resin authenticators
The following are details on the authenticators that can be used with Resin, along with example code to utilize as a starting point for your applications: javadoc <resin:DatabaseAuthenticator>
The DatabaseAuthenticator asks a back-end relational database for the password matching a user's name. It uses the DataSource specified by the configured DataSource. attribute. refers to an existing
<web-app xmlns="http://caucho.com/ns/resin" xmlns:resin="urn:java:com.caucho.resin"> <-- Authentication mechanism --> <resin:BasicLogin/> <-- Role-based authorization --> <resin:Allow url-pattern="/foo/*"> <resin:IfUserInRole role="user"/> </resin:Allow> <-- The authenticator --> <resin:DatabaseAuthenticator'> <resin:data-source>test</resin:data-source> <resin:password-query> SELECT password FROM login WHERE username=? </resin:password-query> <resin:cookie-auth-query> SELECT username FROM LOGIN WHERE cookie=? </resin:cookie-auth-query> <resin:cookie-auth-update> UPDATE LOGIN SET cookie=? WHERE username=? </resin:cookie-auth-update> <resin:role-query> SELECT role FROM LOGIN WHERE username=? </resin:role-query> </resin:DatabaseAuthenticator> </web-app> javadoc <resin:JaasAuthenticator>
The JaasAuthenticator uses a JAAS LoginModule for authentication. A common use of the JaasAuthenticator is to serve as an adapter for the large number of JAAS LoginModule's included in the Sun JDK for authentication purposes. However, the JAAS authenticator can be used with any valid JAAS login module.
<web-app xmlns="http://caucho.com/ns/resin" xmlns:resin="urn:java:com.caucho.resin"> ... <resin:JaasAuthenticator> <resin:login-module>com.sun.security.auth.module.Krb5LoginModule</resin:login-module> <resin:init-param> <debug>true</debug> </resin:init-param> </resin:JaasAuthenticator> ... </web-app> javadoc <resin:LdapAuthenticator>
The LdapAuthenticator uses JNDI to connect to an LDAP (or Active Directory) server for authentication.
<web-app xmlns="http://caucho.com/ns/resin" xmlns:resin="urn:java:com.caucho.resin"> ... <resin:LdapAuthenticator password-digest="none"> <resin:url>ldap://localhost:389</resin:url> <resin:dn-suffix>dc=hogwarts,dc=com</resin:dn-suffix> </resin:LdapAuthenticator> ... </web-app> jndi-env
The following example shows the usage of the <web-app xmlns="http://caucho.com/ns/resin" xmlns:resin="urn:java:com.caucho.resin"> ... <resin:LdapAuthenticator password-digest="none"> <resin:jndi-env java.naming.factory.initial="com.sun.jndi.ldap.LdapCtxFactory"/> <resin:jndi-env java.naming.provider.url="ldap://localhost:389"/> <resin:dn-suffix>dc=hogwarts,dc=com</dn-suffix> </resin:LdapAuthenticator> ... <web-app> javadoc <resin:PropertiesAuthenticator>
The PropertiesAuthenticator allows you to use Java properties to store authentication information. This is very useful for a variety of applications such as very small sites, developement, unit testing or integration testing. You can either specify properties in-line in XML or via an external properties file.
The following is an example of in-lining properties with the authenticator. This is useful for extremely simple web-sites maintained by developers as well as testing. <web-app xmlns="http://caucho.com/ns/resin" xmlns:resin="urn:java:com.caucho.resin"> ... <resin:PropertiesAuthenticator password-digest="none"> harry=quidditch,user,admin draco=mudblood,disabled,user </resin:PropertiesAuthenticator> ... </web-app> Alternatively, external properties files can be used as in the example below. This is useful for a simple site where authentication may be managed by administrators or non-technical users. <web-app xmlns="http://caucho.com/ns/resin" xmlns:resin="urn:java:com.caucho.resin" ... <resin:PropertiesAuthenticator path="WEB-INF/users.properties"/> ... </web-app> harry=/Tj/54ylCloUeMi2YQIVCQ===,user,admin As the example indicates, the properties file includes the user as property name while the value is the password (that may be hashed as in the example or may be in plain-text) and any roles that are assigned to the user separated by commas. The password and role values are also separated by a comma. javadoc <resin:XmlAuthenticator>
In a similar vein to the properties authenticator, the XML authenticator allows you to store authentication information in XML - either in-line or in an external file. This authenticator has some of the same use-cases as the properties file authenticator, in a slight more human readable form, especially for a non-technical user.
The following example uses in-line XML for authentication. When configuring the XmlAuthenticator in resin.xml (or resin-web.xml), each adds a new configured user. The user value contains the username, password, and the roles for the user.<web-app xmlns="http://caucho.com/ns/resin" xmlns:resin="urn:java:com.caucho.resin"> ... <resin:XmlAuthenticator password-digest="none"> <resin:user name="Harry Potter" password="quidditch" group="user,gryffindor"/> <resin:user name="Draco Malfoy" password="pureblood" group="user,slytherin"/> </resin:XmlAuthenticator> ... </web-app> This example shows how to use an external XML file for authentication: <web-app xmlns="http://caucho.com/ns/resin"> ... <resin:XmlAuthenticator path="WEB-INF/users.xml"/> ... </web-app> <users> <user name="harry password="/Tj/54ylCloUeMi2YQIVCQ===" roles="user,admin"/> <users> While this case is rare, it may sometimes be useful to create your own Resin custom authenticator (for example to use a legacy resource as an authentication store). The Resin security framework provides an abtract base class (com.caucho.security.AbstractAuthenticator) that you can extend to do this. The following is a simple example that you can use a starting point for your application: <web-app xmlns="http://caucho.com/ns/resin" xmlns:foo="urn:java:com.caucho.foo"> ... <foo:MyAuthenticator> <foo:foo>bar</foo:foo> </foo:MyAuthenticator> ... </web-app> package com.foo; import com.caucho.security.AbstractAuthenticator; import com.caucho.security.PasswordUser; public class MyAuthenticator extends AbstractAuthenticator { private PasswordUser _user; public MyAuthenticator() { _user = new PasswordUser("harry", "quidditch", new String[] { "user" }); } public PasswordUser getUser(String userName) { if (userName.equals(_user.getName())) return _user; else return null; } }
|