Class |
|
---|---|
Component |
|
PathAuthenticationServlet
provides username and password authentication. You can associate one or more usernames and passwords with any URL request prefix. The servlet requires authentication in the form of a valid username/password pair before it allows service of a URL that begins with that prefix.
The PathAuthenticationServlet
has the following properties:
Property | Description |
---|---|
| The realm to use in authentication. Defaults to |
| Is authentication enabled? Defaults to |
| A |
By default, PathAuthenticationServlet
appears in the DAF servlet pipeline between the ThreadUserBinderServlet
and the DynamoServlet
, but PathAuthenticationServlet
is not enabled. You can enable PathAuthenticationServlet
by setting the enabled
property to true
.
PathAuthenticationServlet
(if enabled) searches all the keys in the authenticators
map to see if the requested URL starts with any of the path prefixes listed there. The servlet uses the longest path prefix that matches and the corresponding authenticator object is used to authenticate the request.
Example
The following example assumes your HTTP server has a document root of /docs
. You can enable password authentication for directories called docs/truth
and docs/truth/inside_truth
with the following properties settings in the PathAuthenticationServlet
:
enabled=true authenticators=\ /truth=/application/auth/TruthPassword,\ /truth/inside_truth=/application/auth/Inside_TruthPassword
Note: The paths exclude the /docs
prefix; these paths are relative to the docroot
of the HTTP server.
An authenticator component includes a passwords
property. The value of the passwords
property is a list of valid username/password pairs. Thus, the TruthPassword.properties
file might read:
$class=atg.servlet.pipeline.BasicAuthenticator passwords=\ satchmo=cornet
In this example, if a user requests any document in the /docs/truth
area, the user is required to provide the username satchmo
and the password cornet
. You can create a separate authenticator component at /application/auth/Inside_TruthPassword
to require a different username/password pair in order to request documents from the /docs/truth/inside_truth
area.