public class DigestAuthenticator extends AuthenticatorBase
Lifecycle.SingleUse| Modifier and Type | Field and Description |
|---|---|
protected String |
key
Private key.
|
protected long |
lastTimestamp
The last timestamp used to generate a nonce.
|
protected Object |
lastTimestampLock |
protected int |
nonceCacheSize
Maximum number of server nonces to keep in the cache.
|
protected int |
nonceCountWindowSize
The window size to use to track seen nonce count values for a given
nonce.
|
protected Map<String,org.apache.catalina.authenticator.DigestAuthenticator.NonceInfo> |
nonces
List of server nonce values currently being tracked
|
protected long |
nonceValidity
How long server nonces are valid for in milliseconds.
|
protected String |
opaque
Opaque string.
|
protected static String |
QOP
Tomcat's DIGEST implementation only supports auth quality of protection.
|
protected boolean |
validateUri
Should the URI be validated as required by RFC2617?
|
alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sessionIdGenerator, sm, ssoasyncSupported, container, containerLog, nextmserverAFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT| Constructor and Description |
|---|
DigestAuthenticator() |
| Modifier and Type | Method and Description |
|---|---|
boolean |
authenticate(Request request,
HttpServletResponse response)
Authenticate the user making this request, based on the specified
login configuration.
|
protected String |
generateNonce(Request request)
Generate a unique token.
|
protected String |
getAuthMethod() |
String |
getKey() |
int |
getNonceCacheSize() |
int |
getNonceCountWindowSize() |
long |
getNonceValidity() |
String |
getOpaque() |
boolean |
isValidateUri() |
protected static String |
removeQuotes(String quotedString)
Removes the quotes on a string.
|
protected static String |
removeQuotes(String quotedString,
boolean quotesRequired)
Removes the quotes on a string.
|
protected void |
setAuthenticateHeader(HttpServletRequest request,
HttpServletResponse response,
String nonce,
boolean isNonceStale)
Generates the WWW-Authenticate header.
|
void |
setKey(String key) |
void |
setNonceCacheSize(int nonceCacheSize) |
void |
setNonceCountWindowSize(int nonceCountWindowSize) |
void |
setNonceValidity(long nonceValidity) |
void |
setOpaque(String opaque) |
void |
setValidateUri(boolean validateUri) |
protected void |
startInternal()
Start this component and implement the requirements
of
LifecycleBase.startInternal(). |
associate, checkForCachedAuthentication, doLogin, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getRealmName, getRequestCertificates, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, login, logout, reauthenticateFromSSO, register, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, stopInternalbackgroundProcess, event, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toStringdestroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregisteraddLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, init, removeLifecycleListener, setState, setState, start, stopprotected static final String QOP
protected Map<String,org.apache.catalina.authenticator.DigestAuthenticator.NonceInfo> nonces
protected long lastTimestamp
protected final Object lastTimestampLock
protected int nonceCacheSize
protected int nonceCountWindowSize
protected String key
protected long nonceValidity
protected String opaque
protected boolean validateUri
public int getNonceCountWindowSize()
public void setNonceCountWindowSize(int nonceCountWindowSize)
public int getNonceCacheSize()
public void setNonceCacheSize(int nonceCacheSize)
public String getKey()
public void setKey(String key)
public long getNonceValidity()
public void setNonceValidity(long nonceValidity)
public String getOpaque()
public void setOpaque(String opaque)
public boolean isValidateUri()
public void setValidateUri(boolean validateUri)
public boolean authenticate(Request request, HttpServletResponse response) throws IOException
true if any specified
constraint has been satisfied, or false if we have
created a response challenge already.authenticate in interface Authenticatorauthenticate in class AuthenticatorBaserequest - Request we are processingresponse - Response we are creatingtrue if any specified constraints have been
satisfied, or false if one more constraints were not
satisfied (in which case an authentication challenge will have
been written to the response).IOException - if an input/output error occursprotected String getAuthMethod()
getAuthMethod in class AuthenticatorBaseprotected static String removeQuotes(String quotedString, boolean quotesRequired)
protected static String removeQuotes(String quotedString)
protected String generateNonce(Request request)
request - HTTP Servlet requestprotected void setAuthenticateHeader(HttpServletRequest request, HttpServletResponse response, String nonce, boolean isNonceStale)
The header MUST follow this template :
WWW-Authenticate = "WWW-Authenticate" ":" "Digest"
digest-challenge
digest-challenge = 1#( realm | [ domain ] | nonce |
[ digest-opaque ] |[ stale ] | [ algorithm ] )
realm = "realm" "=" realm-value
realm-value = quoted-string
domain = "domain" "=" <"> 1#URI <">
nonce = "nonce" "=" nonce-value
nonce-value = quoted-string
opaque = "opaque" "=" quoted-string
stale = "stale" "=" ( "true" | "false" )
algorithm = "algorithm" "=" ( "MD5" | token )
request - HTTP Servlet requestresponse - HTTP Servlet responsenonce - nonce tokenprotected void startInternal()
throws LifecycleException
AuthenticatorBaseLifecycleBase.startInternal().startInternal in class AuthenticatorBaseLifecycleException - if this component detects a fatal error
that prevents this component from being usedCopyright © 2000-2016 Apache Software Foundation. All Rights Reserved.