org.apache.catalina.authenticator
Class DigestAuthenticator

java.lang.Object
  extended byorg.apache.catalina.valves.ValveBase
      extended byorg.apache.catalina.authenticator.AuthenticatorBase
          extended byorg.apache.catalina.authenticator.DigestAuthenticator
All Implemented Interfaces:
Authenticator, Contained, Lifecycle, javax.management.MBeanRegistration, Valve

public class DigestAuthenticator
extends AuthenticatorBase

An Authenticator and Valve implementation of HTTP DIGEST Authentication (see RFC 2069).

Version:
$Id: DigestAuthenticator.java 1392248 2012-10-01 09:34:08Z markt $
Author:
Craig R. McClanahan, Remy Maucherat

Field Summary
protected static java.lang.String info
          Descriptive information about this implementation.
protected  java.lang.String key
          Private key.
protected static MD5Encoder md5Encoder
          The MD5 helper object for this class.
protected static java.security.MessageDigest md5Helper
          MD5 message digest provider.
protected  int nonceCacheSize
          Maximum number of server nonces to keep in the cache.
protected  java.util.Map nonces
          List of server nonce values currently being tracked
protected  long nonceValidity
          How long server nonces are valid for in milliseconds.
protected  java.lang.String opaque
          Opaque string.
protected static java.lang.String QOP
          Tomcat's DIGEST implementation only supports auth quality of protection.
protected  boolean validateUri
          Should the URI be validated as required by RFC2617?
 
Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase
algorithm, cache, changeSessionIdOnAuthentication, context, DEFAULT_ALGORITHM, digest, disableProxyCaching, entropy, lifecycle, random, randomClass, REALM_NAME, securePagesWithPragma, SESSION_ID_BYTES, sm, sso, started
 
Fields inherited from class org.apache.catalina.valves.ValveBase
container, containerLog, controller, domain, mserver, next, oname
 
Fields inherited from interface org.apache.catalina.Lifecycle
AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, DESTROY_EVENT, INIT_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
 
Constructor Summary
DigestAuthenticator()
           
 
Method Summary
 boolean authenticate(Request request, Response response, LoginConfig config)
          Authenticate the user making this request, based on the specified login configuration.
protected  java.lang.String generateNonce(Request request)
          Generate a unique token.
 java.lang.String getInfo()
          Return descriptive information about this Valve implementation.
 java.lang.String getKey()
           
 int getNonceCacheSize()
           
 long getNonceValidity()
           
 java.lang.String getOpaque()
           
 boolean isValidateUri()
           
protected  java.lang.String parseUsername(java.lang.String authorization)
          Deprecated. Unused. Will be removed in Tomcat 8.0.x
protected static java.lang.String removeQuotes(java.lang.String quotedString)
          Removes the quotes on a string.
protected static java.lang.String removeQuotes(java.lang.String quotedString, boolean quotesRequired)
          Removes the quotes on a string.
protected  void setAuthenticateHeader(Request request, Response response, LoginConfig config, java.lang.String nonce, boolean isNonceStale)
          Generates the WWW-Authenticate header.
 void setKey(java.lang.String key)
           
 void setNonceCacheSize(int nonceCacheSize)
           
 void setNonceValidity(long nonceValidity)
           
 void setOpaque(java.lang.String opaque)
           
 void setValidateUri(boolean validateUri)
           
 void start()
          Prepare for the beginning of active use of the public methods of this component.
 
Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase
addLifecycleListener, associate, findLifecycleListeners, generateSessionId, getAlgorithm, getCache, getChangeSessionIdOnAuthentication, getContainer, getDigest, getDisableProxyCaching, getEntropy, getRandom, getRandomClass, getSecurePagesWithPragma, invoke, reauthenticateFromSSO, register, removeLifecycleListener, setAlgorithm, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setEntropy, setRandomClass, setSecurePagesWithPragma, stop
 
Methods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, createObjectName, getContainerName, getController, getDomain, getNext, getObjectName, getParentName, postDeregister, postRegister, preDeregister, preRegister, setController, setNext, setObjectName, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

md5Encoder

protected static final MD5Encoder md5Encoder
The MD5 helper object for this class.


info

protected static final java.lang.String info
Descriptive information about this implementation.

See Also:
Constant Field Values

QOP

protected static final java.lang.String QOP
Tomcat's DIGEST implementation only supports auth quality of protection.

See Also:
Constant Field Values

md5Helper

protected static java.security.MessageDigest md5Helper
MD5 message digest provider.


nonces

protected java.util.Map nonces
List of server nonce values currently being tracked


nonceCacheSize

protected int nonceCacheSize
Maximum number of server nonces to keep in the cache. If not specified, the default value of 1000 is used.


key

protected java.lang.String key
Private key.


nonceValidity

protected long nonceValidity
How long server nonces are valid for in milliseconds. Defaults to 5 minutes.


opaque

protected java.lang.String opaque
Opaque string.


validateUri

protected boolean validateUri
Should the URI be validated as required by RFC2617? Can be disabled in reverse proxies where the proxy has modified the URI.

Constructor Detail

DigestAuthenticator

public DigestAuthenticator()
Method Detail

getInfo

public java.lang.String getInfo()
Return descriptive information about this Valve implementation.

Specified by:
getInfo in interface Valve
Overrides:
getInfo in class AuthenticatorBase

getNonceCacheSize

public int getNonceCacheSize()

setNonceCacheSize

public void setNonceCacheSize(int nonceCacheSize)

getKey

public java.lang.String getKey()

setKey

public void setKey(java.lang.String key)

getNonceValidity

public long getNonceValidity()

setNonceValidity

public void setNonceValidity(long nonceValidity)

getOpaque

public java.lang.String getOpaque()

setOpaque

public void setOpaque(java.lang.String opaque)

isValidateUri

public boolean isValidateUri()

setValidateUri

public void setValidateUri(boolean validateUri)

authenticate

public boolean authenticate(Request request,
                            Response response,
                            LoginConfig config)
                     throws java.io.IOException
Authenticate the user making this request, based on the specified login configuration. Return true if any specified constraint has been satisfied, or false if we have created a response challenge already.

Specified by:
authenticate in class AuthenticatorBase
Parameters:
request - Request we are processing
response - Response we are creating
config - Login configuration describing how authentication should be performed
Throws:
java.io.IOException - if an input/output error occurs

parseUsername

protected java.lang.String parseUsername(java.lang.String authorization)
Deprecated. Unused. Will be removed in Tomcat 8.0.x

Parse the username from the specified authorization string. If none can be identified, return null

Parameters:
authorization - Authorization string to be parsed

removeQuotes

protected static java.lang.String removeQuotes(java.lang.String quotedString,
                                               boolean quotesRequired)
Removes the quotes on a string. RFC2617 states quotes are optional for all parameters except realm.


removeQuotes

protected static java.lang.String removeQuotes(java.lang.String quotedString)
Removes the quotes on a string.


generateNonce

protected java.lang.String generateNonce(Request request)
Generate a unique token. The token is generated according to the following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":" time-stamp ":" private-key ) ).

Parameters:
request - HTTP Servlet request

setAuthenticateHeader

protected void setAuthenticateHeader(Request request,
                                     Response response,
                                     LoginConfig config,
                                     java.lang.String nonce,
                                     boolean isNonceStale)
Generates the WWW-Authenticate header.

The header MUST follow this template :

      WWW-Authenticate    = "WWW-Authenticate" ":" "Digest"
                            digest-challenge

      digest-challenge    = 1#( realm | [ domain ] | nonce |
                  [ digest-opaque ] |[ stale ] | [ algorithm ] )

      realm               = "realm" "=" realm-value
      realm-value         = quoted-string
      domain              = "domain" "=" <"> 1#URI <">
      nonce               = "nonce" "=" nonce-value
      nonce-value         = quoted-string
      opaque              = "opaque" "=" quoted-string
      stale               = "stale" "=" ( "true" | "false" )
      algorithm           = "algorithm" "=" ( "MD5" | token )
 

Parameters:
request - HTTP Servlet request
response - HTTP Servlet response
config - Login configuration describing how authentication should be performed
nonce - nonce token

start

public void start()
           throws LifecycleException
Description copied from class: AuthenticatorBase
Prepare for the beginning of active use of the public methods of this component. This method should be called after configure(), and before any of the public methods of the component are utilized.

Specified by:
start in interface Lifecycle
Overrides:
start in class AuthenticatorBase
Throws:
LifecycleException - if this component detects a fatal error that prevents this component from being used


Copyright © 2000-2012 Apache Software Foundation. All Rights Reserved.