Overview Package Class Tree Deprecated Help PREV CLASS NEXT CLASS FRAMES NO FRAMES SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
org.apache.catalina.authenticator
Class DigestAuthenticatorjava.lang.Objectorg.apache.catalina.valves.ValveBase
org.apache.catalina.authenticator.AuthenticatorBase
org.apache.catalina.authenticator.DigestAuthenticator
- All Implemented Interfaces:
- Authenticator, Contained, Lifecycle, javax.management.MBeanRegistration, Valve
- public class DigestAuthenticator
- extends AuthenticatorBase
An Authenticator and Valve implementation of HTTP DIGEST Authentication (see RFC 2069).
- Version:
- $Revision: 1.6 $ $Date: 2004/04/22 21:48:32 $
- Author:
- Craig R. McClanahan, Remy Maucherat
Field Summary protected static java.lang.String info
Descriptive information about this implementation.protected java.lang.String key
Private key.protected static MD5Encoder md5Encoder
The MD5 helper object for this class.protected static java.security.MessageDigest md5Helper
MD5 message digest provider.protected long nOnceTimeout
No once expiration (in millisecond).protected java.util.Hashtable nOnceTokens
No once hashtable.protected int nOnceUses
No once expiration after a specified number of uses.protected static int TIMEOUT_INFINITE
Indicates that no once tokens are used only once.protected static int USE_NEVER_EXPIRES
Indicates that no once tokens are used only once.protected static int USE_ONCE
Indicates that no once tokens are used only once.
Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase algorithm, cache, context, debug, DEFAULT_ALGORITHM, digest, disableProxyCaching, entropy, lifecycle, random, randomClass, SESSION_ID_BYTES, sm, sso, started
Fields inherited from class org.apache.catalina.valves.ValveBase container, controller, domain, mserver, oname
Fields inherited from interface org.apache.catalina.Lifecycle AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, START_EVENT, STOP_EVENT
Constructor Summary DigestAuthenticator()
Method Summary boolean authenticate(HttpRequest request, HttpResponse response, LoginConfig config)
Authenticate the user making this request, based on the specified login configuration.protected static java.security.Principal findPrincipal(javax.servlet.http.HttpServletRequest request, java.lang.String authorization, Realm realm)
Parse the specified authorization credentials, and return the associated Principal that these credentials authenticate (if any) from the specified Realm.protected java.lang.String generateNOnce(javax.servlet.http.HttpServletRequest request)
Generate a unique token.java.lang.String getInfo()
Return descriptive information about this Valve implementation.protected java.lang.String parseUsername(java.lang.String authorization)
Parse the username from the specified authorization string.protected static java.lang.String removeQuotes(java.lang.String quotedString)
Removes the quotes on a string.protected static java.lang.String removeQuotes(java.lang.String quotedString, boolean quotesRequired)
Removes the quotes on a string.protected void setAuthenticateHeader(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, LoginConfig config, java.lang.String nOnce)
Generates the WWW-Authenticate header.
Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase addLifecycleListener, associate, findLifecycleListeners, generateSessionId, getAlgorithm, getCache, getContainer, getDebug, getDigest, getDisableProxyCaching, getEntropy, getRandom, getRandomClass, getSession, getSession, invoke, log, log, reauthenticateFromSSO, register, removeLifecycleListener, setAlgorithm, setCache, setContainer, setDebug, setDisableProxyCaching, setEntropy, setRandomClass, start, stop
Methods inherited from class org.apache.catalina.valves.ValveBase createObjectName, getContainerName, getController, getDomain, getObjectName, getParentName, postDeregister, postRegister, preDeregister, preRegister, setController, setObjectName
Methods inherited from class java.lang.Object clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Field Detail USE_ONCE
protected static final int USE_ONCE
- Indicates that no once tokens are used only once.
- See Also:
- Constant Field Values
USE_NEVER_EXPIRES
protected static final int USE_NEVER_EXPIRES
- Indicates that no once tokens are used only once.
- See Also:
- Constant Field Values
TIMEOUT_INFINITE
protected static final int TIMEOUT_INFINITE
- Indicates that no once tokens are used only once.
- See Also:
- Constant Field Values
md5Encoder
protected static final MD5Encoder md5Encoder
- The MD5 helper object for this class.
info
protected static final java.lang.String info
- Descriptive information about this implementation.
- See Also:
- Constant Field Values
md5Helper
protected static java.security.MessageDigest md5Helper
- MD5 message digest provider.
nOnceTokens
protected java.util.Hashtable nOnceTokens
- No once hashtable.
nOnceTimeout
protected long nOnceTimeout
- No once expiration (in millisecond). A shorter amount would mean a better security level (since the token is generated more often), but at the expense of a bigger server overhead.
nOnceUses
protected int nOnceUses
- No once expiration after a specified number of uses. A lower number would produce more overhead, since a token would have to be generated more often, but would be more secure.
key
protected java.lang.String key
- Private key.
Constructor Detail DigestAuthenticator
public DigestAuthenticator()
Method Detail getInfo
public java.lang.String getInfo()
- Return descriptive information about this Valve implementation.
- Specified by:
- getInfo in interface Valve
- Overrides:
- getInfo in class AuthenticatorBase
authenticate
public boolean authenticate(HttpRequest request, HttpResponse response, LoginConfig config) throws java.io.IOException
- Authenticate the user making this request, based on the specified login configuration. Return true if any specified constraint has been satisfied, or false if we have created a response challenge already.
- Specified by:
- authenticate in class AuthenticatorBase
- Parameters:
- request - Request we are processing
- response - Response we are creating
- config - Login configuration describing how authentication should be performed
- Throws:
- java.io.IOException - if an input/output error occurs
findPrincipal
protected static java.security.Principal findPrincipal(javax.servlet.http.HttpServletRequest request, java.lang.String authorization, Realm realm)
- Parse the specified authorization credentials, and return the associated Principal that these credentials authenticate (if any) from the specified Realm. If there is no such Principal, return null.
- Parameters:
- request - HTTP servlet request
- authorization - Authorization credentials from this request
- realm - Realm used to authenticate Principals
parseUsername
protected java.lang.String parseUsername(java.lang.String authorization)
- Parse the username from the specified authorization string. If none can be identified, return null
- Parameters:
- authorization - Authorization string to be parsed
removeQuotes
protected static java.lang.String removeQuotes(java.lang.String quotedString, boolean quotesRequired)
- Removes the quotes on a string. RFC2617 states quotes are optional for all parameters except realm.
removeQuotes
protected static java.lang.String removeQuotes(java.lang.String quotedString)
- Removes the quotes on a string.
generateNOnce
protected java.lang.String generateNOnce(javax.servlet.http.HttpServletRequest request)
- Generate a unique token. The token is generated according to the following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":" time-stamp ":" private-key ) ).
- Parameters:
- request - HTTP Servlet request
setAuthenticateHeader
protected void setAuthenticateHeader(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, LoginConfig config, java.lang.String nOnce)
- Generates the WWW-Authenticate header.
The header MUST follow this template :
WWW-Authenticate = "WWW-Authenticate" ":" "Digest" digest-challenge digest-challenge = 1#( realm | [ domain ] | nOnce | [ digest-opaque ] |[ stale ] | [ algorithm ] ) realm = "realm" "=" realm-value realm-value = quoted-string domain = "domain" "=" <"> 1#URI <"> nonce = "nonce" "=" nonce-value nonce-value = quoted-string opaque = "opaque" "=" quoted-string stale = "stale" "=" ( "true" | "false" ) algorithm = "algorithm" "=" ( "MD5" | token )
- Parameters:
- request - HTTP Servlet request
- response - HTTP Servlet response
- config - Login configuration describing how authentication should be performed
- nOnce - nonce token
Overview Package Class Tree Deprecated Help PREV CLASS NEXT CLASS FRAMES NO FRAMES SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2000-2003 Apache Software Foundation. All Rights Reserved.