DigestAuthenticator (Apache Tomcat 8.0.53 API Documentation)

java.lang.Object
- org.apache.catalina.util.LifecycleBase
- - org.apache.catalina.util.LifecycleMBeanBase
  - - org.apache.catalina.valves.ValveBase
    - - org.apache.catalina.authenticator.AuthenticatorBase
      - org.apache.catalina.authenticator.DigestAuthenticator

All Implemented Interfaces:

javax.management.MBeanRegistration, Authenticator, Contained, JmxEnabled, Lifecycle, Valve
```
public class DigestAuthenticator
extends AuthenticatorBase
```
An Authenticator and Valve implementation of HTTP DIGEST Authentication (see RFC 2069).

Author:

Craig R. McClanahan, Remy Maucherat

Nested Class Summary
- Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle
  Lifecycle.SingleUse

Field Summary

Fields
Modifier and Type	Field and Description
`protected java.lang.String`	`key` Private key.
`protected long`	`lastTimestamp` The last timestamp used to generate a nonce.
`protected java.lang.Object`	`lastTimestampLock`
`protected int`	`nonceCacheSize` Maximum number of server nonces to keep in the cache.
`protected int`	`nonceCountWindowSize` The window size to use to track seen nonce count values for a given nonce.
`protected java.util.Map<java.lang.String,org.apache.catalina.authenticator.DigestAuthenticator.NonceInfo>`	`nonces` List of server nonce values currently being tracked
`protected long`	`nonceValidity` How long server nonces are valid for in milliseconds.
`protected java.lang.String`	`opaque` Opaque string.
`protected static java.lang.String`	`QOP` Tomcat's DIGEST implementation only supports auth quality of protection.
`protected boolean`	`validateUri` Should the URI be validated as required by RFC2617?

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase
alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sessionIdGenerator, sm, sso

Fields inherited from class org.apache.catalina.valves.ValveBase
asyncSupported, container, containerLog, next

Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase
mserver

Fields inherited from interface org.apache.catalina.Lifecycle
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Constructors
Constructor and Description

DigestAuthenticator()

Constructors
Constructor and Description
`DigestAuthenticator()`

Method Summary

Methods
Modifier and Type	Method and Description
`boolean`	`authenticate(Request request, HttpServletResponse response)` Authenticate the user making this request, based on the specified login configuration.
`protected java.lang.String`	`generateNonce(Request request)` Generate a unique token.
`protected java.lang.String`	`getAuthMethod()`
`java.lang.String`	`getKey()`
`int`	`getNonceCacheSize()`
`int`	`getNonceCountWindowSize()`
`long`	`getNonceValidity()`
`java.lang.String`	`getOpaque()`
`boolean`	`isValidateUri()`
`protected static java.lang.String`	`removeQuotes(java.lang.String quotedString)` Removes the quotes on a string.
`protected static java.lang.String`	`removeQuotes(java.lang.String quotedString, boolean quotesRequired)` Removes the quotes on a string.
`protected void`	`setAuthenticateHeader(HttpServletRequest request, HttpServletResponse response, java.lang.String nonce, boolean isNonceStale)` Generates the WWW-Authenticate header.
`void`	`setKey(java.lang.String key)`
`void`	`setNonceCacheSize(int nonceCacheSize)`
`void`	`setNonceCountWindowSize(int nonceCountWindowSize)`
`void`	`setNonceValidity(long nonceValidity)`
`void`	`setOpaque(java.lang.String opaque)`
`void`	`setValidateUri(boolean validateUri)`
`protected void`	`startInternal()` Start this component and implement the requirements of `LifecycleBase.startInternal()`.

Methods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, event, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toString

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister

Methods inherited from class org.apache.catalina.util.LifecycleBase
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, init, removeLifecycleListener, setState, setState, start, stop

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Field Detail
  - QOP
```
protected static final java.lang.String QOP
```
    Tomcat's DIGEST implementation only supports auth quality of protection.
    
    See Also:
    Constant Field Values
  - nonces
```
protected java.util.Map<java.lang.String,org.apache.catalina.authenticator.DigestAuthenticator.NonceInfo> nonces
```
    List of server nonce values currently being tracked
  - lastTimestamp
```
protected long lastTimestamp
```
    The last timestamp used to generate a nonce. Each nonce should get a unique timestamp.
  - lastTimestampLock
```
protected final java.lang.Object lastTimestampLock
```
  - nonceCacheSize
```
protected int nonceCacheSize
```
    Maximum number of server nonces to keep in the cache. If not specified, the default value of 1000 is used.
  - nonceCountWindowSize
```
protected int nonceCountWindowSize
```
    The window size to use to track seen nonce count values for a given nonce. If not specified, the default of 100 is used.
  - key
```
protected java.lang.String key
```
    Private key.
  - nonceValidity
```
protected long nonceValidity
```
    How long server nonces are valid for in milliseconds. Defaults to 5 minutes.
  - opaque
```
protected java.lang.String opaque
```
    Opaque string.
  - validateUri
```
protected boolean validateUri
```
    Should the URI be validated as required by RFC2617? Can be disabled in reverse proxies where the proxy has modified the URI.
- Constructor Detail
  - DigestAuthenticator
```
public DigestAuthenticator()
```
- Method Detail
  - getNonceCountWindowSize
```
public int getNonceCountWindowSize()
```
  - setNonceCountWindowSize
```
public void setNonceCountWindowSize(int nonceCountWindowSize)
```
  - getNonceCacheSize
```
public int getNonceCacheSize()
```
  - setNonceCacheSize
```
public void setNonceCacheSize(int nonceCacheSize)
```
  - getKey
```
public java.lang.String getKey()
```
  - setKey
```
public void setKey(java.lang.String key)
```
  - getNonceValidity
```
public long getNonceValidity()
```
  - setNonceValidity
```
public void setNonceValidity(long nonceValidity)
```
  - getOpaque
```
public java.lang.String getOpaque()
```
  - setOpaque
```
public void setOpaque(java.lang.String opaque)
```
  - isValidateUri
```
public boolean isValidateUri()
```
  - setValidateUri
```
public void setValidateUri(boolean validateUri)
```
  - authenticate
```
public boolean authenticate(Request request,
                   HttpServletResponse response)
                     throws java.io.IOException
```
    Authenticate the user making this request, based on the specified login configuration. Return true if any specified constraint has been satisfied, or false if we have created a response challenge already.
    
    Specified by:
    
    authenticate in interface Authenticator
    
    Specified by:
    
    authenticate in class AuthenticatorBase
    
    Parameters:
    request - Request we are processing
    response - Response we are creating
    
    Returns:
    true if any specified constraints have been satisfied, or false if one more constraints were not satisfied (in which case an authentication challenge will have been written to the response).
    
    Throws:
    
    java.io.IOException - if an input/output error occurs
  - getAuthMethod
```
protected java.lang.String getAuthMethod()
```
    Specified by:
    
    getAuthMethod in class AuthenticatorBase
  - removeQuotes
```
protected static java.lang.String removeQuotes(java.lang.String quotedString,
                            boolean quotesRequired)
```
    Removes the quotes on a string. RFC2617 states quotes are optional for all parameters except realm.
  - removeQuotes
```
protected static java.lang.String removeQuotes(java.lang.String quotedString)
```
    Removes the quotes on a string.
  - generateNonce
```
protected java.lang.String generateNonce(Request request)
```
    Generate a unique token. The token is generated according to the following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":" time-stamp ":" private-key ) ).
    
    Parameters:
    request - HTTP Servlet request
  - setAuthenticateHeader
```
protected void setAuthenticateHeader(HttpServletRequest request,
                         HttpServletResponse response,
                         java.lang.String nonce,
                         boolean isNonceStale)
```
    Generates the WWW-Authenticate header.
    The header MUST follow this template :
```
      WWW-Authenticate    = "WWW-Authenticate" ":" "Digest"
                            digest-challenge

      digest-challenge    = 1#( realm | [ domain ] | nonce |
                  [ digest-opaque ] |[ stale ] | [ algorithm ] )

      realm               = "realm" "=" realm-value
      realm-value         = quoted-string
      domain              = "domain" "=" <"> 1#URI <">
      nonce               = "nonce" "=" nonce-value
      nonce-value         = quoted-string
      opaque              = "opaque" "=" quoted-string
      stale               = "stale" "=" ( "true" | "false" )
      algorithm           = "algorithm" "=" ( "MD5" | token )
 
```
    Parameters:
    request - HTTP Servlet request
    response - HTTP Servlet response
    nonce - nonce token
  - startInternal
```
protected void startInternal()
                      throws LifecycleException
```
    Description copied from class: AuthenticatorBase
    
    Start this component and implement the requirements of LifecycleBase.startInternal().
    
    Overrides:
    
    startInternal in class AuthenticatorBase
    
    Throws:
    
    LifecycleException - if this component detects a fatal error that prevents this component from being used

Class DigestAuthenticator

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle

Field Summary

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

Fields inherited from class org.apache.catalina.valves.ValveBase

Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase

Fields inherited from interface org.apache.catalina.Lifecycle

Constructor Summary

Method Summary

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

Methods inherited from class org.apache.catalina.valves.ValveBase

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase

Methods inherited from class org.apache.catalina.util.LifecycleBase

Methods inherited from class java.lang.Object

Field Detail

QOP

nonces

lastTimestamp

lastTimestampLock

nonceCacheSize

nonceCountWindowSize

key

nonceValidity

opaque

validateUri

Constructor Detail

DigestAuthenticator

Method Detail

getNonceCountWindowSize

setNonceCountWindowSize

getNonceCacheSize

setNonceCacheSize

getKey

setKey

getNonceValidity

setNonceValidity

getOpaque

setOpaque

isValidateUri

setValidateUri

authenticate

getAuthMethod

removeQuotes

removeQuotes

generateNonce

setAuthenticateHeader

startInternal