Overview  Package   Class  Tree  Deprecated  Index  Help 
Apache Tomcat 7.0.28
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.catalina.authenticator
Class DigestAuthenticator

java.lang.Object
  extended by org.apache.catalina.util.LifecycleBase
      extended by org.apache.catalina.util.LifecycleMBeanBase
          extended by org.apache.catalina.valves.ValveBase
              extended by org.apache.catalina.authenticator.AuthenticatorBase
                  extended by org.apache.catalina.authenticator.DigestAuthenticator
All Implemented Interfaces:
MBeanRegistration, Authenticator, Contained, Lifecycle, Valve
public class DigestAuthenticator
extends AuthenticatorBase

An Authenticator and Valve implementation of HTTP DIGEST Authentication (see RFC 2069).

Version:
$Id: DigestAuthenticator.java 1349321 2012-06-12 13:26:10Z markt $
Author:
Craig R. McClanahan, Remy Maucherat

Field Summary
protected  int cnonceCacheSize
          Maximum number of client nonces to keep in the cache.
protected  Map<String,org.apache.catalina.authenticator.DigestAuthenticator.NonceInfo> cnonces
          List of client nonce values currently being tracked
protected static String info
          Descriptive information about this implementation.
protected  String key
          Private key.
protected static MD5Encoder md5Encoder
          The MD5 helper object for this class.
protected static MessageDigest md5Helper
          MD5 message digest provider.
protected  long nonceValidity
          How long server nonces are valid for in milliseconds.
protected  String opaque
          Opaque string.
protected static String QOP
          Tomcat's DIGEST implementation only supports auth quality of protection.
protected  boolean validateUri
          Should the URI be validated as required by RFC2617?
 
Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase
alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sessionIdGenerator, sm, sso
 
Fields inherited from class org.apache.catalina.valves.ValveBase
asyncSupported, container, containerLog, next
 
Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase
mserver
 
Fields inherited from interface org.apache.catalina.Lifecycle
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
 
Constructor Summary
DigestAuthenticator()
           
 
Method Summary
 boolean authenticate(Request request, HttpServletResponse response, LoginConfig config)
          Authenticate the user making this request, based on the specified login configuration.
protected  String generateNonce(Request request)
          Generate a unique token.
protected  String getAuthMethod()
           
 int getCnonceCacheSize()
           
 String getInfo()
          Return descriptive information about this Valve implementation.
 String getKey()
           
 long getNonceValidity()
           
 String getOpaque()
           
 boolean isValidateUri()
           
protected  String parseUsername(String authorization)
          Parse the username from the specified authorization string.
protected static String removeQuotes(String quotedString)
          Removes the quotes on a string.
protected static String removeQuotes(String quotedString, boolean quotesRequired)
          Removes the quotes on a string.
protected  void setAuthenticateHeader(HttpServletRequest request, HttpServletResponse response, LoginConfig config, String nonce, boolean isNonceStale)
          Generates the WWW-Authenticate header.
 void setCnonceCacheSize(int cnonceCacheSize)
           
 void setKey(String key)
           
 void setNonceValidity(long nonceValidity)
           
 void setOpaque(String opaque)
           
 void setValidateUri(boolean validateUri)
           
protected  void startInternal()
          Start this component and implement the requirements of LifecycleBase.startInternal().
 
Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase
associate, authenticate, doLogin, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, login, logout, reauthenticateFromSSO, register, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, stopInternal
 
Methods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, event, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toString
 
Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister
 
Methods inherited from class org.apache.catalina.util.LifecycleBase
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, init, removeLifecycleListener, setState, setState, start, stop
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

md5Encoder

protected static final MD5Encoder md5Encoder
The MD5 helper object for this class.

info

protected static final String info
Descriptive information about this implementation.

See Also:
Constant Field Values

QOP

protected static final String QOP
Tomcat's DIGEST implementation only supports auth quality of protection.

See Also:
Constant Field Values

md5Helper

protected static volatile MessageDigest md5Helper
MD5 message digest provider.

cnonces

protected Map<String,org.apache.catalina.authenticator.DigestAuthenticator.NonceInfo> cnonces
List of client nonce values currently being tracked

cnonceCacheSize

protected int cnonceCacheSize
Maximum number of client nonces to keep in the cache. If not specified, the default value of 1000 is used.

key

protected String key
Private key.

nonceValidity

protected long nonceValidity
How long server nonces are valid for in milliseconds. Defaults to 5 minutes.

opaque

protected String opaque
Opaque string.

validateUri

protected boolean validateUri
Should the URI be validated as required by RFC2617? Can be disabled in reverse proxies where the proxy has modified the URI.

Constructor Detail

DigestAuthenticator

public DigestAuthenticator()
Method Detail

getInfo

public String getInfo()
Return descriptive information about this Valve implementation.

Specified by:
getInfo in interface Valve
Overrides:
getInfo in class AuthenticatorBase

getCnonceCacheSize

public int getCnonceCacheSize()

setCnonceCacheSize

public void setCnonceCacheSize(int cnonceCacheSize)

getKey

public String getKey()

setKey

public void setKey(String key)

getNonceValidity

public long getNonceValidity()

setNonceValidity

public void setNonceValidity(long nonceValidity)

getOpaque

public String getOpaque()

setOpaque

public void setOpaque(String opaque)

isValidateUri

public boolean isValidateUri()

setValidateUri

public void setValidateUri(boolean validateUri)

authenticate

public boolean authenticate(Request request,
                            HttpServletResponse response,
                            LoginConfig config)
                     throws IOException
Authenticate the user making this request, based on the specified login configuration. Return true if any specified constraint has been satisfied, or false if we have created a response challenge already.

Specified by:
authenticate in interface Authenticator
Specified by:
authenticate in class AuthenticatorBase
Parameters:
request - Request we are processing
response - Response we are creating
config - Login configuration describing how authentication should be performed
Throws:
IOException - if an input/output error occurs

getAuthMethod

protected String getAuthMethod()
Specified by:
getAuthMethod in class AuthenticatorBase

parseUsername

protected String parseUsername(String authorization)
Parse the username from the specified authorization string. If none can be identified, return null

Parameters:
authorization - Authorization string to be parsed

removeQuotes

protected static String removeQuotes(String quotedString,
                                     boolean quotesRequired)
Removes the quotes on a string. RFC2617 states quotes are optional for all parameters except realm.

removeQuotes

protected static String removeQuotes(String quotedString)
Removes the quotes on a string.

generateNonce

protected String generateNonce(Request request)
Generate a unique token. The token is generated according to the following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":" time-stamp ":" private-key ) ).

Parameters:
request - HTTP Servlet request

setAuthenticateHeader

protected void setAuthenticateHeader(HttpServletRequest request,
                                     HttpServletResponse response,
                                     LoginConfig config,
                                     String nonce,
                                     boolean isNonceStale)
Generates the WWW-Authenticate header.

The header MUST follow this template : 

      WWW-Authenticate    = "WWW-Authenticate" ":" "Digest"
                            digest-challenge

      digest-challenge    = 1#( realm | [ domain ] | nonce |
                  [ digest-opaque ] |[ stale ] | [ algorithm ] )

      realm               = "realm" "=" realm-value
      realm-value         = quoted-string
      domain              = "domain" "=" <"> 1#URI <">
      nonce               = "nonce" "=" nonce-value
      nonce-value         = quoted-string
      opaque              = "opaque" "=" quoted-string
      stale               = "stale" "=" ( "true" | "false" )
      algorithm           = "algorithm" "=" ( "MD5" | token )

Parameters:
request - HTTP Servlet request
response - HTTP Servlet response
config - Login configuration describing how authentication should be performed
nonce - nonce token

startInternal

protected void startInternal()
                      throws LifecycleException
Description copied from class: AuthenticatorBase
Start this component and implement the requirements of LifecycleBase.startInternal().

Overrides:
startInternal in class AuthenticatorBase
Throws:
LifecycleException - if this component detects a fatal error that prevents this component from being used
Overview  Package   Class  Tree  Deprecated  Index  Help 
Apache Tomcat 7.0.28
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2000-2012 Apache Software Foundation. All Rights Reserved.