Class BasicAuthenticator

All Implemented Interfaces:
MBeanRegistration, RegistrationListener, Authenticator, Contained, JmxEnabled, Lifecycle, Valve

public class BasicAuthenticator extends AuthenticatorBase
An Authenticator and Valve implementation of HTTP BASIC Authentication, as outlined in RFC 7617: "The 'Basic' HTTP Authentication Scheme"
Author:
Craig R. McClanahan
  • Constructor Details

    • BasicAuthenticator

      public BasicAuthenticator()
  • Method Details

    • getCharset

      public String getCharset()
    • setCharset

      public void setCharset(String charsetString)
    • getTrimCredentials

      @Deprecated public boolean getTrimCredentials()
      Deprecated.
      Will be removed in Tomcat 11 onwards.
      Obtain the current setting for the removal of whitespace around the decoded user name and password.
      Returns:
      true if white space will be removed around the decoded user name and password
    • setTrimCredentials

      @Deprecated public void setTrimCredentials(boolean trimCredentials)
      Deprecated.
      Will be removed in Tomcat 11 onwards.
      Configures trimming of whitespace around the decoded user name and password.
      Parameters:
      trimCredentials - true to remove white space around the decoded user name and password
    • doAuthenticate

      protected boolean doAuthenticate(Request request, HttpServletResponse response) throws IOException
      Description copied from class: AuthenticatorBase
      Provided for sub-classes to implement their specific authentication mechanism.
      Specified by:
      doAuthenticate in class AuthenticatorBase
      Parameters:
      request - The request that triggered the authentication
      response - The response associated with the request
      Returns:
      true if the the user was authenticated, otherwise false, in which case an authentication challenge will have been written to the response
      Throws:
      IOException - If an I/O problem occurred during the authentication process
    • getAuthMethod

      protected String getAuthMethod()
      Description copied from class: AuthenticatorBase
      Return the authentication method, which is vendor-specific and not defined by HttpServletRequest.
      Specified by:
      getAuthMethod in class AuthenticatorBase
      Returns:
      the authentication method, which is vendor-specific and not defined by HttpServletRequest.
    • isPreemptiveAuthPossible

      protected boolean isPreemptiveAuthPossible(Request request)
      Description copied from class: AuthenticatorBase
      Can the authenticator perform preemptive authentication for the given request?
      Overrides:
      isPreemptiveAuthPossible in class AuthenticatorBase
      Parameters:
      request - The request to check for credentials
      Returns:
      true if preemptive authentication is possible, otherwise false