AuthTrans

                                                                                                                                                                                                                                                                                                                                      Back to [Book]     [Topic]

AuthTrans

The Authtrans directive instructs the server to check for authorization before allowing a client to access resources. For more information, see AuthTrans.

The following AuthTrans-class functions are described in detail in this section:

In addition, the following common SAFs are valid for the AuthTrans directive:

basic-auth

The basic-auth function verifies the authorization information sent by the client. The Authorization header is sent as part of the basic server authorization scheme. This function is usually used with the PathCheck-class function require-auth.

Parameters

The following table describes parameters for the basic-auth function.

Table 7-1 basic-auth Parameters

Parameter Description
auth-type Specifies the type of authorization to be used. The values can be basic, digest, or ssl. The default value is basic.
userdb (Optional) Specifies the full path and file name of the database to be used for user verification. This parameter will be passed to the user function.
userfn Name of the user custom function to verify authorization. This function must have been previously loaded with load-modules. It has the same interface as all of the SAFs, but it is called with the user name (user), password (pw), user database (userdb), and group database (groupdb), if supplied, in the pb parameter.This function checks the name and password using the database and returns REQ_NOACTION if they are not valid. It returns REQ_PROCEED if the name and password are valid. The basic-auth function will then add auth-type, auth-user (user), auth-db (userdb), and auth-password (pw, Windows only) to the rq->vars pblock. For more information on custom functions, Creating Custom Server Application Functions in Sun Java System Web Server NSAPI Developer's Guide.
groupdb (Optional) Specifies the full path and file name of the user database. This parameter will be passed to the group function.
groupfn (Optional) Name of the group custom function that must have been previously loaded with load-modules. It has the same interface as all of the SAFs, but it is called with the user name (user), password (pw), user database (userdb), and group database (groupdb) in the pb parameter. This parameter also has access to the auth-type, auth-user (user), auth-db (userdb), and auth-password (pw, Windows only) parameters in the rq->vars pblock. The group function determines the group to which the user belongs using the group database, add it to rq->vars as auth-group, and return REQ_PROCEED if found. It returns REQ_NOACTION if the user’s group is not found.
bucket (Optional) Common to all obj.conf functions. Adds a bucket to monitor performance. For more information, see The bucket Parameter.

Example

In magnus.conf:

Init fn="load-modules" shlib="/path/to/mycustomauth.so" funcs="hardcoded_auth"

In obj.conf:

AuthTrans fn="basic-auth" auth-type="basic" userfn="hardcoded_auth"
PathCheck fn="require-auth" auth-type="basic" realm="Marketing Plans"

See Also

require-auth

basic-ncsa

The basic-ncsa function verifies authorization information sent by the client against a database. The Authorization header is sent as part of the basic server authorization scheme. This function is usually used with the PathCheck-class function require-auth.

Parameters

The following table describes parameters for the basic-ncsa function.

Table 7-2 basic-ncsa Parameters

Parameter Description
auth-type Specifies the type of authorization to be used. The values can be basic, digest, or ssl. The default value is basic.
dbm (Optional) Specifies the full path and base file name of the user database in the native format of the server. The native format is a system DBM file, which is a hashed file format allowing instantaneous access to billions of users. If you use this parameter, do not use the userfile parameter.
userfile (Optional) Specifies the full path name of the user database in the NCSA-style HTTPD user file format. This format consists of lines using the format name:password, where password is encrypted. If you use this parameter, do not use dbm.
grpfile (Optional) Specifies the NCSA-style HTTPD group file to be used. Each line of a group file consists of group:user1 user2 ... userN where each user name is separated by spaces.
bucket (Optional) Common to all obj.conf functions. Adds a bucket to monitor performance. For more information, see The bucket Parameter.

Example

AuthTrans fn="basic-ncsa" auth-type="basic" dbm="/sun/server7/userdb/rs"
PathCheck fn="require-auth" auth-type="basic" realm="Marketing Plans"
AuthTrans fn="basic-ncsa" auth-type="basic" userfile="/sun/server7/.htpasswd" 
     grpfile="/sun/server7/.grpfile"
PathCheck fn="require-auth" auth-type="basic" realm="Marketing Plans"

See Also

require-auth

get-sslid

The get-sslid function retrieves a string that is unique to the current SSL session and stores it as the ssl-id variable in the Session->client parameter block.

Note -
This function is provided for backward compatibility. The functionality of get-sslid has been incorporated into the standard processing of an SSL connection.

If the variable ssl-id is present when a CGI is invoked, it is passed to the CGI as the HTTPS_SESSIONID environment variable. The get-sslid function has no parameters and always returns REQ_NOACTION. It has no effect if SSL is not enabled.

Parameters

The following table describes parameter for the get-sslid function.

Table 7-3 get-sslid Parameter

Parameter Description
bucket (Optional) Common to all obj.conf functions. Adds a bucket to monitor performance. For more information, see The bucket Parameter.

qos-handler

The qos-handler function examines the current quality of service (QOS) statistics for a virtual server, logs the statistics, and enforces the QOS parameters by returning an error. This function must be the first AuthTrans function configured in the default object.

Parameters

The following table describes parameter for the qos-handler function.

Table 7-4 qos-handler Parameter

Parameter Description
bucket (Optional) Common to all obj.conf functions. Adds a bucket to monitor performance. For more information, see The bucket Parameter.

Example

AuthTrans fn="qos-handler"

See Also

qos-error

Labels

configurationfile configurationfile Delete
+configguide +configguide Delete
java java Delete
server server Delete
configuration configuration Delete
administrator's administrator's Delete
webserver webserver Delete
sun sun Delete
application application Delete
system system Delete
webtier webtier Delete
webserver70 webserver70 Delete
sunjava sunjava Delete
web web Delete
guide guide Delete
file file Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Sign up or Log in to add a comment or watch this page.


The individuals who post here are part of the extended Sun Microsystems community and they might not be employed or in any way formally affiliated with Sun Microsystems. The opinions expressed here are their own, are not necessarily reviewed in advance by anyone but the individual authors, and neither Sun nor any other party necessarily agrees with them.

Copyright 1994-2009 Sun Microsystems, Inc.
Powered by Atlassian Confluence Sun Guidelines on Public Discourse Privacy Policy Terms of Use Trademarks Site Map Employment Investor Relations Contact