AuthTrans
The Authtrans directive instructs the server to check for authorization before allowing a client to access resources. For more information, see AuthTrans.
The following AuthTrans-class functions are described in detail in this section:
In addition, the following common SAFs are valid for the AuthTrans directive:
basic-auth
The basic-auth function verifies the authorization information sent by the client. The Authorization header is sent as part of the basic server authorization scheme. This function is usually used with the PathCheck-class function require-auth.
Parameters
The following table describes parameters for the basic-auth function.
Table 7–1 basic-auth Parameters|
Parameter |
Description |
|---|---|
|
Specifies the type of authorization to be used. The values can be basic, digest, or ssl. The default value is basic. |
|
|
(Optional) Specifies the full path and file name of the database to be used for user verification. This parameter will be passed to the user function. |
|
|
Name of the user custom function to verify authorization. This function must have been previously loaded with load-modules. It has the same interface as all of the SAFs, but it is called with the user name (user), password (pw), user database (userdb), and group database (groupdb), if supplied, in the pb parameter. This function checks the name and password using the database and returns REQ_NOACTION if they are not valid. It returns REQ_PROCEED if the name and password are valid. The basic-auth function will then add auth-type, auth-user (user), auth-db (userdb), and auth-password (pw, Windows only) to the rq->vars pblock. For more information on custom functions, see Chapter 2, Creating Custom Server Application Functions, in Sun Java System Web Server 7.0 Update 2 NSAPI Developer’s Guide. |
|
|
(Optional) Specifies the full path and file name of the user database. This parameter will be passed to the group function. |
|
|
(Optional) Name of the group custom function that must have been previously loaded with load-modules. It has the same interface as all of the SAFs, but it is called with the user name (user), password (pw), user database (userdb), and group database (groupdb) in the pb parameter. This parameter also has access to the auth-type, auth-user (user), auth-db (userdb), and auth-password (pw, Windows only) parameters in the rq->vars pblock. The group function determines the group to which the user belongs using the group database, add it to rq->vars as auth-group, and return REQ_PROCEED if found. It returns REQ_NOACTION if the user’s group is not found. |
|
|
bucket |
(Optional) Common to all obj.conf functions. Adds a bucket to monitor performance. For more information, see The bucket Parameter. |
Example
In magnus.conf:
Init fn="load-modules" shlib="/path/to/mycustomauth.so" funcs="hardcoded_auth"
In obj.conf:
AuthTrans fn="basic-auth" auth-type="basic" userfn="hardcoded_auth" PathCheck fn="require-auth" auth-type="basic" realm="Marketing Plans"
See Also
basic-ncsa
The basic-ncsa function verifies authorization information sent by the client against a database. The Authorization header is sent as part of the basic server authorization scheme. This function is usually used with the PathCheck-class function require-auth.
Parameters
The following table describes parameters for the basic-ncsa function.
Table 7–2 basic-ncsa Parameters|
Parameter |
Description |
|---|---|
|
Specifies the type of authorization to be used. The values can be basic, digest, or ssl. The default value is basic. |
|
|
(Optional) Specifies the full path and base file name of the user database in the native format of the server. The native format is a system DBM file, which is a hashed file format allowing instantaneous access to billions of users. If you use this parameter, do not use the userfile parameter. |
|
|
(Optional) Specifies the full path name of the user database in the NCSA-style HTTPD user file format. This format consists of lines using the format name:password, where password is encrypted. If you use this parameter, do not use dbm. |
|
|
(Optional) Specifies the NCSA-style HTTPD group file to be used. Each line of a group file consists of group:user1 user2 ... userN where each user name is separated by spaces. |
|
|
bucket |
(Optional) Common to all obj.conf functions. Adds a bucket to monitor performance. For more information, see The bucket Parameter. |
Example
AuthTrans fn="basic-ncsa" auth-type="basic" dbm="/sun/server7/userdb/rs"
PathCheck fn="require-auth" auth-type="basic" realm="Marketing Plans"
AuthTrans fn="basic-ncsa" auth-type="basic" userfile="/sun/server7/.htpasswd"
grpfile="/sun/server7/.grpfile"
PathCheck fn="require-auth" auth-type="basic" realm="Marketing Plans"
See Also
get-sslid
The get-sslid function retrieves a string that is unique to the current SSL session and stores it as the ssl-id variable in the Session->client parameter block.
Note –
This function is provided for backward compatibility. The functionality of get-sslid has been incorporated into the standard processing of an SSL connection.
If the variable ssl-id is present when a CGI is invoked, it is passed to the CGI as the HTTPS_SESSIONID environment variable. The get-sslid function has no parameters and always returns REQ_NOACTION. It has no effect if SSL is not enabled.
Parameters
The following table describes parameter for the get-sslid function.
Table 7–3 get-sslid Parameter|
Parameter |
Description |
|---|---|
|
bucket |
(Optional) Common to all obj.conf functions. Adds a bucket to monitor performance. For more information, see The bucket Parameter. |
qos-handler
The qos-handler function examines the current quality of service (QOS) statistics for a virtual server, logs the statistics, and enforces the QOS parameters by returning an error. This function must be the first AuthTrans function configured in the default object.
Parameters
The following table describes parameter for the qos-handler function.
Table 7–4 qos-handler Parameter|
Parameter |
Description |
|---|---|
|
bucket |
(Optional) Common to all obj.conf functions. Adds a bucket to monitor performance. For more information, see The bucket Parameter. |
Example
AuthTrans fn="qos-handler"
See Also
- © 2010, Oracle Corporation and/or its affiliates