| [66] | 1 | <?xml version="1.0"?> |
|---|
| 2 | <!-- |
|---|
| 3 | This is the authentication configuration file for protocol-httpclient. |
|---|
| 4 | Different credentials for different authentication scopes can be |
|---|
| 5 | configured in this file. If a set of credentials is configured for a |
|---|
| 6 | particular authentication scope (i.e. particular host, port number, |
|---|
| 7 | scheme and realm), then that set of credentials would be sent only to |
|---|
| 8 | servers falling under the specified authentication scope. Apart from |
|---|
| 9 | this at most one set of credentials can be configured as 'default'. |
|---|
| 10 | |
|---|
| 11 | When authentication is required to fetch a resource from a web-server, |
|---|
| 12 | the authentication-scope is determined from the host, port, scheme and |
|---|
| 13 | realm (if present) obtained from the URL of the page and the |
|---|
| 14 | authentication headers in the HTTP response. If it matches any |
|---|
| 15 | 'authscope' in this configuration file, then the 'credentials' for |
|---|
| 16 | that 'authscope' is used for authentication. Otherwise, it would use |
|---|
| 17 | the 'default' set of credentials (with an exception which is described |
|---|
| 18 | in the next paragraph), if present. If any attribute is missing, it |
|---|
| 19 | would match all values for that attribute. |
|---|
| 20 | |
|---|
| 21 | If there are several pages having different authentication realms and |
|---|
| 22 | schemes on the same web-server (same host and port, but different |
|---|
| 23 | realms and schemes), and credentials for one or more of the realms and |
|---|
| 24 | schemes for that web-server is specified, then the 'default' |
|---|
| 25 | credentials would be ignored completely for that web-server (for that |
|---|
| 26 | host and port). So, credentials to handle all realms and schemes for |
|---|
| 27 | that server may be specified explicitly by adding an extra 'authscope' |
|---|
| 28 | tag with the 'realm' and 'scheme' attributes missing for that server. |
|---|
| 29 | This is demonstrated by the last 'authscope' tag for 'example:8080' in |
|---|
| 30 | the following example. |
|---|
| 31 | |
|---|
| 32 | Example:- |
|---|
| 33 | <credentials username="susam" password="masus"> |
|---|
| 34 | <default realm="sso"/> |
|---|
| 35 | <authscope host="192.168.101.33" port="80" realm="login"/> |
|---|
| 36 | <authscope host="example" port="8080" realm="blogs"/> |
|---|
| 37 | <authscope host="example" port="8080" realm="wiki"/> |
|---|
| 38 | <authscope host="example" port="80" realm="quiz" scheme="NTLM"/> |
|---|
| 39 | </credentials> |
|---|
| 40 | <credentials username="admin" password="nimda"> |
|---|
| 41 | <authscope host="example" port="8080"/> |
|---|
| 42 | </credentials> |
|---|
| 43 | |
|---|
| 44 | In the above example, 'example:8080' server has pages with multiple |
|---|
| 45 | authentication realms. The first set of credentials would be used for |
|---|
| 46 | 'blogs' and 'wiki' authentication realms. The second set of |
|---|
| 47 | credentials would be used for all other realms. For 'login' realm of |
|---|
| 48 | '192.168.101.33', the first set of credentials would be used. For any |
|---|
| 49 | other realm of '192.168.101.33' authentication would not be done. For |
|---|
| 50 | the NTLM authentication required by 'example:80', the first set of |
|---|
| 51 | credentials would be used. For 'sso' realms of all other servers, the |
|---|
| 52 | first set of credentials would be used, since it is configured as |
|---|
| 53 | 'default'. |
|---|
| 54 | |
|---|
| 55 | NTLM does not use the notion of realms. The domain name may be |
|---|
| 56 | specified as the value for 'realm' attribute in case of NTLM. |
|---|
| 57 | --> |
|---|
| 58 | |
|---|
| 59 | <auth-configuration> |
|---|
| 60 | |
|---|
| 61 | </auth-configuration> |
|---|
