Class DigestAuthenticator
- java.lang.Object
-
- org.apache.catalina.valves.ValveBase
-
- org.apache.catalina.authenticator.AuthenticatorBase
-
- org.apache.catalina.authenticator.DigestAuthenticator
-
- All Implemented Interfaces:
Authenticator
,Contained
,Lifecycle
,Valve
,GlassFishValve
public class DigestAuthenticator extends AuthenticatorBase
An Authenticator and Valve implementation of HTTP DIGEST Authentication (see RFC 2069).- Version:
- $Revision: 1.6 $ $Date: 2007/04/17 21:33:22 $
- Author:
- Craig R. McClanahan, Remy Maucherat
-
-
Field Summary
Fields Modifier and Type Field Description protected static String
algorithm
The message digest algorithm to be used when generating session identifiers.protected int
cnonceCacheSize
Maximum number of client nonces to keep in the cache.protected static String
DEFAULT_ALGORITHM
The default message digest algorithm to use if we cannot use the requested one.protected static DigestEncoder
digestEncoder
The MD5 helper object for this class.protected static String
info
Descriptive information about this implementation.protected String
key
Private key.protected static MessageDigest
messageDigest
MD5 message digest provider.protected long
nonceValidity
How long server nonces are valid for in milliseconds.protected String
opaque
Opaque string.protected static String
QOP
DIGEST implementation only supports auth quality of protection.protected boolean
validateUri
Should the URI be validated as required by RFC2617? Can be disabled in reverse proxies where the proxy has modified the URI.-
Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase
alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, entropy, random, randomClass, REALM_NAME, securePagesWithPragma, SESSION_ID_BYTES, sso
-
Fields inherited from class org.apache.catalina.valves.ValveBase
container, controller, debug, domain, lifecycle, log, next, oname, rb, started
-
Fields inherited from interface org.glassfish.web.valve.GlassFishValve
END_PIPELINE, INVOKE_NEXT
-
Fields inherited from interface org.apache.catalina.Lifecycle
AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, INIT_EVENT, START_EVENT, STOP_EVENT
-
-
Constructor Summary
Constructors Constructor Description DigestAuthenticator()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
authenticate(HttpRequest request, HttpResponse response, LoginConfig config)
Authenticate the user making this request, based on the specified login configuration.protected static byte[]
digest(byte[] data)
protected String
generateNonce(jakarta.servlet.http.HttpServletRequest request)
Generate a unique token.static String
getAlgorithm()
Return the message digest algorithm for this Manager.protected String
getAuthMethod()
int
getCnonceCacheSize()
String
getInfo()
Return descriptive information about this Valve implementation.String
getKey()
protected static MessageDigest
getMessageDigest()
long
getNonceValidity()
String
getOpaque()
boolean
isValidateUri()
protected String
parseUsername(String authorization)
Parse the username from the specified authorization string.protected static String
removeQuotes(String quotedString)
Removes the quotes on a string.protected static String
removeQuotes(String quotedString, boolean quotesRequired)
Removes the quotes on a string.static void
setAlgorithm(String alg)
Set the message digest algorithm for this Manager.protected void
setAuthenticateHeader(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, LoginConfig config, String nOnce, boolean isNonceStale)
Generates the WWW-Authenticate header.void
setCnonceCacheSize(int cnonceCacheSize)
void
setKey(String key)
void
setNonceValidity(long nonceValidity)
void
setOpaque(String opaque)
void
setValidateUri(boolean validateUri)
void
start()
Prepare for the beginning of active use of the public methods of this component.-
Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase
associate, doLogin, generateSessionId, getAlwaysUseSession, getCache, getContainer, getDebug, getDisableProxyCaching, getEntropy, getRandom, getRandomClass, getRealmName, getSession, getSession, getSingleSignOn, invoke, isChangeSessionIdOnAuthentication, isSecurePagesWithPragma, log, log, login, logout, postInvoke, register, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDebug, setDisableProxyCaching, setEntropy, setRandomClass, setRealmName, setSecurePagesWithPragma, setSingleSignOn, stop
-
Methods inherited from class org.apache.catalina.valves.ValveBase
addLifecycleListener, backgroundProcess, createObjectName, event, findLifecycleListeners, getController, getDomain, getNext, getObjectName, getParentName, invoke, isStarted, removeLifecycleListener, setController, setNext, setObjectName
-
-
-
-
Field Detail
-
digestEncoder
protected static final DigestEncoder digestEncoder
The MD5 helper object for this class.
-
info
protected static final String info
Descriptive information about this implementation.- See Also:
- Constant Field Values
-
QOP
protected static final String QOP
DIGEST implementation only supports auth quality of protection.- See Also:
- Constant Field Values
-
DEFAULT_ALGORITHM
protected static final String DEFAULT_ALGORITHM
The default message digest algorithm to use if we cannot use the requested one.- See Also:
- Constant Field Values
-
algorithm
protected static volatile String algorithm
The message digest algorithm to be used when generating session identifiers. This must be an algorithm supported by thejava.security.MessageDigest
class on your platform.
-
messageDigest
protected static volatile MessageDigest messageDigest
MD5 message digest provider.
-
cnonceCacheSize
protected int cnonceCacheSize
Maximum number of client nonces to keep in the cache. If not specified, the default value of 1000 is used.
-
key
protected String key
Private key.
-
nonceValidity
protected long nonceValidity
How long server nonces are valid for in milliseconds. Defaults to 5 minutes.
-
opaque
protected String opaque
Opaque string.
-
validateUri
protected boolean validateUri
Should the URI be validated as required by RFC2617? Can be disabled in reverse proxies where the proxy has modified the URI.
-
-
Method Detail
-
authenticate
public boolean authenticate(HttpRequest request, HttpResponse response, LoginConfig config) throws IOException
Authenticate the user making this request, based on the specified login configuration. Returntrue
if any specified constraint has been satisfied, orfalse
if we have created a response challenge already.- Specified by:
authenticate
in classAuthenticatorBase
- Parameters:
request
- Request we are processingresponse
- Response we are creatingconfig
- Login configuration describing how authentication should be performed- Throws:
IOException
- if an input/output error occurs
-
getAlgorithm
public static String getAlgorithm()
Return the message digest algorithm for this Manager.
-
setAlgorithm
public static void setAlgorithm(String alg)
Set the message digest algorithm for this Manager.- Parameters:
alg
- The new message digest algorithm
-
getInfo
public String getInfo()
Return descriptive information about this Valve implementation.- Specified by:
getInfo
in interfaceGlassFishValve
- Specified by:
getInfo
in interfaceValve
- Overrides:
getInfo
in classAuthenticatorBase
-
getCnonceCacheSize
public int getCnonceCacheSize()
-
setCnonceCacheSize
public void setCnonceCacheSize(int cnonceCacheSize)
-
getKey
public String getKey()
-
setKey
public void setKey(String key)
-
getNonceValidity
public long getNonceValidity()
-
setNonceValidity
public void setNonceValidity(long nonceValidity)
-
getOpaque
public String getOpaque()
-
setOpaque
public void setOpaque(String opaque)
-
isValidateUri
public boolean isValidateUri()
-
setValidateUri
public void setValidateUri(boolean validateUri)
-
parseUsername
protected String parseUsername(String authorization)
Parse the username from the specified authorization string. If none can be identified, returnnull
- Parameters:
authorization
- Authorization string to be parsed
-
getAuthMethod
protected String getAuthMethod()
- Specified by:
getAuthMethod
in classAuthenticatorBase
-
removeQuotes
protected static String removeQuotes(String quotedString, boolean quotesRequired)
Removes the quotes on a string.
-
removeQuotes
protected static String removeQuotes(String quotedString)
Removes the quotes on a string.
-
generateNonce
protected String generateNonce(jakarta.servlet.http.HttpServletRequest request)
Generate a unique token. The token is generated according to the following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":" time-stamp ":" private-key ) ).- Parameters:
request
- HTTP Servlet request
-
setAuthenticateHeader
protected void setAuthenticateHeader(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, LoginConfig config, String nOnce, boolean isNonceStale)
Generates the WWW-Authenticate header.The header MUST follow this template :
WWW-Authenticate = "WWW-Authenticate" ":" "Digest" digest-challenge digest-challenge = 1#( realm | [ domain ] | nOnce | [ digest-opaque ] |[ stale ] | [ algorithm ] ) realm = "realm" "=" realm-value realm-value = quoted-string domain = "domain" "=" <"> 1#URI <"> nonce = "nonce" "=" nonce-value nonce-value = quoted-string opaque = "opaque" "=" quoted-string stale = "stale" "=" ( "true" | "false" ) algorithm = "algorithm" "=" ( "MD5" | token )
- Parameters:
request
- HTTP Servlet requestresponse
- HTTP Servlet responseconfig
- Login configuration describing how authentication should be performednOnce
- nonce token
-
getMessageDigest
protected static MessageDigest getMessageDigest()
-
digest
protected static byte[] digest(byte[] data)
-
start
public void start() throws LifecycleException
Description copied from class:AuthenticatorBase
Prepare for the beginning of active use of the public methods of this component. This method should be called afterconfigure()
, and before any of the public methods of the component are utilized.- Specified by:
start
in interfaceLifecycle
- Overrides:
start
in classAuthenticatorBase
- Throws:
LifecycleException
- if this component detects a fatal error that prevents this component from being used
-
-