svn commit: r1540375 - in /tomcat/tc7.0.x/trunk: ./ webapps/docs/changelog.xml webapps/docs/config/realm.xml

Sat, 09 Nov 2013 11:35:13 -0800 

Author: markt
Date: Sat Nov  9 19:34:19 2013
New Revision: 1540375

URL: http://svn.apache.org/r1540375
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55746
Add documentation for AllRolesMode for CombinedRealm
Patch by Cédric Couralet

Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
    tomcat/tc7.0.x/trunk/webapps/docs/config/realm.xml

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1540374

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1540375&r1=1540374&r2=1540375&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Sat Nov  9 19:34:19 2013
@@ -200,6 +200,11 @@
         <bug>55703</bug>: Clarify the role of the singleton attribute for JNDI
         resource factories. (markt)
       </fix>
+      <fix>
+        <bug>55746</bug>: Add documentation on the <code>allRolesMode</code> to
+        the <code>CombinedRealm</code> and <code>LockOutRealm</code>. Patch by
+        Cédric Couralet. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Extras">

Modified: tomcat/tc7.0.x/trunk/webapps/docs/config/realm.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/config/realm.xml?rev=1540375&r1=1540374&r2=1540375&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/config/realm.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/config/realm.xml Sat Nov  9 19:34:19 2013
@@ -911,14 +911,30 @@
     will be attempted against each <code>Realm</code> in the order they are
     listed. Authentication against any Realm will be sufficient to authenticate
     the user.</p>
-
-    <p>The CombinedRealm implementation does not support any additional
-    attributes.</p>
-
+    
     <p>See the <a href="../realm-howto.html">Container-Managed Security
     Guide</a> for more information on setting up container managed security
     using the CombinedRealm component.</p>
 
+    <p>The CombinedRealm implementation supports the following additional
+    attributes.</p>
+    
+    <attributes>
+
+      <attribute name="allRolesMode" required="false">
+        <p>This attribute controls how the special role name <code>*</code> is
+        handled when processing authorization constraints in web.xml. By
+        default, the specification compliant value of <code>strict</code> is
+        used which means that the user must be assigned one of the roles 
defined
+        in web.xml. The alternative values are <code>authOnly</code> which 
means
+        that the user must be authenticated but no check is made for assigned
+        roles and <code>strictAuthOnly</code> which means that the user must be
+        authenticated and no check will be made for assigned roles unless roles
+        are defined in web.xml in which case the user must be assigned at least
+        one of those roles.</p>
+      </attribute>
+     
+    </attributes>
   </subsection>
 
 
@@ -949,7 +965,19 @@
     attributes.</p>
 
     <attributes>
-
+       <attribute name="allRolesMode" required="false">
+        <p>This attribute controls how the special role name <code>*</code> is
+        handled when processing authorization constraints in web.xml. By
+        default, the specification compliant value of <code>strict</code> is
+        used which means that the user must be assigned one of the roles 
defined
+        in web.xml. The alternative values are <code>authOnly</code> which 
means
+        that the user must be authenticated but no check is made for assigned
+        roles and <code>strictAuthOnly</code> which means that the user must be
+        authenticated and no check will be made for assigned roles unless roles
+        are defined in web.xml in which case the user must be assigned at least
+        one of those roles.</p>
+      </attribute>
+      
       <attribute name="cacheRemovalWarningTime" required="false">
        <p>If a failed user is removed from the cache because the cache is too
        big before it has been in the cache for at least this period of time (in



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to