org.apache.catalina.authenticator

Class DigestAuthenticator

public class DigestAuthenticator extends AuthenticatorBase

An Authenticator and Valve implementation of HTTP DIGEST Authentication (see RFC 2069).

Version: $Revision: 467222 $ $Date: 2006-10-24 05:17:11 +0200 (Tue, 24 Oct 2006) $

Author: Craig R. McClanahan Remy Maucherat

Field Summary
protected static Stringinfo
Descriptive information about this implementation.
protected Stringkey
Private key.
protected static MD5Encodermd5Encoder
The MD5 helper object for this class.
protected static MessageDigestmd5Helper
MD5 message digest provider.
Constructor Summary
DigestAuthenticator()
Method Summary
booleanauthenticate(Request request, Response response, LoginConfig config)
Authenticate the user making this request, based on the specified login configuration.
protected static PrincipalfindPrincipal(Request request, String authorization, Realm realm)
Parse the specified authorization credentials, and return the associated Principal that these credentials authenticate (if any) from the specified Realm.
protected StringgenerateNOnce(Request request)
Generate a unique token.
StringgetInfo()
Return descriptive information about this Valve implementation.
protected StringparseUsername(String authorization)
Parse the username from the specified authorization string.
protected static StringremoveQuotes(String quotedString, boolean quotesRequired)
Removes the quotes on a string.
protected static StringremoveQuotes(String quotedString)
Removes the quotes on a string.
protected voidsetAuthenticateHeader(Request request, Response response, LoginConfig config, String nOnce)
Generates the WWW-Authenticate header.

Field Detail

info

protected static final String info
Descriptive information about this implementation.

key

protected String key
Private key.

md5Encoder

protected static final MD5Encoder md5Encoder
The MD5 helper object for this class.

md5Helper

protected static MessageDigest md5Helper
MD5 message digest provider.

Constructor Detail

DigestAuthenticator

public DigestAuthenticator()

Method Detail

authenticate

public boolean authenticate(Request request, Response response, LoginConfig config)
Authenticate the user making this request, based on the specified login configuration. Return true if any specified constraint has been satisfied, or false if we have created a response challenge already.

Parameters: request Request we are processing response Response we are creating config Login configuration describing how authentication should be performed

Throws: IOException if an input/output error occurs

findPrincipal

protected static Principal findPrincipal(Request request, String authorization, Realm realm)
Parse the specified authorization credentials, and return the associated Principal that these credentials authenticate (if any) from the specified Realm. If there is no such Principal, return null.

Parameters: request HTTP servlet request authorization Authorization credentials from this request realm Realm used to authenticate Principals

generateNOnce

protected String generateNOnce(Request request)
Generate a unique token. The token is generated according to the following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":" time-stamp ":" private-key ) ).

Parameters: request HTTP Servlet request

getInfo

public String getInfo()
Return descriptive information about this Valve implementation.

parseUsername

protected String parseUsername(String authorization)
Parse the username from the specified authorization string. If none can be identified, return null

Parameters: authorization Authorization string to be parsed

removeQuotes

protected static String removeQuotes(String quotedString, boolean quotesRequired)
Removes the quotes on a string. RFC2617 states quotes are optional for all parameters except realm.

removeQuotes

protected static String removeQuotes(String quotedString)
Removes the quotes on a string.

setAuthenticateHeader

protected void setAuthenticateHeader(Request request, Response response, LoginConfig config, String nOnce)
Generates the WWW-Authenticate header.

The header MUST follow this template :

      WWW-Authenticate    = "WWW-Authenticate" ":" "Digest"
                            digest-challenge

      digest-challenge    = 1#( realm | [ domain ] | nOnce |
                  [ digest-opaque ] |[ stale ] | [ algorithm ] )

      realm               = "realm" "=" realm-value
      realm-value         = quoted-string
      domain              = "domain" "=" <"> 1#URI <">
      nonce               = "nonce" "=" nonce-value
      nonce-value         = quoted-string
      opaque              = "opaque" "=" quoted-string
      stale               = "stale" "=" ( "true" | "false" )
      algorithm           = "algorithm" "=" ( "MD5" | token )
 

Parameters: request HTTP Servlet request response HTTP Servlet response config Login configuration describing how authentication should be performed nOnce nonce token

Copyright © 2000-2011 Apache Software Foundation. All Rights Reserved.