Class BasicAuthenticator
java.lang.Object
org.apache.catalina.util.LifecycleBase
org.apache.catalina.util.LifecycleMBeanBase
org.apache.catalina.valves.ValveBase
org.apache.catalina.authenticator.AuthenticatorBase
org.apache.catalina.authenticator.BasicAuthenticator
- All Implemented Interfaces:
RegistrationListener,MBeanRegistration,Authenticator,Contained,JmxEnabled,Lifecycle,Valve
An Authenticator and Valve implementation of HTTP BASIC Authentication, as outlined in RFC 7617: "The
'Basic' HTTP Authentication Scheme"
- Author:
- Craig R. McClanahan
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classParser for an HTTP Authorization header for BASIC authentication as per RFC 2617 section 2, and the Base64 encoded credentials as per RFC 2045 section 6.8.Nested classes/interfaces inherited from class org.apache.catalina.authenticator.AuthenticatorBase
AuthenticatorBase.AllowCorsPreflightNested classes/interfaces inherited from interface org.apache.catalina.Lifecycle
Lifecycle.SingleUse -
Field Summary
Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase
alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, jaspicCallbackHandlerClass, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sendAuthInfoResponseHeaders, sessionIdGenerator, sm, ssoFields inherited from class org.apache.catalina.valves.ValveBase
asyncSupported, container, containerLog, nextFields inherited from interface org.apache.catalina.Lifecycle
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected booleandoAuthenticate(Request request, HttpServletResponse response) Provided for sub-classes to implement their specific authentication mechanism.protected StringReturn the authentication method, which is vendor-specific and not defined by HttpServletRequest.booleanDeprecated.Will be removed in Tomcat 11 onwards.protected booleanisPreemptiveAuthPossible(Request request) Can the authenticator perform preemptive authentication for the given request?voidsetCharset(String charsetString) voidsetTrimCredentials(boolean trimCredentials) Deprecated.Will be removed in Tomcat 11 onwards.Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase
allowCorsPreflightBypass, associate, authenticate, changeSessionID, checkForCachedAuthentication, doLogin, getAllowCorsPreflight, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getJaspicCallbackHandlerClass, getRealmName, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, isContinuationRequired, isSendAuthInfoResponseHeaders, login, logout, notify, reauthenticateFromSSO, register, register, setAllowCorsPreflight, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setJaspicCallbackHandlerClass, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, setSendAuthInfoResponseHeaders, startInternal, stopInternalMethods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toStringMethods inherited from class org.apache.catalina.util.LifecycleMBeanBase
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregisterMethods inherited from class org.apache.catalina.util.LifecycleBase
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop
-
Constructor Details
-
BasicAuthenticator
public BasicAuthenticator()
-
-
Method Details
-
getCharset
-
setCharset
-
getTrimCredentials
Deprecated.Will be removed in Tomcat 11 onwards.Obtain the current setting for the removal of whitespace around the decoded user name and password.- Returns:
trueif white space will be removed around the decoded user name and password
-
setTrimCredentials
Deprecated.Will be removed in Tomcat 11 onwards.Configures trimming of whitespace around the decoded user name and password.- Parameters:
trimCredentials-trueto remove white space around the decoded user name and password
-
doAuthenticate
Description copied from class:AuthenticatorBaseProvided for sub-classes to implement their specific authentication mechanism.- Specified by:
doAuthenticatein classAuthenticatorBase- Parameters:
request- The request that triggered the authenticationresponse- The response associated with the request- Returns:
trueif the the user was authenticated, otherwisefalse, in which case an authentication challenge will have been written to the response- Throws:
IOException- If an I/O problem occurred during the authentication process
-
getAuthMethod
Description copied from class:AuthenticatorBaseReturn the authentication method, which is vendor-specific and not defined by HttpServletRequest.- Specified by:
getAuthMethodin classAuthenticatorBase- Returns:
- the authentication method, which is vendor-specific and not defined by HttpServletRequest.
-
isPreemptiveAuthPossible
Description copied from class:AuthenticatorBaseCan the authenticator perform preemptive authentication for the given request?- Overrides:
isPreemptiveAuthPossiblein classAuthenticatorBase- Parameters:
request- The request to check for credentials- Returns:
trueif preemptive authentication is possible, otherwisefalse
-