Class DigestAuthenticator
java.lang.Object
org.apache.catalina.util.LifecycleBase
org.apache.catalina.util.LifecycleMBeanBase
org.apache.catalina.valves.ValveBase
org.apache.catalina.authenticator.AuthenticatorBase
org.apache.catalina.authenticator.DigestAuthenticator
- All Implemented Interfaces:
- RegistrationListener,- MBeanRegistration,- Authenticator,- Contained,- JmxEnabled,- Lifecycle,- Valve
An Authenticator and Valve implementation of HTTP DIGEST Authentication, as outlined in RFC 7616: "HTTP
 Digest Authentication"
- Author:
- Craig R. McClanahan, Remy Maucherat
- 
Nested Class SummaryNested ClassesModifier and TypeClassDescriptionstatic enumThis enum exists because RFC 7616 and Java use different names for some digests.static classstatic classNested classes/interfaces inherited from class org.apache.catalina.authenticator.AuthenticatorBaseAuthenticatorBase.AllowCorsPreflightNested classes/interfaces inherited from interface org.apache.catalina.LifecycleLifecycle.SingleUse
- 
Field SummaryFieldsModifier and TypeFieldDescriptionprotected StringPrivate key.protected longThe last timestamp used to generate a nonce.protected final Objectprotected intMaximum number of server nonces to keep in the cache.protected intThe window size to use to track seen nonce count values for a given nonce.protected Map<String,DigestAuthenticator.NonceInfo> List of server nonce values currently being trackedprotected longHow long server nonces are valid for in milliseconds.protected StringOpaque string.protected static final StringTomcat's DIGEST implementation only supports auth quality of protection.protected booleanShould the URI be validated as required by RFC2617?Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBasealwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, jaspicCallbackHandlerClass, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sendAuthInfoResponseHeaders, sessionIdGenerator, sm, ssoFields inherited from class org.apache.catalina.valves.ValveBaseasyncSupported, container, containerLog, nextFields inherited from interface org.apache.catalina.LifecycleAFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
- 
Constructor SummaryConstructors
- 
Method SummaryModifier and TypeMethodDescriptionprotected booleandoAuthenticate(Request request, HttpServletResponse response) Authenticate the user making this request, based on the specified login configuration.protected StringgenerateNonce(Request request) Generate a unique token.protected StringReturn the authentication method, which is vendor-specific and not defined by HttpServletRequest.getKey()intintlongprotected booleanisPreemptiveAuthPossible(Request request) Can the authenticator perform preemptive authentication for the given request?booleanprotected static StringremoveQuotes(String quotedString) Removes the quotes on a string.protected static StringremoveQuotes(String quotedString, boolean quotesRequired) Removes the quotes on a string.voidsetAlgorithms(String algorithmsString) protected voidsetAuthenticateHeader(HttpServletRequest request, HttpServletResponse response, String nonce, boolean isNonceStale) Generates the WWW-Authenticate header(s) as per RFC 7616.voidvoidsetNonceCacheSize(int nonceCacheSize) voidsetNonceCountWindowSize(int nonceCountWindowSize) voidsetNonceValidity(long nonceValidity) voidvoidsetValidateUri(boolean validateUri) protected voidStart this component and implement the requirements ofLifecycleBase.startInternal().Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBaseallowCorsPreflightBypass, associate, authenticate, changeSessionID, checkForCachedAuthentication, doLogin, getAllowCorsPreflight, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getJaspicCallbackHandlerClass, getRealmName, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, isContinuationRequired, isSendAuthInfoResponseHeaders, login, logout, notify, reauthenticateFromSSO, register, register, setAllowCorsPreflight, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setJaspicCallbackHandlerClass, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, setSendAuthInfoResponseHeaders, stopInternalMethods inherited from class org.apache.catalina.valves.ValveBasebackgroundProcess, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toStringMethods inherited from class org.apache.catalina.util.LifecycleMBeanBasedestroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregisterMethods inherited from class org.apache.catalina.util.LifecycleBaseaddLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop
- 
Field Details- 
QOPTomcat's DIGEST implementation only supports auth quality of protection.- See Also:
 
- 
noncesList of server nonce values currently being tracked
- 
lastTimestampprotected long lastTimestampThe last timestamp used to generate a nonce. Each nonce should get a unique timestamp.
- 
lastTimestampLock
- 
nonceCacheSizeprotected int nonceCacheSizeMaximum number of server nonces to keep in the cache. If not specified, the default value of 1000 is used.
- 
nonceCountWindowSizeprotected int nonceCountWindowSizeThe window size to use to track seen nonce count values for a given nonce. If not specified, the default of 100 is used.
- 
keyPrivate key.
- 
nonceValidityprotected long nonceValidityHow long server nonces are valid for in milliseconds. Defaults to 5 minutes.
- 
opaqueOpaque string.
- 
validateUriprotected boolean validateUriShould the URI be validated as required by RFC2617? Can be disabled in reverse proxies where the proxy has modified the URI.
 
- 
- 
Constructor Details- 
DigestAuthenticatorpublic DigestAuthenticator()
 
- 
- 
Method Details- 
getNonceCountWindowSizepublic int getNonceCountWindowSize()
- 
setNonceCountWindowSizepublic void setNonceCountWindowSize(int nonceCountWindowSize) 
- 
getNonceCacheSizepublic int getNonceCacheSize()
- 
setNonceCacheSizepublic void setNonceCacheSize(int nonceCacheSize) 
- 
getKey
- 
setKey
- 
getNonceValiditypublic long getNonceValidity()
- 
setNonceValiditypublic void setNonceValidity(long nonceValidity) 
- 
getOpaque
- 
setOpaque
- 
isValidateUripublic boolean isValidateUri()
- 
setValidateUripublic void setValidateUri(boolean validateUri) 
- 
getAlgorithms
- 
setAlgorithms
- 
doAuthenticateAuthenticate the user making this request, based on the specified login configuration. Returntrueif any specified constraint has been satisfied, orfalseif we have created a response challenge already.- Specified by:
- doAuthenticatein class- AuthenticatorBase
- Parameters:
- request- Request we are processing
- response- Response we are creating
- Returns:
- trueif the the user was authenticated, otherwise- false, in which case an authentication challenge will have been written to the response
- Throws:
- IOException- if an input/output error occurs
 
- 
getAuthMethodDescription copied from class:AuthenticatorBaseReturn the authentication method, which is vendor-specific and not defined by HttpServletRequest.- Specified by:
- getAuthMethodin class- AuthenticatorBase
- Returns:
- the authentication method, which is vendor-specific and not defined by HttpServletRequest.
 
- 
removeQuotesRemoves the quotes on a string. RFC2617 states quotes are optional for all parameters except realm.- Parameters:
- quotedString- The quoted string
- quotesRequired-- trueif quotes were required
- Returns:
- The unquoted string
 
- 
removeQuotesRemoves the quotes on a string.- Parameters:
- quotedString- The quoted string
- Returns:
- The unquoted string
 
- 
generateNonceGenerate a unique token. The token is generated according to the following pattern. NOnceToken = Base64 ( NONCE_DIGEST ( client-IP ":" time-stamp ":" private-key ) ).- Parameters:
- request- HTTP Servlet request
- Returns:
- The generated nonce
 
- 
setAuthenticateHeaderprotected void setAuthenticateHeader(HttpServletRequest request, HttpServletResponse response, String nonce, boolean isNonceStale) Generates the WWW-Authenticate header(s) as per RFC 7616.- Parameters:
- request- HTTP Servlet request
- response- HTTP Servlet response
- nonce- nonce token
- isNonceStale-- trueto add a stale parameter
 
- 
isPreemptiveAuthPossibleDescription copied from class:AuthenticatorBaseCan the authenticator perform preemptive authentication for the given request?- Overrides:
- isPreemptiveAuthPossiblein class- AuthenticatorBase
- Parameters:
- request- The request to check for credentials
- Returns:
- trueif preemptive authentication is possible, otherwise- false
 
- 
startInternalDescription copied from class:ValveBaseStart this component and implement the requirements ofLifecycleBase.startInternal().- Overrides:
- startInternalin class- AuthenticatorBase
- Throws:
- LifecycleException- if this component detects a fatal error that prevents this component from being used
 
 
-