Mark, On 3/18/15 9:31 AM, ma...@apache.org wrote: > Author: markt > Date: Wed Mar 18 13:31:00 2015 > New Revision: 1667546 > > URL: http://svn.apache.org/r1667546 > Log: > Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57708 > Implement a new feature for AJP connectors - Tomcat Authorization > If configured (it is disabled by default) Tomcat will take an authenticated > user name from the AJP protocol and use the appropriate Realm for the request > to authorize (i.e. add roles) to that user. > > Modified: > tomcat/trunk/java/org/apache/catalina/Realm.java > tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java > > tomcat/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java > > tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java > tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java > > tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties > > tomcat/trunk/java/org/apache/catalina/authenticator/NonLoginAuthenticator.java > tomcat/trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java > > tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java > tomcat/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java > tomcat/trunk/java/org/apache/catalina/connector/LocalStrings.properties > tomcat/trunk/java/org/apache/catalina/realm/CombinedRealm.java > tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java > tomcat/trunk/java/org/apache/coyote/Request.java > tomcat/trunk/java/org/apache/coyote/ajp/AbstractAjpProtocol.java > tomcat/trunk/java/org/apache/coyote/ajp/AjpProcessor.java > tomcat/trunk/webapps/docs/config/ajp.xml > tomcat/trunk/webapps/docs/security-howto.xml > tomcat/trunk/webapps/docs/windows-auth-howto.xml > > Modified: tomcat/trunk/java/org/apache/catalina/Realm.java > URL: > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/Realm.java?rev=1667546&r1=1667545&r2=1667546&view=diff > ============================================================================== > --- tomcat/trunk/java/org/apache/catalina/Realm.java (original) > +++ tomcat/trunk/java/org/apache/catalina/Realm.java Wed Mar 18 13:31:00 2015 > @@ -76,6 +76,15 @@ public interface Realm { > > > /** > + * Return the Principal associated with the specified username, if there > + * is one; otherwise return <code>null</code>. > + * > + * @param username Username of the Principal to look up > + */ > + public Principal authenticate(String username);
Pretty much by definition, this is not authentication; it's just identification. I'm not -1 on the commit, but the name of this method is not good. -chris
signature.asc
Description: OpenPGP digital signature
