|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.catalina.valves.ValveBase org.apache.catalina.authenticator.AuthenticatorBase org.apache.catalina.authenticator.DigestAuthenticator
An Authenticator and Valve implementation of HTTP DIGEST Authentication (see RFC 2069).
Field Summary | |
protected static java.lang.String |
info
Descriptive information about this implementation. |
protected java.lang.String |
key
Private key. |
protected static MD5Encoder |
md5Encoder
The MD5 helper object for this class. |
protected static java.security.MessageDigest |
md5Helper
MD5 message digest provider. |
protected long |
nOnceTimeout
No once expiration (in millisecond). |
protected java.util.Hashtable |
nOnceTokens
No once hashtable. |
protected int |
nOnceUses
No once expiration after a specified number of uses. |
protected static int |
TIMEOUT_INFINITE
Indicates that no once tokens are used only once. |
protected static int |
USE_NEVER_EXPIRES
Indicates that no once tokens are used only once. |
protected static int |
USE_ONCE
Indicates that no once tokens are used only once. |
Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase |
algorithm, cache, context, debug, DEFAULT_ALGORITHM, digest, disableProxyCaching, entropy, lifecycle, random, randomClass, SESSION_ID_BYTES, sm, sso, started |
Fields inherited from class org.apache.catalina.valves.ValveBase |
container |
Fields inherited from interface org.apache.catalina.Lifecycle |
AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, START_EVENT, STOP_EVENT |
Constructor Summary | |
DigestAuthenticator()
|
Method Summary | |
boolean |
authenticate(HttpRequest request,
HttpResponse response,
LoginConfig config)
Authenticate the user making this request, based on the specified login configuration. |
protected static java.security.Principal |
findPrincipal(javax.servlet.http.HttpServletRequest request,
java.lang.String authorization,
Realm realm)
Parse the specified authorization credentials, and return the associated Principal that these credentials authenticate (if any) from the specified Realm. |
protected java.lang.String |
generateNOnce(javax.servlet.http.HttpServletRequest request)
Generate a unique token. |
java.lang.String |
getInfo()
Return descriptive information about this Valve implementation. |
protected java.lang.String |
parseUsername(java.lang.String authorization)
Parse the username from the specified authorization string. |
protected static java.lang.String |
removeQuotes(java.lang.String quotedString)
Removes the quotes on a string. |
protected void |
setAuthenticateHeader(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
LoginConfig config,
java.lang.String nOnce)
Generates the WWW-Authenticate header. |
Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase |
accessControl, addLifecycleListener, associate, checkUserData, findConstraint, findLifecycleListeners, generateSessionId, getAlgorithm, getCache, getContainer, getDebug, getDigest, getDisableProxyCaching, getEntropy, getRandom, getRandomClass, getSession, getSession, invoke, log, log, register, removeLifecycleListener, setAlgorithm, setCache, setContainer, setDebug, setDisableProxyCaching, setEntropy, setRandomClass, start, stop |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
protected static final int USE_ONCE
protected static final int USE_NEVER_EXPIRES
protected static final int TIMEOUT_INFINITE
protected static final MD5Encoder md5Encoder
protected static final java.lang.String info
protected static java.security.MessageDigest md5Helper
protected java.util.Hashtable nOnceTokens
protected long nOnceTimeout
protected int nOnceUses
protected java.lang.String key
Constructor Detail |
public DigestAuthenticator()
Method Detail |
public java.lang.String getInfo()
getInfo
in interface Valve
getInfo
in class AuthenticatorBase
public boolean authenticate(HttpRequest request, HttpResponse response, LoginConfig config) throws java.io.IOException
true
if any specified
constraint has been satisfied, or false
if we have
created a response challenge already.
authenticate
in class AuthenticatorBase
request
- Request we are processingresponse
- Response we are creating
java.io.IOException
- if an input/output error occursprotected static java.security.Principal findPrincipal(javax.servlet.http.HttpServletRequest request, java.lang.String authorization, Realm realm)
null
.
request
- HTTP servlet requestauthorization
- Authorization credentials from this requestrealm
- Realm used to authenticate Principalsprotected java.lang.String parseUsername(java.lang.String authorization)
null
authorization
- Authorization string to be parsedprotected static java.lang.String removeQuotes(java.lang.String quotedString)
protected java.lang.String generateNOnce(javax.servlet.http.HttpServletRequest request)
request
- HTTP Servlet requestprotected void setAuthenticateHeader(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, LoginConfig config, java.lang.String nOnce)
The header MUST follow this template :
WWW-Authenticate = "WWW-Authenticate" ":" "Digest" digest-challenge digest-challenge = 1#( realm | [ domain ] | nOnce | [ digest-opaque ] |[ stale ] | [ algorithm ] ) realm = "realm" "=" realm-value realm-value = quoted-string domain = "domain" "=" <"> 1#URI <"> nonce = "nonce" "=" nonce-value nonce-value = quoted-string opaque = "opaque" "=" quoted-string stale = "stale" "=" ( "true" | "false" ) algorithm = "algorithm" "=" ( "MD5" | token )
request
- HTTP Servlet requestnOnce
- nonce token
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |