Package org.apache.catalina.realm
Class MessageDigestCredentialHandler
java.lang.Object
org.apache.catalina.realm.DigestCredentialHandlerBase
org.apache.catalina.realm.MessageDigestCredentialHandler
- All Implemented Interfaces:
CredentialHandler
This credential handler supports the following forms of stored passwords:
- encodedCredential - a hex encoded digest of the password digested using the configured digest
- {MD5}encodedCredential - a Base64 encoded MD5 digest of the password
- {SHA}encodedCredential - a Base64 encoded SHA1 digest of the password
- {SSHA}encodedCredential - 20 byte Base64 encoded SHA1 digest followed by variable length salt.
{SSHA}<sha-1 digest:20><salt:n>
- salt$iterationCount$encodedCredential - a hex encoded salt, iteration code and a hex encoded credential, each separated by $
If the stored password form does not include an iteration count then an iteration count of 1 is used.
If the stored password form does not include salt then no salt is used.
-
Field Summary
Fields inherited from class org.apache.catalina.realm.DigestCredentialHandlerBase
DEFAULT_SALT_LENGTH, sm
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected int
protected Log
getLog()
boolean
Checks to see if the input credentials match the stored credentialsprotected String
Generates the equivalent stored credentials for the given input credentials, salt and iterations.void
setAlgorithm
(String algorithm) Set the algorithm used to convert input credentials to stored credentials.void
setEncoding
(String encodingName) Methods inherited from class org.apache.catalina.realm.DigestCredentialHandlerBase
equals, equals, getDefaultSaltLength, getIterations, getLogInvalidStoredCredentials, getSaltLength, matchesSaltIterationsEncoded, mutate, mutate, setIterations, setLogInvalidStoredCredentials, setSaltLength
-
Field Details
-
DEFAULT_ITERATIONS
public static final int DEFAULT_ITERATIONS- See Also:
-
-
Constructor Details
-
MessageDigestCredentialHandler
public MessageDigestCredentialHandler()
-
-
Method Details
-
getEncoding
-
setEncoding
-
getAlgorithm
- Specified by:
getAlgorithm
in classDigestCredentialHandlerBase
- Returns:
- the algorithm used to convert input credentials to stored credentials.
-
setAlgorithm
Description copied from class:DigestCredentialHandlerBase
Set the algorithm used to convert input credentials to stored credentials.- Specified by:
setAlgorithm
in classDigestCredentialHandlerBase
- Parameters:
algorithm
- the algorithm- Throws:
NoSuchAlgorithmException
- if the specified algorithm is not supported
-
matches
Description copied from interface:CredentialHandler
Checks to see if the input credentials match the stored credentials- Parameters:
inputCredentials
- User provided credentialsstoredCredentials
- Credentials stored in theRealm
- Returns:
true
if the inputCredentials match the storedCredentials, otherwisefalse
-
mutate
Description copied from class:DigestCredentialHandlerBase
Generates the equivalent stored credentials for the given input credentials, salt and iterations. If the algorithm requires a key length, the default will be used.- Specified by:
mutate
in classDigestCredentialHandlerBase
- Parameters:
inputCredentials
- User provided credentialssalt
- Salt, if anyiterations
- Number of iterations of the algorithm associated with this CredentialHandler applied to the inputCredentials to generate the equivalent stored credentials- Returns:
- The equivalent stored credentials for the given input credentials or
null
if the generation fails
-
getDefaultIterations
protected int getDefaultIterations()- Specified by:
getDefaultIterations
in classDigestCredentialHandlerBase
- Returns:
- the default number of iterations used by the
CredentialHandler
.
-
getLog
- Specified by:
getLog
in classDigestCredentialHandlerBase
- Returns:
- the logger for the CredentialHandler instance.
-