public class DigestAuthenticator extends AuthenticatorBase
Modifier and Type | Field and Description |
---|---|
protected String |
key
Private key.
|
protected long |
lastTimestamp
The last timestamp used to generate a nonce.
|
protected Object |
lastTimestampLock |
protected int |
nonceCacheSize
Maximum number of server nonces to keep in the cache.
|
protected int |
nonceCountWindowSize
The window size to use to track seen nonce count values for a given
nonce.
|
protected Map<String,org.apache.catalina.authenticator.DigestAuthenticator.NonceInfo> |
nonces
List of server nonce values currently being tracked
|
protected long |
nonceValidity
How long server nonces are valid for in milliseconds.
|
protected String |
opaque
Opaque string.
|
protected static String |
QOP
Tomcat's DIGEST implementation only supports auth quality of protection.
|
protected boolean |
validateUri
Should the URI be validated as required by RFC2617?
|
alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sessionIdGenerator, sm, sso
asyncSupported, container, containerLog, next
mserver
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
Constructor and Description |
---|
DigestAuthenticator() |
Modifier and Type | Method and Description |
---|---|
boolean |
authenticate(Request request,
HttpServletResponse response)
Authenticate the user making this request, based on the specified
login configuration.
|
protected String |
generateNonce(Request request)
Generate a unique token.
|
protected String |
getAuthMethod() |
String |
getKey() |
int |
getNonceCacheSize() |
int |
getNonceCountWindowSize() |
long |
getNonceValidity() |
String |
getOpaque() |
boolean |
isValidateUri() |
protected static String |
removeQuotes(String quotedString)
Removes the quotes on a string.
|
protected static String |
removeQuotes(String quotedString,
boolean quotesRequired)
Removes the quotes on a string.
|
protected void |
setAuthenticateHeader(HttpServletRequest request,
HttpServletResponse response,
String nonce,
boolean isNonceStale)
Generates the WWW-Authenticate header.
|
void |
setKey(String key) |
void |
setNonceCacheSize(int nonceCacheSize) |
void |
setNonceCountWindowSize(int nonceCountWindowSize) |
void |
setNonceValidity(long nonceValidity) |
void |
setOpaque(String opaque) |
void |
setValidateUri(boolean validateUri) |
protected void |
startInternal()
Start this component and implement the requirements
of
LifecycleBase.startInternal() . |
associate, doLogin, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getRealmName, getRequestCertificates, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, login, logout, reauthenticateFromSSO, register, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, stopInternal
backgroundProcess, event, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toString
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, init, removeLifecycleListener, setState, setState, start, stop
protected static final String QOP
protected Map<String,org.apache.catalina.authenticator.DigestAuthenticator.NonceInfo> nonces
protected long lastTimestamp
protected final Object lastTimestampLock
protected int nonceCacheSize
protected int nonceCountWindowSize
protected String key
protected long nonceValidity
protected String opaque
protected boolean validateUri
public int getNonceCountWindowSize()
public void setNonceCountWindowSize(int nonceCountWindowSize)
public int getNonceCacheSize()
public void setNonceCacheSize(int nonceCacheSize)
public String getKey()
public void setKey(String key)
public long getNonceValidity()
public void setNonceValidity(long nonceValidity)
public String getOpaque()
public void setOpaque(String opaque)
public boolean isValidateUri()
public void setValidateUri(boolean validateUri)
public boolean authenticate(Request request, HttpServletResponse response) throws IOException
true
if any specified
constraint has been satisfied, or false
if we have
created a response challenge already.authenticate
in interface Authenticator
authenticate
in class AuthenticatorBase
request
- Request we are processingresponse
- Response we are creatingtrue
if any specified constraints have been
satisfied, or false
if one more constraints were not
satisfied (in which case an authentication challenge will have
been written to the response).IOException
- if an input/output error occursprotected String getAuthMethod()
getAuthMethod
in class AuthenticatorBase
protected static String removeQuotes(String quotedString, boolean quotesRequired)
protected static String removeQuotes(String quotedString)
protected String generateNonce(Request request)
request
- HTTP Servlet requestprotected void setAuthenticateHeader(HttpServletRequest request, HttpServletResponse response, String nonce, boolean isNonceStale)
The header MUST follow this template :
WWW-Authenticate = "WWW-Authenticate" ":" "Digest" digest-challenge digest-challenge = 1#( realm | [ domain ] | nonce | [ digest-opaque ] |[ stale ] | [ algorithm ] ) realm = "realm" "=" realm-value realm-value = quoted-string domain = "domain" "=" <"> 1#URI <"> nonce = "nonce" "=" nonce-value nonce-value = quoted-string opaque = "opaque" "=" quoted-string stale = "stale" "=" ( "true" | "false" ) algorithm = "algorithm" "=" ( "MD5" | token )
request
- HTTP Servlet requestresponse
- HTTP Servlet responsenonce
- nonce tokenprotected void startInternal() throws LifecycleException
AuthenticatorBase
LifecycleBase.startInternal()
.startInternal
in class AuthenticatorBase
LifecycleException
- if this component detects a fatal error
that prevents this component from being usedCopyright © 2000-2014 Apache Software Foundation. All Rights Reserved.