| <?xml version="1.0"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| |
| <document> |
| |
| <properties> |
| <title>Authenticator Component</title> |
| <author email="epugh@upstate.com">Eric PUgh</author> |
| </properties> |
| |
| <body> |
| |
| <section name="Overview"> |
| <p> |
| The security system has the concept of pluggable authenticators. For instance, |
| you may keep your user information in the database, but you want to authenticate |
| against NT. Or you keep your passwords in the database, but you have different |
| encryptions schemes. Via the component config file you can specify what authenticator |
| to use. |
| </p> |
| <subsection name="NoOpAuthenticator"> |
| <p> |
| Always returns true, regardless of what is passed in. |
| </p> |
| </subsection> |
| <subsection name="TextMatchAuthenticator"> |
| <p> |
| Does a plain text match of the passwords. Case does matter. |
| </p> |
| </subsection> |
| <subsection name="NTAuthenticator"> |
| <p> |
| Attempts to authenticate the user against an NT domain. The |
| username must look like CVILLE\epugh. You will need to configure your |
| system to use the tagish library. |
| </p> |
| <p> |
| http://www.mooreds.com/jaas.html |
| <br/> |
| http://free.tagish.net/jaas/doc.html |
| <br/> |
| http://www.raibledesigns.com/page/rd/20030217 |
| <br/> |
| This application uses a small DLL to provide security. Put the NTSecurity.dll in your JAVA_HOME/jre/bin directory. |
| This provides the JNI interface to NT used by JAAS. |
| <br/> |
| Then put the tagish.login fil in the ${java.home}/jre/lib/security/ directory. This tells the Tagish |
| code what classes to load for security. |
| <br/> |
| Lastly, you must edit the ${java.home}/jre/lib/security/java.security file and add this line: |
| <source> |
| login.config.url.1=file:${java.home}/lib/security/tagish.login |
| </source> |
| This tells the java security policy how to find the tagish information. |
| |
| </p> |
| <p> |
| <!--The last thing is to put the file jaas.jar in your tomcat server/lib/ directory so the JAAS realm can function.--> |
| </p> |
| </subsection> |
| <subsection name="CryptoAuthenticator"> |
| <p> |
| Uses the fulcrum crypto service to check the password |
| against the encrypted one. You can specify the algorithm and cipher to use. |
| </p> |
| <p> |
| Using the combined format looks like this: |
| </p> |
| <source> |
| |
| <![CDATA[ |
| <component |
| role="org.apache.fulcrum.security.authenticator.Authenticator" |
| class="org.apache.fulcrum.security.authenticator.CryptoAuthenticator"> |
| <algorithm>java</algorithm> |
| <cipher>SHA1</cipher> |
| </component> |
| |
| <component |
| role="org.apache.fulcrum.crypto.CryptoService" |
| class="org.apache.fulcrum.crypto.DefaultCryptoService"> |
| <algorithm> |
| <unix>org.apache.fulcrum.crypto.provider.UnixCrypt</unix> |
| <clear>org.apache.fulcrum.crypto.provider.ClearCrypt</clear> |
| <java>org.apache.fulcrum.crypto.provider.JavaCrypt</java> |
| <oldjava>org.apache.fulcrum.crypto.provider.OldJavaCrypt</oldjava> |
| </algorithm> |
| </component> |
| ]]> |
| </source> |
| </subsection> |
| |
| </section> |
| </body> |
| </document> |