Package org.apache.catalina.authenticator

Class DigestAuthenticator

    • Field Detail

      • digestEncoder

        protected static final DigestEncoder digestEncoder
        The MD5 helper object for this class.

      • QOP

        protected static final String QOP
        DIGEST implementation only supports auth quality of protection.
        See Also:
        Constant Field Values

      • DEFAULT_ALGORITHM

        protected static final String DEFAULT_ALGORITHM
        The default message digest algorithm to use if we cannot use the requested one.
        See Also:
        Constant Field Values

      • algorithm

        protected static volatile String algorithm
        The message digest algorithm to be used when generating session identifiers. This must be an algorithm supported by the java.security.MessageDigest class on your platform.

      • messageDigest

        protected static volatile MessageDigest messageDigest
        MD5 message digest provider.

      • cnonceCacheSize

        protected int cnonceCacheSize
        Maximum number of client nonces to keep in the cache. If not specified, the default value of 1000 is used.

      • key

        protected String key
        Private key.

      • nonceValidity

        protected long nonceValidity
        How long server nonces are valid for in milliseconds. Defaults to 5 minutes.

      • opaque

        protected String opaque
        Opaque string.

      • validateUri

        protected boolean validateUri
        Should the URI be validated as required by RFC2617? Can be disabled in reverse proxies where the proxy has modified the URI.

    • Constructor Detail

      • DigestAuthenticator

        public DigestAuthenticator()

    • Method Detail

      • authenticate

        public boolean authenticate​(HttpRequest request,
                            HttpResponse response,
                            LoginConfig config)
                     throws IOException
        Authenticate the user making this request, based on the specified login configuration. Return true if any specified constraint has been satisfied, or false if we have created a response challenge already.
        Specified by:
        authenticate in class AuthenticatorBase
        Parameters:
        request - Request we are processing
        response - Response we are creating
        config - Login configuration describing how authentication should be performed
        Throws:
        IOException - if an input/output error occurs

      • getAlgorithm

        public static String getAlgorithm()
        Return the message digest algorithm for this Manager.

      • setAlgorithm

        public static void setAlgorithm​(String alg)
        Set the message digest algorithm for this Manager.
        Parameters:
        alg - The new message digest algorithm

      • getCnonceCacheSize

        public int getCnonceCacheSize()

      • setCnonceCacheSize

        public void setCnonceCacheSize​(int cnonceCacheSize)

      • getKey

        public String getKey()

      • setKey

        public void setKey​(String key)

      • getNonceValidity

        public long getNonceValidity()

      • setNonceValidity

        public void setNonceValidity​(long nonceValidity)

      • getOpaque

        public String getOpaque()

      • setOpaque

        public void setOpaque​(String opaque)

      • isValidateUri

        public boolean isValidateUri()

      • setValidateUri

        public void setValidateUri​(boolean validateUri)

      • parseUsername

        protected String parseUsername​(String authorization)
        Parse the username from the specified authorization string. If none can be identified, return null
        Parameters:
        authorization - Authorization string to be parsed

      • removeQuotes

        protected static String removeQuotes​(String quotedString,
                                     boolean quotesRequired)
        Removes the quotes on a string.

      • removeQuotes

        protected static String removeQuotes​(String quotedString)
        Removes the quotes on a string.

      • generateNonce

        protected String generateNonce​(jakarta.servlet.http.HttpServletRequest request)
        Generate a unique token. The token is generated according to the following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":" time-stamp ":" private-key ) ).
        Parameters:
        request - HTTP Servlet request

      • setAuthenticateHeader

        protected void setAuthenticateHeader​(jakarta.servlet.http.HttpServletRequest request,
                                     jakarta.servlet.http.HttpServletResponse response,
                                     LoginConfig config,
                                     String nOnce,
                                     boolean isNonceStale)
        Generates the WWW-Authenticate header.

        The header MUST follow this template : 

         
      WWW-Authenticate    = "WWW-Authenticate" ":" "Digest"
                            digest-challenge

      digest-challenge    = 1#( realm | [ domain ] | nOnce |
                  [ digest-opaque ] |[ stale ] | [ algorithm ] )

      realm               = "realm" "=" realm-value
      realm-value         = quoted-string
      domain              = "domain" "=" <"> 1#URI <">
      nonce               = "nonce" "=" nonce-value
      nonce-value         = quoted-string
      opaque              = "opaque" "=" quoted-string
      stale               = "stale" "=" ( "true" | "false" )
      algorithm           = "algorithm" "=" ( "MD5" | token )
        Parameters:
        request - HTTP Servlet request
        response - HTTP Servlet response
        config - Login configuration describing how authentication should be performed
        nOnce - nonce token

      • getMessageDigest

        protected static MessageDigest getMessageDigest()

      • digest

        protected static byte[] digest​(byte[] data)

      • start

        public void start()
           throws LifecycleException
        Description copied from class: AuthenticatorBase
        Prepare for the beginning of active use of the public methods of this component. This method should be called after configure(), and before any of the public methods of the component are utilized.
        Specified by:
        start in interface Lifecycle
        Overrides:
        start in class AuthenticatorBase
        Throws:
        LifecycleException - if this component detects a fatal error that prevents this component from being used