Package org.apache.catalina.realm
Class MessageDigestCredentialHandler
java.lang.Object
org.apache.catalina.realm.DigestCredentialHandlerBase
org.apache.catalina.realm.MessageDigestCredentialHandler
- All Implemented Interfaces:
CredentialHandler
This credential handler supports the following forms of stored passwords:
- encodedCredential - a hex encoded digest of the password digested using the configured digest
- {MD5}encodedCredential - a Base64 encoded MD5 digest of the password
- {SHA}encodedCredential - a Base64 encoded SHA1 digest of the password
- {SSHA}encodedCredential - 20 byte Base64 encoded SHA1 digest followed by variable length salt.
{SSHA}<sha-1 digest:20><salt:n> - salt$iterationCount$encodedCredential - a hex encoded salt, iteration code and a hex encoded credential, each separated by $
If the stored password form does not include an iteration count then an iteration count of 1 is used.
If the stored password form does not include salt then no salt is used.
-
Field Summary
FieldsFields inherited from class org.apache.catalina.realm.DigestCredentialHandlerBase
DEFAULT_SALT_LENGTH, sm -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected intprotected LoggetLog()booleanChecks to see if the input credentials match the stored credentialsprotected StringGenerates the equivalent stored credentials for the given input credentials, salt and iterations.voidsetAlgorithm(String algorithm) Set the algorithm used to convert input credentials to stored credentials.voidsetEncoding(String encodingName) Methods inherited from class org.apache.catalina.realm.DigestCredentialHandlerBase
equals, equals, getDefaultSaltLength, getIterations, getLogInvalidStoredCredentials, getSaltLength, matchesSaltIterationsEncoded, mutate, mutate, setIterations, setLogInvalidStoredCredentials, setSaltLength
-
Field Details
-
DEFAULT_ITERATIONS
public static final int DEFAULT_ITERATIONS- See Also:
-
-
Constructor Details
-
MessageDigestCredentialHandler
public MessageDigestCredentialHandler()
-
-
Method Details
-
getEncoding
-
setEncoding
-
getAlgorithm
- Specified by:
getAlgorithmin classDigestCredentialHandlerBase- Returns:
- the algorithm used to convert input credentials to stored credentials.
-
setAlgorithm
Description copied from class:DigestCredentialHandlerBaseSet the algorithm used to convert input credentials to stored credentials.- Specified by:
setAlgorithmin classDigestCredentialHandlerBase- Parameters:
algorithm- the algorithm- Throws:
NoSuchAlgorithmException- if the specified algorithm is not supported
-
matches
Description copied from interface:CredentialHandlerChecks to see if the input credentials match the stored credentials- Parameters:
inputCredentials- User provided credentialsstoredCredentials- Credentials stored in theRealm- Returns:
trueif the inputCredentials match the storedCredentials, otherwisefalse
-
mutate
Description copied from class:DigestCredentialHandlerBaseGenerates the equivalent stored credentials for the given input credentials, salt and iterations. If the algorithm requires a key length, the default will be used.- Specified by:
mutatein classDigestCredentialHandlerBase- Parameters:
inputCredentials- User provided credentialssalt- Salt, if anyiterations- Number of iterations of the algorithm associated with this CredentialHandler applied to the inputCredentials to generate the equivalent stored credentials- Returns:
- The equivalent stored credentials for the given input credentials or
nullif the generation fails
-
getDefaultIterations
protected int getDefaultIterations()- Specified by:
getDefaultIterationsin classDigestCredentialHandlerBase- Returns:
- the default number of iterations used by the
CredentialHandler.
-
getLog
- Specified by:
getLogin classDigestCredentialHandlerBase- Returns:
- the logger for the CredentialHandler instance.
-