org.apache.catalina.authenticator (Apache Tomcat 8.0.53 API Documentation)

Class Summary
Class	Description
AuthenticatorBase	Basic implementation of the Valve interface that enforces the `<security-constraint>` elements in the web application deployment descriptor.
BasicAuthenticator	An Authenticator and Valve implementation of HTTP BASIC Authentication, as outlined in RFC 2617: "HTTP Authentication: Basic and Digest Access Authentication."
BasicAuthenticator.BasicCredentials	Parser for an HTTP Authorization header for BASIC authentication as per RFC 2617 section 2, and the Base64 encoded credentials as per RFC 2045 section 6.8.
Constants
DigestAuthenticator	An Authenticator and Valve implementation of HTTP DIGEST Authentication (see RFC 2069).
FormAuthenticator	An Authenticator and Valve implementation of FORM BASED Authentication, as described in the Servlet API Specification.
NonLoginAuthenticator	An Authenticator and Valve implementation that checks only security constraints not involving user authentication.
SavedRequest	Object that saves the critical information from a request so that form-based authentication can reproduce it once the user has been authenticated.
SingleSignOn	A Valve that supports a "single sign on" user experience, where the security identity of a user who successfully authenticates to one web application is propagated to other web applications in the same security domain.
SingleSignOnEntry	A class that represents entries in the cache of authenticated users.
SingleSignOnListener
SingleSignOnSessionKey	Key used by SSO to identify a session.
SpnegoAuthenticator	A SPNEGO authenticator that uses the SPNEGO/Kerberos support built in to Java 6.
SSLAuthenticator	An Authenticator and Valve implementation of authentication that utilizes SSL certificates to identify client users.

Package org.apache.catalina.authenticator Description

This package contains Authenticator implementations for the various supported authentication methods (BASIC, DIGEST, and FORM). In addition, there is a convenience base class, AuthenticatorBase, for customized Authenticator implementations.

If you are using the standard context configuration class (org.apache.catalina.startup.ContextConfig) to configure the Authenticator associated with a particular context, you can register the Java class to be used for each possible authentication method by modifying the following Properties file:

    src/share/org/apache/catalina/startup/Authenticators.properties

Each of the standard implementations extends a common base class (AuthenticatorBase), which is configured by setting the following JavaBeans properties (with default values in square brackets):

cache - Should we cache authenticated Principals (thus avoiding per-request lookups in our underlying Realm) if this request is part of an HTTP session? [true]
debug - Debugging detail level for this component. [0]

The standard authentication methods that are currently provided include:

BasicAuthenticator - Implements HTTP BASIC authentication, as described in RFC 2617.
DigestAuthenticator - Implements HTTP DIGEST authentication, as described in RFC 2617.
FormAuthenticator - Implements FORM-BASED authentication, as described in the Servlet API Specification.