Package org.apache.catalina.authenticator

This package contains Authenticator implementations for the various supported authentication methods (BASIC, DIGEST, and FORM). In addition, there is a convenience base class, AuthenticatorBase, for customized Authenticator implementations.

If you are using the standard context configuration class (org.apache.catalina.startup.ContextConfig) to configure the Authenticator associated with a particular context, you can register the Java class to be used for each possible authentication method by modifying the following Properties file:


Each of the standard implementations extends a common base class (AuthenticatorBase), which is configured by setting the following JavaBeans properties (with default values in square brackets):

  • cache - Should we cache authenticated Principals (thus avoiding per-request lookups in our underlying Realm) if this request is part of an HTTP session? [true]
  • debug - Debugging detail level for this component. [0]

The standard authentication methods that are currently provided include:

  • BasicAuthenticator - Implements HTTP BASIC authentication, as described in RFC 2617.
  • DigestAuthenticator - Implements HTTP DIGEST authentication, as described in RFC 2617.
  • FormAuthenticator - Implements FORM-BASED authentication, as described in the Servlet API Specification.