xdocs/authenticators.xml - turbine-fulcrum-security - Git at Google

 <?xml version="1.0"?>
 <!--
  Licensed to the Apache Software Foundation (ASF) under one
  or more contributor license agreements.  See the NOTICE file
  distributed with this work for additional information
  regarding copyright ownership.  The ASF licenses this file
  to you under the Apache License, Version 2.0 (the
  "License"); you may not use this file except in compliance
  with the License.  You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing,
  software distributed under the License is distributed on an
  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  KIND, either express or implied.  See the License for the
  specific language governing permissions and limitations
  under the License.
 -->

 <document>

   <properties>
     <title>Authenticator Component</title>
     <author email="epugh@upstate.com">Eric PUgh</author>
   </properties>

   <body>

   <section name="Overview">
     <p>
       The security system has the concept of pluggable authenticators.  For instance,
       you may keep your user information in the database, but you want to authenticate
       against NT.  Or you keep your passwords in the database, but you have different
       encryptions schemes.  Via the component config file you can specify what authenticator
       to use.
     </p>
     <subsection name="NoOpAuthenticator">
       <p>
       Always returns true, regardless of what is passed in.
       </p>
     </subsection>
     <subsection name="TextMatchAuthenticator">
       <p>
       Does a plain text match of the passwords.  Case does matter.
       </p>
     </subsection>
     <subsection name="NTAuthenticator">
       <p>
       Attempts to authenticate the user against an NT domain.  The
 	  username must look like CVILLE\epugh.  You will need to configure your
 	  system to use the tagish library.
       </p>
 	<p>
 	http://www.mooreds.com/jaas.html
 	<br/>
 	http://free.tagish.net/jaas/doc.html
 	<br/>
 	http://www.raibledesigns.com/page/rd/20030217
 	<br/>
 	This application uses a small DLL to provide security.  Put the NTSecurity.dll in your JAVA_HOME/jre/bin directory.
 	This provides the JNI interface to NT used by JAAS.
 	<br/>
 	Then put the tagish.login fil in the ${java.home}/jre/lib/security/ directory.  This tells the Tagish
 	code what classes to load for security.
 	<br/>
 	Lastly, you must edit the ${java.home}/jre/lib/security/java.security file and add this line:
 	<source>
 	login.config.url.1=file:${java.home}/lib/security/tagish.login
 	</source>
 	This tells the java security policy how to find the tagish information.

 	</p>
 	<p>
 	<!--The last thing is to put the file jaas.jar in your tomcat server/lib/ directory so the JAAS realm can function.-->
 	</p>
     </subsection>
     <subsection name="CryptoAuthenticator">
       <p>
       Uses the fulcrum crypto service to check the password
 	  against the encrypted one.  You can specify the algorithm and cipher to use.
       </p>
       <p>
       Using the combined format looks like this:
       </p>
 <source>

 <![CDATA[
   <component
     role="org.apache.fulcrum.security.authenticator.Authenticator"
     class="org.apache.fulcrum.security.authenticator.CryptoAuthenticator">
       <algorithm>java</algorithm>
       <cipher>SHA1</cipher>
   </component>

   <component
     role="org.apache.fulcrum.crypto.CryptoService"
     class="org.apache.fulcrum.crypto.DefaultCryptoService">
  	<algorithm>
       <unix>org.apache.fulcrum.crypto.provider.UnixCrypt</unix>
       <clear>org.apache.fulcrum.crypto.provider.ClearCrypt</clear>
       <java>org.apache.fulcrum.crypto.provider.JavaCrypt</java>
       <oldjava>org.apache.fulcrum.crypto.provider.OldJavaCrypt</oldjava>
     </algorithm>
   </component>
 ]]>
 </source>
     </subsection>

   </section>
 </body>
 </document>
	<?xml version="1.0"?>
	<!--
	Licensed to the Apache Software Foundation (ASF) under one
	or more contributor license agreements. See the NOTICE file
	distributed with this work for additional information
	regarding copyright ownership. The ASF licenses this file
	to you under the Apache License, Version 2.0 (the
	"License"); you may not use this file except in compliance
	with the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing,
	software distributed under the License is distributed on an
	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	KIND, either express or implied. See the License for the
	specific language governing permissions and limitations
	under the License.
	-->

	<document>

	<properties>
	<title>Authenticator Component</title>
	<author email="epugh@upstate.com">Eric PUgh</author>
	</properties>

	<body>

	<section name="Overview">
	<p>
	The security system has the concept of pluggable authenticators. For instance,
	you may keep your user information in the database, but you want to authenticate
	against NT. Or you keep your passwords in the database, but you have different
	encryptions schemes. Via the component config file you can specify what authenticator
	to use.
	</p>
	<subsection name="NoOpAuthenticator">
	<p>
	Always returns true, regardless of what is passed in.
	</p>
	</subsection>
	<subsection name="TextMatchAuthenticator">
	<p>
	Does a plain text match of the passwords. Case does matter.
	</p>
	</subsection>
	<subsection name="NTAuthenticator">
	<p>
	Attempts to authenticate the user against an NT domain. The
	username must look like CVILLE\epugh. You will need to configure your
	system to use the tagish library.
	</p>
	<p>
	http://www.mooreds.com/jaas.html
	<br/>
	http://free.tagish.net/jaas/doc.html
	<br/>
	http://www.raibledesigns.com/page/rd/20030217
	<br/>
	This application uses a small DLL to provide security. Put the NTSecurity.dll in your JAVA_HOME/jre/bin directory.
	This provides the JNI interface to NT used by JAAS.
	<br/>
	Then put the tagish.login fil in the ${java.home}/jre/lib/security/ directory. This tells the Tagish
	code what classes to load for security.
	<br/>
	Lastly, you must edit the ${java.home}/jre/lib/security/java.security file and add this line:
	<source>
	login.config.url.1=file:${java.home}/lib/security/tagish.login
	</source>
	This tells the java security policy how to find the tagish information.

	</p>
	<p>
	<!--The last thing is to put the file jaas.jar in your tomcat server/lib/ directory so the JAAS realm can function.-->
	</p>
	</subsection>
	<subsection name="CryptoAuthenticator">
	<p>
	Uses the fulcrum crypto service to check the password
	against the encrypted one. You can specify the algorithm and cipher to use.
	</p>
	<p>
	Using the combined format looks like this:
	</p>
	<source>

	<![CDATA[
	<component
	role="org.apache.fulcrum.security.authenticator.Authenticator"
	class="org.apache.fulcrum.security.authenticator.CryptoAuthenticator">
	<algorithm>java</algorithm>
	<cipher>SHA1</cipher>
	</component>

	<component
	role="org.apache.fulcrum.crypto.CryptoService"
	class="org.apache.fulcrum.crypto.DefaultCryptoService">
	<algorithm>
	<unix>org.apache.fulcrum.crypto.provider.UnixCrypt</unix>
	<clear>org.apache.fulcrum.crypto.provider.ClearCrypt</clear>
	<java>org.apache.fulcrum.crypto.provider.JavaCrypt</java>
	<oldjava>org.apache.fulcrum.crypto.provider.OldJavaCrypt</oldjava>
	</algorithm>
	</component>
	]]>
	</source>
	</subsection>

	</section>
	</body>
	</document>