org.apache.catalina.authenticator
Class DigestAuthenticator
- Authenticator, Contained, Lifecycle, MBeanRegistration, Valve
public class DigestAuthenticator
An Authenticator and Valve implementation of HTTP DIGEST
Authentication (see RFC 2069).
Version:
- Craig R. McClanahan
- Remy Maucherat
protected static int | TIMEOUT_INFINITE - Indicates that no once tokens are used only once.
|
protected static int | USE_NEVER_EXPIRES - Indicates that no once tokens are used only once.
|
protected static int | USE_ONCE - Indicates that no once tokens are used only once.
|
protected static String | info - Descriptive information about this implementation.
|
protected String | key - Private key.
|
protected static MD5Encoder | md5Encoder - The MD5 helper object for this class.
|
protected static MessageDigest | md5Helper - MD5 message digest provider.
|
protected long | nOnceTimeout - No once expiration (in millisecond).
|
protected Hashtable | nOnceTokens - No once hashtable.
|
protected int | nOnceUses - No once expiration after a specified number of uses.
|
DEFAULT_ALGORITHM , SESSION_ID_BYTES , algorithm , cache , context , debug , digest , disableProxyCaching , entropy , info , lifecycle , random , randomClass , sm , sso , started |
boolean | authenticate(HttpRequest request, HttpResponse response, LoginConfig config) - Authenticate the user making this request, based on the specified
login configuration.
|
protected static Principal | findPrincipal(HttpServletRequest request, String authorization, Realm realm) - Parse the specified authorization credentials, and return the
associated Principal that these credentials authenticate (if any)
from the specified Realm.
|
protected String | generateNOnce(HttpServletRequest request) - Generate a unique token.
|
String | getInfo() - Return descriptive information about this Valve implementation.
|
protected String | parseUsername(String authorization) - Parse the username from the specified authorization string.
|
protected static String | removeQuotes(String quotedString) - Removes the quotes on a string.
|
protected static String | removeQuotes(String quotedString, boolean quotesRequired) - Removes the quotes on a string.
|
protected void | setAuthenticateHeader(HttpServletRequest request, HttpServletResponse response, LoginConfig config, String nOnce) - Generates the WWW-Authenticate header.
|
addLifecycleListener , associate , authenticate , findLifecycleListeners , generateSessionId , getAlgorithm , getCache , getContainer , getDebug , getDigest , getDisableProxyCaching , getEntropy , getInfo , getRandom , getRandomClass , getSession , getSession , invoke , log , log , reauthenticateFromSSO , register , removeLifecycleListener , setAlgorithm , setCache , setContainer , setDebug , setDisableProxyCaching , setEntropy , setRandomClass , start , stop |
createObjectName , getContainer , getContainerName , getController , getDebug , getDomain , getInfo , getObjectName , getParentName , invoke , postDeregister , postRegister , preDeregister , preRegister , setContainer , setController , setDebug , setObjectName |
TIMEOUT_INFINITE
protected static final int TIMEOUT_INFINITE
Indicates that no once tokens are used only once.
USE_NEVER_EXPIRES
protected static final int USE_NEVER_EXPIRES
Indicates that no once tokens are used only once.
USE_ONCE
protected static final int USE_ONCE
Indicates that no once tokens are used only once.
- 1
info
protected static final String info
Descriptive information about this implementation.
key
protected String key
Private key.
md5Encoder
protected static final MD5Encoder md5Encoder
The MD5 helper object for this class.
md5Helper
protected static MessageDigest md5Helper
MD5 message digest provider.
nOnceTimeout
protected long nOnceTimeout
No once expiration (in millisecond). A shorter amount would mean a
better security level (since the token is generated more often), but at
the expense of a bigger server overhead.
nOnceTokens
protected Hashtable nOnceTokens
No once hashtable.
nOnceUses
protected int nOnceUses
No once expiration after a specified number of uses. A lower number
would produce more overhead, since a token would have to be generated
more often, but would be more secure.
DigestAuthenticator
public DigestAuthenticator()
authenticate
public boolean authenticate(HttpRequest request,
HttpResponse response,
LoginConfig config)
throws IOException
Authenticate the user making this request, based on the specified
login configuration. Return true
if any specified
constraint has been satisfied, or false
if we have
created a response challenge already.
- authenticate in interface AuthenticatorBase
request
- Request we are processingresponse
- Response we are creatingconfig
- Login configuration describing how authentication
should be performed
findPrincipal
protected static Principal findPrincipal(HttpServletRequest request,
String authorization,
Realm realm)
Parse the specified authorization credentials, and return the
associated Principal that these credentials authenticate (if any)
from the specified Realm. If there is no such Principal, return
null
.
request
- HTTP servlet requestauthorization
- Authorization credentials from this requestrealm
- Realm used to authenticate Principals
generateNOnce
protected String generateNOnce(HttpServletRequest request)
Generate a unique token. The token is generated according to the
following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":"
time-stamp ":" private-key ) ).
request
- HTTP Servlet request
getInfo
public String getInfo()
Return descriptive information about this Valve implementation.
- getInfo in interface Valve
- getInfo in interface AuthenticatorBase
parseUsername
protected String parseUsername(String authorization)
Parse the username from the specified authorization string. If none
can be identified, return null
authorization
- Authorization string to be parsed
removeQuotes
protected static String removeQuotes(String quotedString)
Removes the quotes on a string.
removeQuotes
protected static String removeQuotes(String quotedString,
boolean quotesRequired)
Removes the quotes on a string. RFC2617 states quotes are optional for
all parameters except realm.
setAuthenticateHeader
protected void setAuthenticateHeader(HttpServletRequest request,
HttpServletResponse response,
LoginConfig config,
String nOnce)
Generates the WWW-Authenticate header.
The header MUST follow this template :
WWW-Authenticate = "WWW-Authenticate" ":" "Digest"
digest-challenge
digest-challenge = 1#( realm | [ domain ] | nOnce |
[ digest-opaque ] |[ stale ] | [ algorithm ] )
realm = "realm" "=" realm-value
realm-value = quoted-string
domain = "domain" "=" <"> 1#URI <">
nonce = "nonce" "=" nonce-value
nonce-value = quoted-string
opaque = "opaque" "=" quoted-string
stale = "stale" "=" ( "true" | "false" )
algorithm = "algorithm" "=" ( "MD5" | token )
request
- HTTP Servlet requestresponse
- HTTP Servlet responseconfig
- Login configuration describing how authentication
should be performednOnce
- nonce token
Copyright B) 2000-2003 Apache Software Foundation. All Rights Reserved.