This package contains Authenticator implementations for the
various supported authentication methods (BASIC, DIGEST, and FORM). In
addition, there is a convenience base class,
AuthenticatorBase , for customized Authenticator
implementations.
If you are using the standard context configuration class
(org.apache.catalina.startup.ContextConfig ) to configure the
Authenticator associated with a particular context, you can register the Java
class to be used for each possible authentication method by modifying the
following Properties file:
src/share/org/apache/catalina/startup/Authenticators.properties
Each of the standard implementations extends a common base class
(AuthenticatorBase ), which is configured by setting the
following JavaBeans properties (with default values in square brackets):
- cache - Should we cache authenticated Principals (thus avoiding
per-request lookups in our underyling
Realm ) if this request
is part of an HTTP session? [true]
- debug - Debugging detail level for this component. [0]
The standard authentication methods that are currently provided include:
- BasicAuthenticator - Implements HTTP BASIC authentication, as
described in RFC 2617.
- DigestAuthenticator - Implements HTTP DIGEST authentication, as
described in RFC 2617.
- FormAuthenticator - Implements FORM-BASED authentication, as
described in the Servlet API Specification, version 2.2.
|
SavedRequest.java | Class | Object that saves the critical information from a request so that
form-based authentication can reproduce it once the user has been
authenticated.
IMPLEMENTATION NOTE - It is assumed that this object is accessed
only from the context of a single thread, so no synchronization around
internal collection classes is performed.
FIXME - Currently, this object has no mechanism to save or
restore the data content of the request, although it does save
request parameters so that a POST transaction can be faithfully
duplicated.
author: Craig R. |