Package org.apache.catalina.authenticator

Class DigestAuthenticator

    • Field Detail

      • QOP

        protected static final String QOP
        Tomcat's DIGEST implementation only supports auth quality of protection.
        See Also:
        Constant Field Values

      • lastTimestamp

        protected long lastTimestamp
        The last timestamp used to generate a nonce. Each nonce should get a unique timestamp.

      • lastTimestampLock

        protected final Object lastTimestampLock

      • nonceCacheSize

        protected int nonceCacheSize
        Maximum number of server nonces to keep in the cache. If not specified, the default value of 1000 is used.

      • nonceCountWindowSize

        protected int nonceCountWindowSize
        The window size to use to track seen nonce count values for a given nonce. If not specified, the default of 100 is used.

      • key

        protected String key
        Private key.

      • nonceValidity

        protected long nonceValidity
        How long server nonces are valid for in milliseconds. Defaults to 5 minutes.

      • opaque

        protected String opaque
        Opaque string.

      • validateUri

        protected boolean validateUri
        Should the URI be validated as required by RFC2617? Can be disabled in reverse proxies where the proxy has modified the URI.

    • Constructor Detail

      • DigestAuthenticator

        public DigestAuthenticator()

    • Method Detail

      • getNonceCountWindowSize

        public int getNonceCountWindowSize()

      • setNonceCountWindowSize

        public void setNonceCountWindowSize​(int nonceCountWindowSize)

      • getNonceCacheSize

        public int getNonceCacheSize()

      • setNonceCacheSize

        public void setNonceCacheSize​(int nonceCacheSize)

      • getKey

        public String getKey()

      • setKey

        public void setKey​(String key)

      • getNonceValidity

        public long getNonceValidity()

      • setNonceValidity

        public void setNonceValidity​(long nonceValidity)

      • getOpaque

        public String getOpaque()

      • setOpaque

        public void setOpaque​(String opaque)

      • isValidateUri

        public boolean isValidateUri()

      • setValidateUri

        public void setValidateUri​(boolean validateUri)

      • doAuthenticate

        protected boolean doAuthenticate​(Request request,
                                 HttpServletResponse response)
                          throws IOException
        Authenticate the user making this request, based on the specified login configuration. Return true if any specified constraint has been satisfied, or false if we have created a response challenge already.
        Specified by:
        doAuthenticate in class AuthenticatorBase
        Parameters:
        request - Request we are processing
        response - Response we are creating
        Returns:
        true if the the user was authenticated, otherwise false, in which case an authentication challenge will have been written to the response
        Throws:
        IOException - if an input/output error occurs

      • removeQuotes

        protected static String removeQuotes​(String quotedString,
                                     boolean quotesRequired)
        Removes the quotes on a string. RFC2617 states quotes are optional for all parameters except realm.
        Parameters:
        quotedString - The quoted string
        quotesRequired - true if quotes were required
        Returns:
        The unquoted string

      • removeQuotes

        protected static String removeQuotes​(String quotedString)
        Removes the quotes on a string.
        Parameters:
        quotedString - The quoted string
        Returns:
        The unquoted string

      • generateNonce

        protected String generateNonce​(Request request)
        Generate a unique token. The token is generated according to the following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":" time-stamp ":" private-key ) ).
        Parameters:
        request - HTTP Servlet request
        Returns:
        The generated nonce

      • setAuthenticateHeader

        protected void setAuthenticateHeader​(HttpServletRequest request,
                                     HttpServletResponse response,
                                     String nonce,
                                     boolean isNonceStale)
        Generates the WWW-Authenticate header.

        The header MUST follow this template : 

              WWW-Authenticate    = "WWW-Authenticate" ":" "Digest"
                            digest-challenge

      digest-challenge    = 1#( realm | [ domain ] | nonce |
                  [ digest-opaque ] |[ stale ] | [ algorithm ] )

      realm               = "realm" "=" realm-value
      realm-value         = quoted-string
      domain              = "domain" "=" <"> 1#URI <">
      nonce               = "nonce" "=" nonce-value
      nonce-value         = quoted-string
      opaque              = "opaque" "=" quoted-string
      stale               = "stale" "=" ( "true" | "false" )
      algorithm           = "algorithm" "=" ( "MD5" | token )
        Parameters:
        request - HTTP Servlet request
        response - HTTP Servlet response
        nonce - nonce token
        isNonceStale - true to add a stale parameter

      • isPreemptiveAuthPossible

        protected boolean isPreemptiveAuthPossible​(Request request)
        Description copied from class: AuthenticatorBase
        Can the authenticator perform preemptive authentication for the given request?
        Overrides:
        isPreemptiveAuthPossible in class AuthenticatorBase
        Parameters:
        request - The request to check for credentials
        Returns:
        true if preemptive authentication is possible, otherwise false