[jboss-cvs] jboss-seam/doc/reference/en/modules ...
Shane Bryzak
sbryzak at redhat.com
Sun May 27 06:41:46 EDT 2007
User: sbryzak2
Date: 07/05/27 06:41:46
Modified: doc/reference/en/modules security.xml
Log:
document http basic and digest authentication
Revision Changes Path
1.60 +60 -0 jboss-seam/doc/reference/en/modules/security.xml
(In the diff below, changes in quantity of whitespace are not shown.)
Index: security.xml
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/doc/reference/en/modules/security.xml,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -b -r1.59 -r1.60
--- security.xml 22 May 2007 02:18:16 -0000 1.59
+++ security.xml 27 May 2007 10:41:46 -0000 1.60
@@ -375,6 +375,66 @@
</sect2>
<sect2>
+ <title>HTTP Authentication</title>
+
+ <para>
+ Although not recommended for use unless absolutely necessary, Seam provides means for authenticating
+ using either HTTP Basic or HTTP Digest (RFC 2617) methods. To use either form of authentication,
+ the <literal>http-auth-filter</literal> component must be enabled in components.xml:
+ </para>
+
+ <programlisting><![CDATA[
+ <web:http-auth-filter url-pattern="*.seam" auth-type="basic"/>
+ ]]></programlisting>
+
+ <para>
+ To enable the filter for basic authentication, set <literal>auth-type</literal> to <literal>basic</literal>,
+ or for digest authentication, set it to <literal>digest</literal>. If using digest authentication, the
+ <literal>key</literal> and <literal>realm</literal> must also be set:
+ </para>
+
+ <programlisting><![CDATA[
+ <web:http-auth-filter url-pattern="*.seam" auth-type="digest" key="AA3JK34aSDlkj" realm="My App"/>
+ ]]></programlisting>
+
+ <para>
+ The <literal>key</literal> can be any String value. The <literal>realm</literal> is the name of the
+ authentication realm that is presented to the user when they authenticate.
+ </para>
+
+ <sect3>
+ <title>Writing a Digest Authenticator</title>
+
+ <para>
+ If using digest authentication, your authenticator class should extend the abstract class
+ <literal>org.jboss.seam.security.digest.DigestAuthenticator</literal>, and use the
+ <literal>validatePassword()</literal> method to validate the user's plain text password
+ against the digest request. Here is an example:
+ </para>
+
+ <programlisting><![CDATA[
+ public boolean authenticate()
+ {
+ try
+ {
+ User user = (User) entityManager.createQuery(
+ "from User where username = :username")
+ .setParameter("username", identity.getUsername())
+ .getSingleResult();
+
+ return validatePassword(user.getPassword());
+ }
+ catch (NoResultException ex)
+ {
+ return false;
+ }
+ }
+ ]]></programlisting>
+ </sect3>
+
+ </sect2>
+
+ <sect2>
<title>Advanced Authentication Features</title>
<para>
More information about the jboss-cvs-commits
mailing list