Class DigestAuthenticator
- java.lang.Object
- 
- org.apache.catalina.util.LifecycleBase
- 
- org.apache.catalina.util.LifecycleMBeanBase
- 
- org.apache.catalina.valves.ValveBase
- 
- org.apache.catalina.authenticator.AuthenticatorBase
- 
- org.apache.catalina.authenticator.DigestAuthenticator
 
 
 
 
 
- 
- All Implemented Interfaces:
- javax.management.MBeanRegistration,- RegistrationListener,- Authenticator,- Contained,- JmxEnabled,- Lifecycle,- Valve
 
 public class DigestAuthenticator extends AuthenticatorBase An Authenticator and Valve implementation of HTTP DIGEST Authentication (see RFC 2069).- Author:
- Craig R. McClanahan, Remy Maucherat
 
- 
- 
Nested Class SummaryNested Classes Modifier and Type Class Description static classDigestAuthenticator.DigestInfostatic classDigestAuthenticator.NonceInfo- 
Nested classes/interfaces inherited from class org.apache.catalina.authenticator.AuthenticatorBaseAuthenticatorBase.AllowCorsPreflight
 - 
Nested classes/interfaces inherited from interface org.apache.catalina.LifecycleLifecycle.SingleUse
 
- 
 - 
Field SummaryFields Modifier and Type Field Description protected java.lang.StringkeyPrivate key.protected longlastTimestampThe last timestamp used to generate a nonce.protected java.lang.ObjectlastTimestampLockprotected intnonceCacheSizeMaximum number of server nonces to keep in the cache.protected intnonceCountWindowSizeThe window size to use to track seen nonce count values for a given nonce.protected java.util.Map<java.lang.String,DigestAuthenticator.NonceInfo>noncesList of server nonce values currently being trackedprotected longnonceValidityHow long server nonces are valid for in milliseconds.protected java.lang.StringopaqueOpaque string.protected static java.lang.StringQOPTomcat's DIGEST implementation only supports auth quality of protection.protected booleanvalidateUriShould the URI be validated as required by RFC2617?- 
Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBasealwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, jaspicCallbackHandlerClass, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sendAuthInfoResponseHeaders, sessionIdGenerator, sm, sso
 - 
Fields inherited from class org.apache.catalina.valves.ValveBaseasyncSupported, container, containerLog, next
 - 
Fields inherited from class org.apache.catalina.util.LifecycleMBeanBasemserver
 - 
Fields inherited from interface org.apache.catalina.LifecycleAFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
 
- 
 - 
Constructor SummaryConstructors Constructor Description DigestAuthenticator()
 - 
Method SummaryAll Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected booleandoAuthenticate(Request request, HttpServletResponse response)Authenticate the user making this request, based on the specified login configuration.protected java.lang.StringgenerateNonce(Request request)Generate a unique token.protected java.lang.StringgetAuthMethod()java.lang.StringgetKey()intgetNonceCacheSize()intgetNonceCountWindowSize()longgetNonceValidity()java.lang.StringgetOpaque()protected booleanisPreemptiveAuthPossible(Request request)Can the authenticator perform preemptive authentication for the given request?booleanisValidateUri()protected static java.lang.StringremoveQuotes(java.lang.String quotedString)Removes the quotes on a string.protected static java.lang.StringremoveQuotes(java.lang.String quotedString, boolean quotesRequired)Removes the quotes on a string.protected voidsetAuthenticateHeader(HttpServletRequest request, HttpServletResponse response, java.lang.String nonce, boolean isNonceStale)Generates the WWW-Authenticate header.voidsetKey(java.lang.String key)voidsetNonceCacheSize(int nonceCacheSize)voidsetNonceCountWindowSize(int nonceCountWindowSize)voidsetNonceValidity(long nonceValidity)voidsetOpaque(java.lang.String opaque)voidsetValidateUri(boolean validateUri)protected voidstartInternal()Start this component and implement the requirements ofLifecycleBase.startInternal().- 
Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBaseallowCorsPreflightBypass, associate, authenticate, changeSessionID, checkForCachedAuthentication, doLogin, getAllowCorsPreflight, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getJaspicCallbackHandlerClass, getRealmName, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, isContinuationRequired, isSendAuthInfoResponseHeaders, login, logout, notify, reauthenticateFromSSO, register, register, setAllowCorsPreflight, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setJaspicCallbackHandlerClass, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, setSendAuthInfoResponseHeaders, stopInternal
 - 
Methods inherited from class org.apache.catalina.valves.ValveBasebackgroundProcess, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toString
 - 
Methods inherited from class org.apache.catalina.util.LifecycleMBeanBasedestroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister
 - 
Methods inherited from class org.apache.catalina.util.LifecycleBaseaddLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop
 
- 
 
- 
- 
- 
Field Detail- 
QOPprotected static final java.lang.String QOP Tomcat's DIGEST implementation only supports auth quality of protection.- See Also:
- Constant Field Values
 
 - 
noncesprotected java.util.Map<java.lang.String,DigestAuthenticator.NonceInfo> nonces List of server nonce values currently being tracked
 - 
lastTimestampprotected long lastTimestamp The last timestamp used to generate a nonce. Each nonce should get a unique timestamp.
 - 
lastTimestampLockprotected final java.lang.Object lastTimestampLock 
 - 
nonceCacheSizeprotected int nonceCacheSize Maximum number of server nonces to keep in the cache. If not specified, the default value of 1000 is used.
 - 
nonceCountWindowSizeprotected int nonceCountWindowSize The window size to use to track seen nonce count values for a given nonce. If not specified, the default of 100 is used.
 - 
keyprotected java.lang.String key Private key.
 - 
nonceValidityprotected long nonceValidity How long server nonces are valid for in milliseconds. Defaults to 5 minutes.
 - 
opaqueprotected java.lang.String opaque Opaque string.
 - 
validateUriprotected boolean validateUri Should the URI be validated as required by RFC2617? Can be disabled in reverse proxies where the proxy has modified the URI.
 
- 
 - 
Method Detail- 
getNonceCountWindowSizepublic int getNonceCountWindowSize() 
 - 
setNonceCountWindowSizepublic void setNonceCountWindowSize(int nonceCountWindowSize) 
 - 
getNonceCacheSizepublic int getNonceCacheSize() 
 - 
setNonceCacheSizepublic void setNonceCacheSize(int nonceCacheSize) 
 - 
getKeypublic java.lang.String getKey() 
 - 
setKeypublic void setKey(java.lang.String key) 
 - 
getNonceValiditypublic long getNonceValidity() 
 - 
setNonceValiditypublic void setNonceValidity(long nonceValidity) 
 - 
getOpaquepublic java.lang.String getOpaque() 
 - 
setOpaquepublic void setOpaque(java.lang.String opaque) 
 - 
isValidateUripublic boolean isValidateUri() 
 - 
setValidateUripublic void setValidateUri(boolean validateUri) 
 - 
doAuthenticateprotected boolean doAuthenticate(Request request, HttpServletResponse response) throws java.io.IOException Authenticate the user making this request, based on the specified login configuration. Returntrueif any specified constraint has been satisfied, orfalseif we have created a response challenge already.- Specified by:
- doAuthenticatein class- AuthenticatorBase
- Parameters:
- request- Request we are processing
- response- Response we are creating
- Returns:
- trueif the the user was authenticated, otherwise- false, in which case an authentication challenge will have been written to the response
- Throws:
- java.io.IOException- if an input/output error occurs
 
 - 
getAuthMethodprotected java.lang.String getAuthMethod() - Specified by:
- getAuthMethodin class- AuthenticatorBase
 
 - 
removeQuotesprotected static java.lang.String removeQuotes(java.lang.String quotedString, boolean quotesRequired)Removes the quotes on a string. RFC2617 states quotes are optional for all parameters except realm.- Parameters:
- quotedString- The quoted string
- quotesRequired-- trueif quotes were required
- Returns:
- The unquoted string
 
 - 
removeQuotesprotected static java.lang.String removeQuotes(java.lang.String quotedString) Removes the quotes on a string.- Parameters:
- quotedString- The quoted string
- Returns:
- The unquoted string
 
 - 
generateNonceprotected java.lang.String generateNonce(Request request) Generate a unique token. The token is generated according to the following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":" time-stamp ":" private-key ) ).- Parameters:
- request- HTTP Servlet request
- Returns:
- The generated nonce
 
 - 
setAuthenticateHeaderprotected void setAuthenticateHeader(HttpServletRequest request, HttpServletResponse response, java.lang.String nonce, boolean isNonceStale) Generates the WWW-Authenticate header.The header MUST follow this template : WWW-Authenticate = "WWW-Authenticate" ":" "Digest" digest-challenge digest-challenge = 1#( realm | [ domain ] | nonce | [ digest-opaque ] |[ stale ] | [ algorithm ] ) realm = "realm" "=" realm-value realm-value = quoted-string domain = "domain" "=" <"> 1#URI <"> nonce = "nonce" "=" nonce-value nonce-value = quoted-string opaque = "opaque" "=" quoted-string stale = "stale" "=" ( "true" | "false" ) algorithm = "algorithm" "=" ( "MD5" | token )- Parameters:
- request- HTTP Servlet request
- response- HTTP Servlet response
- nonce- nonce token
- isNonceStale-- trueto add a stale parameter
 
 - 
isPreemptiveAuthPossibleprotected boolean isPreemptiveAuthPossible(Request request) Description copied from class:AuthenticatorBaseCan the authenticator perform preemptive authentication for the given request?- Overrides:
- isPreemptiveAuthPossiblein class- AuthenticatorBase
- Parameters:
- request- The request to check for credentials
- Returns:
- trueif preemptive authentication is possible, otherwise- false
 
 - 
startInternalprotected void startInternal() throws LifecycleExceptionDescription copied from class:AuthenticatorBaseStart this component and implement the requirements ofLifecycleBase.startInternal().- Overrides:
- startInternalin class- AuthenticatorBase
- Throws:
- LifecycleException- if this component detects a fatal error that prevents this component from being used
 
 
- 
 
-