Back | Next | Contents Cams Administrator's Guide

Login Configuration Tag Reference

A security domain's login configuration declares the login modules, callback handlers, and login parameters required for user authentication. This document contains reference information for each of the tags that can be used within a Cams login-config.xml file. The following table shows the file structure and provides links to each of the possible elements.

Tag Name Instances Description

login-config

1

declares the login configuration

[login-config-entry]

1 ... N

a collection of login module entrys

[login-module-entry]

1 ... N

register a login module class and provides it's configuration options

options

0 ... 1

encloses a list of configuration options for a login module

[option]

0 ... N

provides an initialization/configuration parameter as a generic name/value pair

callback-handler

1

registers a callback handler class used for authentication to the given login-config-entry

login-parameters

0 ... N

an optional collection of login-parameter elements

[login-parameter]

0 ... N

a name/value pair of contextual login information

<login-config>

The <login-config> element is the top-level element for a security domain's login configuration.

Item Description
Syntax
<login-config>
  <login-config-entry ... >
    ...
  </login-config-entry>
  ...
</login-config> 
Attributes None
Data None
Parent Elements

None

Child Elements
<login-config-entry> Req Declares a single named collection of login-module-entrys that will be used to authenticate a user. Typically, each login-config-entry is setup to handle a set of client applications, depending on their authentication needs.

The JAAS-compatible login modules associated with each login-module-entry will be executed in the order in which the occur within this element.
Example
<login-config>
  <!-- HTTP login configurations -->
 	<login-config-entry name="http">
    ...
</login-config-entry> ... <login-config>

<login-config-entry>

Declares a single named collection of login-module-entrys that will be used to authenticate a user. Typically, each login-config-entry is setup to handle a set of client applications, depending on their authentication needs. Multiple login-config-entries can be declared to handle the requirements of different client applications.

The JAAS-compatible LoginModules associated with each login-module-entry will be executed in the order in which the occur within this element.

Item Description
Syntax
<login-config-entry name="authentication type">
  <login-module-entry ... > 
...
</login-module-entry> ... <callback-handler ... /> <login-parameters> ... </login-parameters> </login-config-entry>
Attributes
name Req An identifier, usually indicating the type of authentication configuration contained within the login config entry. For example, use http for HTTP resources or cams agents.
Data None
Parent Elements

1. <login-config>

Child Elements
<login-module-entry> Req A type-specific resource and rules for controlling access.
<callback-handler> Req Registers a callback handler class for use with authentication.
<login-parameters> Opt An optional collection of login parameter elements.
Example
<!-- HTTP login configurations -->
<login-config-entry name="http">

  <!-- Cams native XML user repository -->
  <login-module-entry className=\
    "com.cafesoft.security.engine.auth.login.module.XmlLoginModule"
    flag="REQUIRED">
    <options>
      <option name="debug" value="false"/>
      <option name="serviceId" value="cams-user-repository"/>
    </options>
  </login-module-entry>
  <!-- Register the MapCallbackHandler -->
<callback-handler className=\ "com.cafesoft.security.engine.auth.callback.MapCallbackHandler" />
  <!-- Specify the default login page -->
<login-parameters>
<login-parameter name="camsLoginUrl"
value="${http.resource.base.id}/login/login.jsp"/>
</login-parameters>
</login-config-entry>

<login-module-entry>

Registers a login module class and provides it's configuration options. One to many login-module-entrys can be declared and will be executed in order in accordance with the flag value specifed.

Item Description
Syntax
<login-module-entry
  className="fully.qualified.java.Classname"
  flag="REQUIRED | SUFFICIENT | REQUISITE | OPTIONAL">
  <options>
... </options>
</login-module-entry>
Attributes
className Req The login module's fully qualified Java class name.
flag Req REQUIRED, SUFFICIENT, REQUISITE, OPTIONAL
Data None
Parent Elements

1. <login-config-entry>

Child Elements
<options> Opt A list of configuration options for a login module.
Example
<!-- Cams native XML user repository -->
<login-module-entry className=\
  "com.cafesoft.security.engine.auth.login.module.XmlLoginModule"
  flag="REQUIRED">
  <options>
    <option name="debug" value="false"/>
    <option name="serviceId" value="cams-user-repository"/>
  </options>
</login-module-entry>

<options>

A list of configuration options for a login module.

Item Description
Syntax
<options>
  <option ... />
  ...
</options>
Attributes None
Data None
Parent Elements

1. <login-module-entry>

Child Elements
<option> Opt An initialization/configuration parameter as a generic name/value pair.
Example
<options>
  <option name="debug" value="false"/>
  <option name="serviceId" value="cams-user-repository"/>
</options>

<option>

A list of configuration options for a login module.

Item Description
Syntax
<option name="service identifier" value="cams-user-repository"/>
Attributes
name Req An initialization/configuration parameter name.
value Req An initialization/configuration parameter value.
Data None
Parent Elements

1. <options>

Child Elements None
Example
<options>
  <option name="debug" value="false"/>
  <option name="serviceId" value="cams-user-repository"/>
</options>

<callback-handler>

Registers a Java callback handler class for use with authentication. The callback handler is specific to the authetication client. For example, an HTTP Web interface will use a different callback handler from a Java application to garner user credentials. Starting with Cams policy server release 3.1, all login modules use the MapCallbackHandler.

Item Description
Syntax
<callback-handler className="fully.qualified.JavaClassName"/>
Attributes
className Req

The fully qualified name of the Java class that implements the callback handler.

Data None
Parent Elements

1. <login-config-entry>

Child Elements None
Example
<!-- Register the MapCallbackHandler -->
<callback-handler className=\ "com.cafesoft.security.engine.auth.callback.MapCallbackHandler" />

<login-parameters>

A collection of login parameter elements. The login parameters can have 0 to many login-parameter elements.

Item Description
Syntax
<login-parameters>
  <login-paramter ... />
  ...
</login-parameters>
Attributes None
Data None
Parent Elements

1. <login-config-entry>

Child Elements
<login-parameter> Opt

A name/value pair of contextual login information.

Example
<!-- Specify the default login page -->
<login-parameters>
<login-parameter name="camsLoginUrl"
value="${http.resource.base.id}/login/login.jsp"/>
</login-parameters>

<login-parameter>

A collection of login-parameter elements. The login-parameters can have 0 to many login-parameter elements.

Item Description
Syntax
<login-parameter name="textual name" value="value"/>
Attributes
name Req A login parameter name.
value Req A login parameter value.
Data None
Parent Elements

1. <login-parameters>

Child Elements None
Example
<!-- Specify the default login page -->
<login-parameters>
<login-parameter name="camsLoginUrl"
value="${http.resource.base.id}/login/login.jsp"/>
</login-parameters>

Back | Next | Contents