descriptors.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/mbeans-descriptors.xml?rev=1083879&r1=1083878&r2=1083879&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/mbeans-descriptors.xml
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/mbeans-descriptors.xml
Mon Mar 21 17:46:38 2011
@@ -23,15 +23,31 @@
group="Valve"
type="org.apache.catalina.authenticator.BasicAuthenticator">
+ <attribute name="alwaysUseSession"
+ description="Should a session always be used once a user is
authenticated?"
+ type="boolean"/>
+
<attribute name="cache"
description="Should we cache authenticated Principals if the
request is part of an HTTP session?"
type="boolean"/>
+ <attribute name="changeSessionIdOnAuthentication"
+ description="Controls if the session ID is changed if a session
exists at the point where users are authenticated"
+ type="boolean"/>
+
<attribute name="className"
description="Fully qualified class name of the managed object"
type="java.lang.String"
writeable="false"/>
+ <attribute name="disableProxyCaching"
+ description="Controls the caching of pages that are protected
by security constraints"
+ type="boolean"/>
+
+ <attribute name="securePagesWithPragma"
+ description="Controls the caching of pages that are protected
by security constraints"
+ type="boolean"/>
+
<attribute name="secureRandomAlgorithm"
description="The name of the algorithm to use for SSO session
ID generation"
type="java.lang.String"/>
@@ -57,15 +73,31 @@
group="Valve"
type="org.apache.catalina.authenticator.DigestAuthenticator">
+ <attribute name="alwaysUseSession"
+ description="Should a session always be used once a user is
authenticated?"
+ type="boolean"/>
+
<attribute name="cache"
description="Should we cache authenticated Principals if the
request is part of an HTTP session?"
type="boolean"/>
+ <attribute name="changeSessionIdOnAuthentication"
+ description="Controls if the session ID is changed if a session
exists at the point where users are authenticated"
+ type="boolean"/>
+
<attribute name="className"
description="Fully qualified class name of the managed object"
type="java.lang.String"
writeable="false"/>
+ <attribute name="disableProxyCaching"
+ description="Controls the caching of pages that are protected
by security constraints"
+ type="boolean"/>
+
+ <attribute name="securePagesWithPragma"
+ description="Controls the caching of pages that are protected
by security constraints"
+ type="boolean"/>
+
<attribute name="secureRandomAlgorithm"
description="The name of the algorithm to use for SSO session
ID generation"
type="java.lang.String"/>
@@ -90,15 +122,31 @@
group="Valve"
type="org.apache.catalina.authenticator.FormAuthenticator">
- <attribute name="cache"
- description="Should we cache authenticated Principals if the
request is part of an HTTP session?"
+ <attribute name="changeSessionIdOnAuthentication"
+ description="Controls if the session ID is changed if a session
exists at the point where users are authenticated"
type="boolean"/>
+ <attribute name="characterEncoding"
+ description="Character encoding to use to read the username and
password parameters from the request"
+ type="java.lang.String"/>
+
<attribute name="className"
description="Fully qualified class name of the managed object"
type="java.lang.String"
writeable="false"/>
+ <attribute name="disableProxyCaching"
+ description="Controls the caching of pages that are protected
by security constraints"
+ type="boolean"/>
+
+ <attribute name="landingPage"
+ description="Controls the behavior of the FORM authentication
process if the process is misused, for example by directly requesting the login
page or delaying logging in for so long that the session expires"
+ type="java.lang.String"/>
+
+ <attribute name="securePagesWithPragma"
+ description="Controls the caching of pages that are protected
by security constraints"
+ type="boolean"/>
+
<attribute name="secureRandomAlgorithm"
description="The name of the algorithm to use for SSO session
ID generation"
type="java.lang.String"/>
@@ -127,11 +175,23 @@
description="Should we cache authenticated Principals if the
request is part of an HTTP session?"
type="boolean"/>
+ <attribute name="changeSessionIdOnAuthentication"
+ description="Controls if the session ID is changed if a session
exists at the point where users are authenticated"
+ type="boolean"/>
+
<attribute name="className"
description="Fully qualified class name of the managed object"
type="java.lang.String"
writeable="false"/>
+ <attribute name="disableProxyCaching"
+ description="Controls the caching of pages that are protected
by security constraints"
+ type="boolean"/>
+
+ <attribute name="securePagesWithPragma"
+ description="Controls the caching of pages that are protected
by security constraints"
+ type="boolean"/>
+
<attribute name="stateName"
description="The name of the LifecycleState that this component
is currently in"
type="java.lang.String"
@@ -175,11 +235,23 @@
description="Should we cache authenticated Principals if the
request is part of an HTTP session?"
type="boolean"/>
+ <attribute name="changeSessionIdOnAuthentication"
+ description="Controls if the session ID is changed if a session
exists at the point where users are authenticated"
+ type="boolean"/>
+
<attribute name="className"
description="Fully qualified class name of the managed object"
type="java.lang.String"
writeable="false"/>
+ <attribute name="disableProxyCaching"
+ description="Controls the caching of pages that are protected
by security constraints"
+ type="boolean"/>
+
+ <attribute name="securePagesWithPragma"
+ description="Controls the caching of pages that are protected
by security constraints"
+ type="boolean"/>
+
<attribute name="secureRandomAlgorithm"
description="The name of the algorithm to use for SSO session
ID generation"
type="java.lang.String"/>
Modified: tomcat/trunk/webapps/docs/config/valve.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/valve.xml?rev=1083879&r1=1083878&r2=1083879&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/valve.xml (original)
+++ tomcat/trunk/webapps/docs/config/valve.xml Mon Mar 21 17:46:38 2011
@@ -417,11 +417,6 @@
<attributes>
- <attribute name="className" required="true">
- <p>Java class name of the implementation to use. This MUST be set to
-
<strong>org.apache.catalina.authenticator.BasicAuthenticator</strong>.</p>
- </attribute>
-
<attribute name="alwaysUseSession" required="false">
<p>Should a session always be used once a user is authenticated? This
may offer some performance benefits since the session can then be used
@@ -433,6 +428,12 @@
default value of <code>false</code> will be used.</p>
</attribute>
+ <attribute name="cache" required="false">
+ <p>Should we cache authenticated Principals if the request is part of
an
+ HTTP session? If not specified, the default value of <code>true</code>
+ will be used.</p>
+ </attribute>
+
<attribute name="changeSessionIdOnAuthentication" required="false">
<p>Controls if the session ID is changed if a session exists at the
point where users are authenticated. This is to prevent session
fixation
@@ -440,6 +441,11 @@
used.</p>
</attribute>
+ <attribute name="className" required="true">
+ <p>Java class name of the implementation to use. This MUST be set to
+
<strong>org.apache.catalina.authenticator.BasicAuthenticator</strong>.</p>
+ </attribute>
+
<attribute name="disableProxyCaching" required="false">
<p>Controls the caching of pages that are protected by security
constraints. Setting this to <code>false</code> may help work around
@@ -459,6 +465,18 @@
If not set, the default value of <code>true</code> will be used.</p>
</attribute>
+ <attribute name="secureRandomAlgorithm" required="false">
+ <p>Name of the algorithm to use to create the
+ <code>java.security.SecureRandom</code> instances that generate session
+ IDs. If an invalid algorithm and/or provider is specified, the platform
+ default provider and the default algorithm will be used. If not
+ specified, the default algorithm of SHA1PRNG will be used. If the
+ default algorithm is not supported, the platform default will be used.
+ To specify that the platform default should be used, do not set the
+ secureRandomProvider attribute and set this attribute to the empty
+ string.</p>
+ </attribute>
+
<attribute name="secureRandomClass" required="false">
<p>Name of the Java class that extends
<code>java.security.SecureRandom</code> to use to generate SSO session
@@ -474,18 +492,6 @@
specified, the platform default provider will be used.</p>
</attribute>
- <attribute name="secureRandomAlgorithm" required="false">
- <p>Name of the algorithm to use to create the
- <code>java.security.SecureRandom</code> instances that generate session
- IDs. If an invalid algorithm and/or provider is specified, the platform
- default provider and the default algorithm will be used. If not
- specified, the default algorithm of SHA1PRNG will be used. If the
- default algorithm is not supported, the platform default will be used.
- To specify that the platform default should be used, do not set the
- secureRandomProvider attribute and set this attribute to the empty
- string.</p>
- </attribute>
-
</attributes>
</subsection>
@@ -514,9 +520,21 @@
<attributes>
- <attribute name="className" required="true">
- <p>Java class name of the implementation to use. This MUST be set to
-
<strong>org.apache.catalina.authenticator.DigestAuthenticator</strong>.</p>
+ <attribute name="alwaysUseSession" required="false">
+ <p>Should a session always be used once a user is authenticated? This
+ may offer some performance benefits since the session can then be used
+ to cache the authenticated Principal, hence removing the need to
+ authenticate the user via the Realm on every request. This may be of
+ help for combinations such as BASIC authentication used with the
+ JNDIRealm or DataSourceRealms. However there will also be the
+ performance cost of creating and GC'ing the session. If not set, the
+ default value of <code>false</code> will be used.</p>
+ </attribute>
+
+ <attribute name="cache" required="false">
+ <p>Should we cache authenticated Principals if the request is part of
an
+ HTTP session? If not specified, the default value of <code>true</code>
+ will be used.</p>
</attribute>
<attribute name="changeSessionIdOnAuthentication" required="false">
@@ -526,6 +544,11 @@
used.</p>
</attribute>
+ <attribute name="className" required="true">
+ <p>Java class name of the implementation to use. This MUST be set to
+
<strong>org.apache.catalina.authenticator.DigestAuthenticator</strong>.</p>
+ </attribute>
+
<attribute name="disableProxyCaching" required="false">
<p>Controls the caching of pages that are protected by security
constraints. Setting this to <code>false</code> may help work around
@@ -545,6 +568,18 @@
If not set, the default value of <code>true</code> will be used.</p>
</attribute>
+ <attribute name="secureRandomAlgorithm" required="false">
+ <p>Name of the algorithm to use to create the
+ <code>java.security.SecureRandom</code> instances that generate session
+ IDs. If an invalid algorithm and/or provider is specified, the platform
+ default provider and the default algorithm will be used. If not
+ specified, the default algorithm of SHA1PRNG will be used. If the
+ default algorithm is not supported, the platform default will be used.
+ To specify that the platform default should be used, do not set the
+ secureRandomProvider attribute and set this attribute to the empty
+ string.</p>
+ </attribute>
+
<attribute name="secureRandomClass" required="false">
<p>Name of the Java class that extends
<code>java.security.SecureRandom</code> to use to generate SSO session
@@ -560,18 +595,6 @@
specified, the platform default provider will be used.</p>
</attribute>
- <attribute name="secureRandomAlgorithm" required="false">
- <p>Name of the algorithm to use to create the
- <code>java.security.SecureRandom</code> instances that generate session
- IDs. If an invalid algorithm and/or provider is specified, the platform
- default provider and the default algorithm will be used. If not
- specified, the default algorithm of SHA1PRNG will be used. If the
- default algorithm is not supported, the platform default will be used.
- To specify that the platform default should be used, do not set the
- secureRandomProvider attribute and set this attribute to the empty
- string.</p>
- </attribute>
-
</attributes>
</subsection>
@@ -600,11 +623,6 @@
<attributes>
- <attribute name="className" required="true">
- <p>Java class name of the implementation to use. This MUST be set to
-
<strong>org.apache.catalina.authenticator.FormAuthenticator</strong>.</p>
- </attribute>
-
<attribute name="changeSessionIdOnAuthentication" required="false">
<p>Controls if the session ID is changed if a session exists at the
point where users are authenticated. This is to prevent session
fixation
@@ -618,6 +636,11 @@
used.</p>
</attribute>
+ <attribute name="className" required="true">
+ <p>Java class name of the implementation to use. This MUST be set to
+
<strong>org.apache.catalina.authenticator.FormAuthenticator</strong>.</p>
+ </attribute>
+
<attribute name="disableProxyCaching" required="false">
<p>Controls the caching of pages that are protected by security
constraints. Setting this to <code>false</code> may help work around
@@ -650,6 +673,18 @@
If not set, the default value of <code>true</code> will be used.</p>
</attribute>
+ <attribute name="secureRandomAlgorithm" required="false">
+ <p>Name of the algorithm to use to create the
+ <code>java.security.SecureRandom</code> instances that generate session
+ IDs. If an invalid algorithm and/or provider is specified, the platform
+ default provider and the default algorithm will be used. If not
+ specified, the default algorithm of SHA1PRNG will be used. If the
+ default algorithm is not supported, the platform default will be used.
+ To specify that the platform default should be used, do not set the
+ secureRandomProvider attribute and set this attribute to the empty
+ string.</p>
+ </attribute>
+
<attribute name="secureRandomClass" required="false">
<p>Name of the Java class that extends
<code>java.security.SecureRandom</code> to use to generate SSO session
@@ -665,18 +700,6 @@
specified, the platform default provider will be used.</p>
</attribute>
- <attribute name="secureRandomAlgorithm" required="false">
- <p>Name of the algorithm to use to create the
- <code>java.security.SecureRandom</code> instances that generate session
- IDs. If an invalid algorithm and/or provider is specified, the platform
- default provider and the default algorithm will be used. If not
- specified, the default algorithm of SHA1PRNG will be used. If the
- default algorithm is not supported, the platform default will be used.
- To specify that the platform default should be used, do not set the
- secureRandomProvider attribute and set this attribute to the empty
- string.</p>
- </attribute>
-
</attributes>
</subsection>
@@ -705,6 +728,12 @@
<attributes>
+ <attribute name="cache" required="false">
+ <p>Should we cache authenticated Principals if the request is part of
an
+ HTTP session? If not specified, the default value of <code>true</code>
+ will be used.</p>
+ </attribute>
+
<attribute name="className" required="true">
<p>Java class name of the implementation to use. This MUST be set to
<strong>org.apache.catalina.authenticator.SSLAuthenticator</strong>.</p>
@@ -736,6 +765,18 @@
If not set, the default value of <code>true</code> will be used.</p>
</attribute>
+ <attribute name="secureRandomAlgorithm" required="false">
+ <p>Name of the algorithm to use to create the
+ <code>java.security.SecureRandom</code> instances that generate session
+ IDs. If an invalid algorithm and/or provider is specified, the platform
+ default provider and the default algorithm will be used. If not
+ specified, the default algorithm of SHA1PRNG will be used. If the
+ default algorithm is not supported, the platform default will be used.
+ To specify that the platform default should be used, do not set the
+ secureRandomProvider attribute and set this attribute to the empty
+ string.</p>
+ </attribute>
+
<attribute name="secureRandomClass" required="false">
<p>Name of the Java class that extends
<code>java.security.SecureRandom</code> to use to generate SSO session
@@ -751,18 +792,6 @@
specified, the platform default provider will be used.</p>
</attribute>
- <attribute name="secureRandomAlgorithm" required="false">
- <p>Name of the algorithm to use to create the
- <code>java.security.SecureRandom</code> instances that generate session
- IDs. If an invalid algorithm and/or provider is specified, the platform
- default provider and the default algorithm will be used. If not
- specified, the default algorithm of SHA1PRNG will be used. If the
- default algorithm is not supported, the platform default will be used.
- To specify that the platform default should be used, do not set the
- secureRandomProvider attribute and set this attribute to the empty
- string.</p>
- </attribute>
-
</attributes>
</subsection>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
