Authentication Configuration
|
<http-server>
<!-- Resin DBPool for the JdbcAuthenticator -->
<db-pool id="my-db-pool"
driver="org.gjt.mm.mysql.Driver"
url="jdbc:mysql://localhost:3306/test"
user=""
password=""/>
<login-config auth-method='form'>
<form-login-config>
<form-login-page='/login.html'/>
<form-error-page='/error.html'/>
</form-login-config>
<!-- Resin-specific JdbcAuthenticator -->
<authenticator id='com.caucho.server.http.JdbcAuthenticator'>
<password-query>
SELECT password FROM LOGIN WHERE username=?
</password-query>
</authenticator>
</login-config>
</http-server>
|
Selects the authentication method.
basic |
HTTP Basic authentication
|
form |
Form-based authentication
|
Configures authentication for forms. The login form has
specific parameters that the servlet engine's login form processing
understands. If the login succeeds, the user will see the original
page. If it fails, she will see the error page.
form-login-page |
The page to be used to prompt the user login
|
form-error-page |
The error page for unsuccessful login
|
The form itself must have the action j_security_check. It
must also have the parameters j_username and j_password.
Optionally, it can also have j_uri and
j_use_cookie_auth. j_uri gives the next page to display
when login succeeds. j_use_cookie_auth allows Resin to send a
persistent cookie to the user to make following login easier.
j_security_check |
The form's mandatory action
|
j_username |
The user name
|
j_password |
The password
|
j_uri |
Optional Resin extension for the successful display page.
|
j_use_cookie_auth |
Optional Resin extension to allow cookie login.
|
The following is an example of a servlet-standard login page:
<form action='j_security_check' method='POST'>
<table>
<tr><td>User:<td><input name='j_username'>
<tr><td>Password:<td><input name='j_password'>
<tr><td colspan=2>hint: the password is 'quidditch'
<tr><td><input type=submit>
</table>
</form>
|
Specifies a class to authenticate users. This Resin-specific
option lets you control your authentication. You can either create your
own custom authenticator, or use Resin's JdbcAuthenticator.
The JdbcAuthenticator (com.caucho.server.http.JdbcAuthenticator),
asks a backend database for the password matching the user's name.
It uses the DBPool specified by the db-pool option, or
caucho.db-pool by default. db-pool refers to an
application attribute with the given name or to a global
dbpool.sql.
The following are the attributes for the JdbcAuthenticator:
db-pool |
The database pool. Looks in the application
attributes first, then in the global database pools.
|
password-query |
A SQL query to get the user's password. The
default query is given below.
|
cookie-auth-query |
A SQL query to authenticate the user by a
persistent cookie.
|
cookie-auth-update |
A SQL update to match
a persistent cookie to a user.
|
role-query |
A SQL query to determine the user's role. By
default, all users are in role "user", but no others.
|
<!-- Resin-specific JdbcAuthenticator -->
<authenticator id='com.caucho.server.http.JdbcAuthenticator'>
<db-pool>test</db-pool>
<password-query>
SELECT password FROM LOGIN WHERE username=?
</password-query>
<cookie-auth-query>
SELECT username FROM LOGIN WHERE cookie=?
</cookie-auth-query>
<cookie-update-query>
UPDATE LOGIN SET cookie=? WHERE username=?
</cookie-update-query>
<role-query>
SELECT role FROM LOGIN WHERE username=?
</role-query>
</authenticator>
|
Selects protected areas of the web site. Sites using
authentication as an optional personalization feature will typically
not use any security constraints.
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint role-name='user'>
</security-constraint>
|
security-constraint/web-resource-collection
|
Specifies a collection os areas of the web site.
url-pattern |
url patterns describing the resource
|
method |
HTTP methods to be restricted.
|
security-constraint/auth-constraint
|
Requires that authenticated users fill the specified role.
In Resin's JdbcAuthenticator, normal users are in the "user" role.
Think of a role as a group of users.
role-name |
Roles which are allowed to access the resource.
|
security-constraint/user-data-constraint
|
Restricts access to secure transports, i.e. SSL
transport-guarantee |
Required transport properties. NONE,
INTEGRAL, and CONFIDENTIAL are allowed values.
|
Copyright © 1998-2000 Caucho Technology. All rights reserved.
Last modified: Thu, 02 Mar 2000 11:58:26 -0800 (PST)
|