source: nutchez-0.1/tomcat/webapps/docs/funcspecs/printer/fs-memory-realm.html

Last change on this file was 66, checked in by waue, 16 years ago

NutchEz - an easy way to nutch

File size: 11.8 KB
Line 
1<html><head><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Catalina Functional Specifications - MemoryRealm</title><meta value="Craig McClanahan" name="author"><meta value="craigmcc@apache.org" name="email"></head><body vlink="#525D76" alink="#525D76" link="#525D76" text="#000000" bgcolor="#ffffff"><table cellspacing="0" width="100%" border="0"><!--PAGE HEADER--><tr><td><!--PROJECT LOGO--><a href="http://tomcat.apache.org/"><img border="0" alt="
2      Catalina Functional Specifications
3    " align="right" src="../../../images/tomcat.gif"></a></td><td><font face="arial,helvetica,sanserif"><h1>Apache Tomcat 6.0</h1></font></td><td><!--APACHE LOGO--><a href="http://www.apache.org/"><img border="0" alt="Apache Logo" align="right" src="../../../images/asf-logo.gif"></a></td></tr></table><table cellspacing="4" width="100%" border="0"><!--HEADER SEPARATOR--><tr><td colspan="2"><hr size="1" noshade></td></tr><tr><!--RIGHT SIDE MAIN BODY--><td align="left" valign="top" width="80%"><table cellspacing="4" width="100%" border="0"><tr><td valign="top" align="left"><h1>Catalina Functional Specifications</h1><h2>MemoryRealm</h2></td><td nowrap="true" valign="top" align="right"><img border="0" hspace="0" vspace="0" height="1" width="1" src="../../../images/void.gif"></td></tr></table><table cellpadding="2" cellspacing="0" border="0"><tr><td bgcolor="#525D76"><font face="arial,helvetica.sanserif" color="#ffffff"><a name="Overview"><strong>Overview</strong></a></font></td></tr><tr><td><blockquote>
4
5
6  <table cellpadding="2" cellspacing="0" border="0"><tr><td bgcolor="#828DA6"><font face="arial,helvetica.sanserif" color="#ffffff"><a name="Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
7
8    <p>The purpose of the <strong>MemoryRealm</strong> implementation is to
9    provide a mechanism by which Tomcat 6 can acquire information needed
10    to authenticate web application users, and define their security roles,
11    from a simple text-based configuration file in XML format.  This is
12    intended to simplify the initial installation and operation of Tomcat 6,
13    without the complexity of configuring a database or directory server
14    based Realm.  It is not intended for production use.</p>
15
16    <p>This specification reflects a combination of functionality that is
17    already present in the <code>org.apache.catalina.realm.MemoryRealm</code>
18    class, as well as requirements for enhancements that have been
19    discussed.  Where appropriate, requirements statements are marked
20    <em>[Current]</em> and <em>[Requested]</em> to distinguish them.</p>
21
22    <p>The current status of this functional specification is
23    <strong>PROPOSED</strong>.  It has not yet been discussed and
24    agreed to on the TOMCAT-DEV mailing list.</p>
25
26  </blockquote></td></tr></table>
27
28
29  <table cellpadding="2" cellspacing="0" border="0"><tr><td bgcolor="#828DA6"><font face="arial,helvetica.sanserif" color="#ffffff"><a name="External Specifications"><strong>External Specifications</strong></a></font></td></tr><tr><td><blockquote>
30
31    <p>The implementation of this functionality depends on the following
32    external specifications:</p>
33    <ul>
34    <li>None</li>
35    </ul>
36
37  </blockquote></td></tr></table>
38
39
40  <table cellpadding="2" cellspacing="0" border="0"><tr><td bgcolor="#828DA6"><font face="arial,helvetica.sanserif" color="#ffffff"><a name="Implementation Requirements"><strong>Implementation Requirements</strong></a></font></td></tr><tr><td><blockquote>
41
42    <p>The implementation of this functionality shall conform to the
43    following requirements:</p>
44    <ul>
45    <li>Be realized in one or more implementation classes.</li>
46    <li>Implement the <code>org.apache.catalina.Realm</code> interface.
47        [Current]</li>
48    <li>Implement the <code>org.apache.catalina.Lifecycle</code>
49        interface.  [Current]</li>
50    <li>Subclass the <code>org.apache.catalina.realm.RealmBase</code>
51        base class.</li>
52    <li>Live in the <code>org.apache.catalina.realm</code> package.
53        [Current]</li>
54    <li>Support a configurable debugging detail level. [Current]</li>
55    <li>Log debugging and operational messages (suitably internationalized)
56        via the <code>getContainer().log()</code> method. [Current]</li>
57    </ul>
58
59  </blockquote></td></tr></table>
60
61
62</blockquote></td></tr></table><table cellpadding="2" cellspacing="0" border="0"><tr><td bgcolor="#525D76"><font face="arial,helvetica.sanserif" color="#ffffff"><a name="Dependencies"><strong>Dependencies</strong></a></font></td></tr><tr><td><blockquote>
63
64
65  <table cellpadding="2" cellspacing="0" border="0"><tr><td bgcolor="#828DA6"><font face="arial,helvetica.sanserif" color="#ffffff"><a name="Environmental Dependencies"><strong>Environmental Dependencies</strong></a></font></td></tr><tr><td><blockquote>
66
67    <p>The following environmental dependencies must be met in order for
68    MemoryRealm to operate correctly:</p>
69    <ul>
70    <li>The desire to utilize MemoryRealm must be registered in
71        <code>$CATALINA_BASE/conf/server.xml</code>, in a
72        <code>&lt;Realm&gt;</code> element that is nested inside a
73        corresponding <code>&lt;Engine&gt;</code>, <code>&lt;Host&gt;</code>,
74        or <code>&lt;Context&gt;</code> element.  (This is already
75        included in the default <code>server.xml</code> file.)</li>
76    </ul>
77
78  </blockquote></td></tr></table>
79
80
81  <table cellpadding="2" cellspacing="0" border="0"><tr><td bgcolor="#828DA6"><font face="arial,helvetica.sanserif" color="#ffffff"><a name="Container Dependencies"><strong>Container Dependencies</strong></a></font></td></tr><tr><td><blockquote>
82
83    <p>Correct operation of MemoryRealm depends on the following
84    specific features of the surrounding container:</p>
85    <ul>
86    <li>Interactions with <code>MemoryRealm</code> will be initiated by
87        the appropriate <code>Authenticator</code> implementation, based
88        on the login method that is selected.</li>
89    <li><code>MemoryRealm</code> must have an XML parser compatible with
90        the JAXP/1.1 APIs available to it.  This is normally accomplished
91        by placing the corresponding JAR files in directory
92        <code>$CATALINA_HOME/lib</code>.</li>
93    </ul>
94
95  </blockquote></td></tr></table>
96
97
98</blockquote></td></tr></table><table cellpadding="2" cellspacing="0" border="0"><tr><td bgcolor="#525D76"><font face="arial,helvetica.sanserif" color="#ffffff"><a name="Functionality"><strong>Functionality</strong></a></font></td></tr><tr><td><blockquote>
99
100
101  <table cellpadding="2" cellspacing="0" border="0"><tr><td bgcolor="#828DA6"><font face="arial,helvetica.sanserif" color="#ffffff"><a name="Overview of Operation"><strong>Overview of Operation</strong></a></font></td></tr><tr><td><blockquote>
102
103    <p>The main purpose of <code>MemoryRealm</code> is to allow Catalina to
104    authenticate users, and look up the corresponding security roles, from
105    the information found in an XML-format configuration file.  The format
106    of this file is described below.  When a <code>MemoryRealm</code>
107    instance is started, it will read the contents of this XML file and create
108    an "in memory database" of all the valid users and their associated
109    security roles.</p>
110
111    <p>Each time that Catalina needs to authenticate a user, it will call
112    the <code>authenticate()</code> method of this Realm implementation,
113    passing the username and password that were specified by the user.  If
114    we find the user in the database (and match on the password), we accumulate
115    all of the security roles that are defined for this user, and create a
116    new <code>GenericPrincipal</code> object to be returned.  If the user
117    is not authenticated, we return <code>null</code> instead.  The
118    <code>GenericUser</code> object caches the set of security roles that
119    were owned by this user at the time of authentication, so that calls to
120    <code>isUserInRole()</code> can be answered without going back to the
121    database every time.</p>
122
123  </blockquote></td></tr></table>
124
125
126  <table cellpadding="2" cellspacing="0" border="0"><tr><td bgcolor="#828DA6"><font face="arial,helvetica.sanserif" color="#ffffff"><a name="Detailed Functional Requirements"><strong>Detailed Functional Requirements</strong></a></font></td></tr><tr><td><blockquote>
127
128
129    <h3>Configurable Properties</h3>
130
131    <p>The implementation shall support the following properties
132    that can be configured with JavaBeans property setters:</p>
133    <ul>
134    <li>Configurable debugging detail level.</li>
135    <li>Configurable file pathname (absolute or relative to
136        <code>$CATALINA_BASE</code> of the XML file containing our
137        defined users.  [<code>conf/tomcat-users.xml</code>].</li>
138    </ul>
139
140    <h3>Lifecycle Functionality</h3>
141
142    <p>The following processing must be performed when the <code>start()</code>
143    method is called:</p>
144    <ul>
145    <li>Open and parse the specified XML file.</li>
146    <li>Create an in-memory database representation of the XML file
147        contents.</li>
148    <li><strong>NOTE</strong> - There is no requirement to recognize
149        subsequent changes to the contents of the XML file.</li>
150    </ul>
151
152    <p>The following processing must be performed when the <code>stop()</code>
153    method is called:</p>
154    <ul>
155    <li>Release object references to the in-memory database representation.</li>
156    </ul>
157
158
159    <h3>Method authenticate() Functionality</h3>
160
161    <p>When <code>authenticate()</code> is called, the following processing
162    is required:</p>
163    <ul>
164    <li>Select the one and only "user" instance from the in-memory database,
165        based on matching the specified username.  If there is no such
166        instance, return <code>null</code>.</li>
167    <li>Authenticate the user by comparing the (possibly encrypted) password
168        value that was received against the password presented by the user.
169        If there is no match, return <code>null</code>.</li>
170    <li>Construct a new instance of class
171        <code>org.apache.catalina.realm.GenericPrincipal</code> (if not
172        already using this as the internal database representation) that
173        contains the authenticated username and a <code>List</code> of the
174        security roles associated with this user.</li>
175    <li>Return the newly constructed <code>GenericPrincipal</code>.</li>
176    </ul>
177
178
179    <h3>Method hasRole() Functionality</h3>
180
181    <p>When <code>hasRole()</code> is called, the following processing
182    is required:</p>
183    <ul>
184    <li>The <code>principal</code> that is passed as an argument SHOULD
185        be one that we returned (instanceof class
186        <code>org.apache.catalina.realm.GenericPrincipal</code>, with a
187        <code>realm</code> property that is equal to our instance.</li>
188    <li>If the passed <code>principal</code> meets these criteria, check
189        the specified role against the list returned by
190        <code>getRoles()</code>, and return <code>true</code> if the
191        specified role is included; otherwise, return <code>false</code>.</li>
192    <li>If the passed <code>principal</code> does not meet these criteria,
193        return <code>false</code>.</li>
194    </ul>
195
196  </blockquote></td></tr></table>
197
198</blockquote></td></tr></table><table cellpadding="2" cellspacing="0" border="0"><tr><td bgcolor="#525D76"><font face="arial,helvetica.sanserif" color="#ffffff"><a name="Testable Assertions"><strong>Testable Assertions</strong></a></font></td></tr><tr><td><blockquote>
199
200  <p>In addition the the assertions implied by the functionality requirements
201  listed above, the following additional assertions shall be tested to
202  validate the behavior of <code>MemoryRealm</code>:</p>
203  <ul>
204  </ul>
205
206</blockquote></td></tr></table></td></tr><!--FOOTER SEPARATOR--><tr><td colspan="2"><hr size="1" noshade></td></tr><!--PAGE FOOTER--><tr><td colspan="2"><div align="center"><font size="-1" color="#525D76"><em>
207        Copyright &copy; 1999-2008, Apache Software Foundation
208        </em></font></div></td></tr></table></body></html>
Note: See TracBrowser for help on using the repository browser.