Class |
|
|---|---|
Component |
|
PathAuthenticationServlet provides username and password authentication. You can associate one or more usernames and passwords with any URL request prefix. The servlet requires authentication in the form of a valid username/password pair before it will allow service of a URL that begins with that prefix.
The PathAuthenticationServlet has the following properties:
Property | Description |
|---|---|
| The realm to use in authentication. Defaults to |
| Is authentication enabled? Defaults to |
| A |
By default, PathAuthenticationServlet appears in the DAF servlet pipeline between the ThreadUserBinderServlet and the DynamoServlet, but PathAuthenticationServlet is not enabled. You can enable PathAuthenticationServlet by setting the enabled property to true.
PathAuthenticationServlet (if enabled) searches all the keys in the authenticators map to see if the requested URL starts with any of the path prefixes listed there. The servlet uses the longest path prefix that matches and the corresponding authenticator object is used to authenticate the request.
Example
The following example assumes your HTTP server has a document root of /docs. You can enable password authentication for directories called docs/truth and docs/truth/inside_truth with the following properties settings in the PathAuthenticationServlet :
enabled=true authenticators=\ /truth=/application/auth/TruthPassword,\ /truth/inside_truth=/application/auth/Inside_TruthPassword
Note that the paths exclude the /docs prefix; these paths are relative to the docroot of the HTTP server.
An authenticator component includes a passwords property. The value of the passwords property is a list of valid username/password pairs. Thus, the TruthPassword.properties file might read:
$class=atg.servlet.pipeline.BasicAuthenticator passwords=\ satchmo=cornet
In this example, if a user requested any document in the /docs/truth area, the user would be required to provide the username satchmo and the password cornet. You can create a separate authenticator component at /application/auth/Inside_TruthPassword to require a different username/password pair in order to request documents from the /docs/truth/inside_truth area.
