Package org.apache.catalina.authenticator

Class BasicAuthenticator

java.lang.Object

org.apache.catalina.util.LifecycleBase

org.apache.catalina.util.LifecycleMBeanBase

org.apache.catalina.valves.ValveBase

org.apache.catalina.authenticator.AuthenticatorBase

org.apache.catalina.authenticator.BasicAuthenticator

All Implemented Interfaces:

RegistrationListener, MBeanRegistration, Authenticator, Contained, JmxEnabled, Lifecycle, Valve

public class BasicAuthenticator
extends AuthenticatorBase

An Authenticator and Valve implementation of HTTP BASIC Authentication, as outlined in RFC 7617: "The 'Basic' HTTP Authentication Scheme"

Author:

Craig R. McClanahan

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	BasicAuthenticator.BasicCredentials	Parser for an HTTP Authorization header for BASIC authentication as per RFC 2617 section 2, and the Base64 encoded credentials as per RFC 2045 section 6.8.

Nested classes/interfaces inherited from class org.apache.catalina.authenticator.AuthenticatorBase

AuthenticatorBase.AllowCorsPreflight

Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle

Lifecycle.SingleUse

Field Summary

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, jaspicCallbackHandlerClass, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sendAuthInfoResponseHeaders, sessionIdGenerator, sm, sso

Fields inherited from class org.apache.catalina.valves.ValveBase

asyncSupported, container, containerLog, next

Fields inherited from interface org.apache.catalina.Lifecycle

AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Constructors

Constructor	Description
BasicAuthenticator()

Method Summary

Modifier and Type	Method	Description
protected boolean	doAuthenticate(Request request, HttpServletResponse response)	Provided for sub-classes to implement their specific authentication mechanism.
protected String	getAuthMethod()	Return the authentication method, which is vendor-specific and not defined by HttpServletRequest.
String	getCharset()
protected boolean	isPreemptiveAuthPossible(Request request)	Can the authenticator perform preemptive authentication for the given request?
void	setCharset(String charsetString)

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

allowCorsPreflightBypass, associate, authenticate, changeSessionID, checkForCachedAuthentication, doLogin, getAllowCorsPreflight, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getJaspicCallbackHandlerClass, getRealmName, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, isContinuationRequired, isSendAuthInfoResponseHeaders, login, logout, notify, reauthenticateFromSSO, register, register, setAllowCorsPreflight, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setJaspicCallbackHandlerClass, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, setSendAuthInfoResponseHeaders, startInternal, stopInternal

Methods inherited from class org.apache.catalina.valves.ValveBase

backgroundProcess, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toString

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase

destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregister

Methods inherited from class org.apache.catalina.util.LifecycleBase

addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Details

BasicAuthenticator

public BasicAuthenticator()

Method Details

getCharset

public String getCharset()

setCharset

public void setCharset(String charsetString)

doAuthenticate

protected boolean doAuthenticate(Request request,
 HttpServletResponse response)
                          throws IOException

Description copied from class: AuthenticatorBase

Provided for sub-classes to implement their specific authentication mechanism.

Specified by:

doAuthenticate in class AuthenticatorBase

Parameters:

request - The request that triggered the authentication

response - The response associated with the request

Returns:

true if the the user was authenticated, otherwise false, in which case an authentication challenge will have been written to the response

Throws:

IOException - If an I/O problem occurred during the authentication process

getAuthMethod

protected String getAuthMethod()

Description copied from class: AuthenticatorBase

Return the authentication method, which is vendor-specific and not defined by HttpServletRequest.

Specified by:

getAuthMethod in class AuthenticatorBase

Returns:

the authentication method, which is vendor-specific and not defined by HttpServletRequest.

isPreemptiveAuthPossible

protected boolean isPreemptiveAuthPossible(Request request)

Description copied from class: AuthenticatorBase

Can the authenticator perform preemptive authentication for the given request?

Overrides:

isPreemptiveAuthPossible in class AuthenticatorBase

Parameters:

request - The request to check for credentials

Returns:

true if preemptive authentication is possible, otherwise false