org.apache.catalina.authenticator

Class AuthenticatorBase

public abstract class AuthenticatorBase extends ValveBase implements Authenticator, Lifecycle

Basic implementation of the Valve interface that enforces the <security-constraint> elements in the web application deployment descriptor. This functionality is implemented as a Valve so that it can be ommitted in environments that do not require these features. Individual implementations of each supported authentication method can subclass this base class as required.

USAGE CONSTRAINT: When this class is utilized, the Context to which it is attached (or a parent Container in a hierarchy) must have an associated Realm that can be used for authenticating users and enumerating the roles to which they have been assigned.

USAGE CONSTRAINT: This Valve is only useful when processing HTTP requests. Requests of any other type will simply be passed through.

Version: $Revision: 892545 $ $Date: 2009-12-20 02:04:17 +0100 (Sun, 20 Dec 2009) $

Author: Craig R. McClanahan

Field Summary
protected Stringalgorithm
The message digest algorithm to be used when generating session identifiers.
protected booleancache
Should we cache authenticated Principals if the request is part of an HTTP session?
protected booleanchangeSessionIdOnAuthentication
Should the session ID, if any, be changed upon a successful authentication to prevent a session fixation attack?
protected Contextcontext
The Context to which this Valve is attached.
protected MessageDigestdigest
Return the MessageDigest implementation to be used when creating session identifiers.
protected booleandisableProxyCaching
Flag to determine if we disable proxy caching, or leave the issue up to the webapp developer.
protected static StringDEFAULT_ALGORITHM
The default message digest algorithm to use if we cannot use the requested one.
protected Stringentropy
A String initialization parameter used to increase the entropy of the initialization of our random number generator.
protected static Stringinfo
Descriptive information about this implementation.
protected LifecycleSupportlifecycle
The lifecycle event support for this component.
protected Randomrandom
A random number generator to use when generating session identifiers.
protected StringrandomClass
The Java class name of the random number generator class to be used when generating session identifiers.
protected booleansecurePagesWithPragma
Flag to determine if we disable proxy caching with headers incompatible with IE
protected static StringManagersm
The string manager for this package.
protected SingleSignOnsso
The SingleSignOn implementation in our request processing chain, if there is one.
protected booleanstarted
Has this component been started?
protected static intSESSION_ID_BYTES
The number of random bytes to include when generating a session identifier.
Method Summary
voidaddLifecycleListener(LifecycleListener listener)
Add a lifecycle event listener to this component.
protected voidassociate(String ssoId, Session session)
Associate the specified single sign on identifier with the specified Session.
protected abstract booleanauthenticate(Request request, Response response, LoginConfig config)
Authenticate the user making this request, based on the specified login configuration.
LifecycleListener[]findLifecycleListeners()
Get the lifecycle listeners associated with this lifecycle.
protected StringgenerateSessionId()
Generate and return a new session identifier for the cookie that identifies an SSO principal.
StringgetAlgorithm()
Return the message digest algorithm for this Manager.
booleangetCache()
Return the cache authenticated Principals flag.
booleangetChangeSessionIdOnAuthentication()
Return the flag that states if we should change the session ID of an existing session upon successful authentication.
ContainergetContainer()
Return the Container to which this Valve is attached.
protected MessageDigestgetDigest()
Return the MessageDigest object to be used for calculating session identifiers.
booleangetDisableProxyCaching()
Return the flag that states if we add headers to disable caching by proxies.
StringgetEntropy()
Return the entropy increaser value, or compute a semi-useful value if this String has not yet been set.
StringgetInfo()
Return descriptive information about this Valve implementation.
protected RandomgetRandom()
Return the random number generator instance we should use for generating session identifiers.
StringgetRandomClass()
Return the random number generator class name.
booleangetSecurePagesWithPragma()
Return the flag that states, if proxy caching is disabled, what headers we add to disable the caching.
voidinvoke(Request request, Response response)
Enforce the security restrictions in the web application deployment descriptor of our associated Context.
protected booleanreauthenticateFromSSO(String ssoId, Request request)
Attempts reauthentication to the Realm using the credentials included in argument entry.
protected voidregister(Request request, Response response, Principal principal, String authType, String username, String password)
Register an authenticated Principal and authentication type in our request, in the current session (if there is one), and with our SingleSignOn valve, if there is one.
voidremoveLifecycleListener(LifecycleListener listener)
Remove a lifecycle event listener from this component.
voidsetAlgorithm(String algorithm)
Set the message digest algorithm for this Manager.
voidsetCache(boolean cache)
Set the cache authenticated Principals flag.
voidsetChangeSessionIdOnAuthentication(boolean changeSessionIdOnAuthentication)
Set the value of the flag that states if we should change the session ID of an existing session upon successful authentication.
voidsetContainer(Container container)
Set the Container to which this Valve is attached.
voidsetDisableProxyCaching(boolean nocache)
Set the value of the flag that states if we add headers to disable caching by proxies.
voidsetEntropy(String entropy)
Set the entropy increaser value.
voidsetRandomClass(String randomClass)
Set the random number generator class name.
voidsetSecurePagesWithPragma(boolean securePagesWithPragma)
Set the value of the flag that states what headers we add to disable proxy caching.
voidstart()
Prepare for the beginning of active use of the public methods of this component.
voidstop()
Gracefully terminate the active use of the public methods of this component.

Field Detail

algorithm

protected String algorithm
The message digest algorithm to be used when generating session identifiers. This must be an algorithm supported by the java.security.MessageDigest class on your platform.

cache

protected boolean cache
Should we cache authenticated Principals if the request is part of an HTTP session?

changeSessionIdOnAuthentication

protected boolean changeSessionIdOnAuthentication
Should the session ID, if any, be changed upon a successful authentication to prevent a session fixation attack?

context

protected Context context
The Context to which this Valve is attached.

digest

protected MessageDigest digest
Return the MessageDigest implementation to be used when creating session identifiers.

disableProxyCaching

protected boolean disableProxyCaching
Flag to determine if we disable proxy caching, or leave the issue up to the webapp developer.

DEFAULT_ALGORITHM

protected static final String DEFAULT_ALGORITHM
The default message digest algorithm to use if we cannot use the requested one.

entropy

protected String entropy
A String initialization parameter used to increase the entropy of the initialization of our random number generator.

info

protected static final String info
Descriptive information about this implementation.

lifecycle

protected LifecycleSupport lifecycle
The lifecycle event support for this component.

random

protected Random random
A random number generator to use when generating session identifiers.

randomClass

protected String randomClass
The Java class name of the random number generator class to be used when generating session identifiers.

securePagesWithPragma

protected boolean securePagesWithPragma
Flag to determine if we disable proxy caching with headers incompatible with IE

sm

protected static final StringManager sm
The string manager for this package.

sso

protected SingleSignOn sso
The SingleSignOn implementation in our request processing chain, if there is one.

started

protected boolean started
Has this component been started?

SESSION_ID_BYTES

protected static final int SESSION_ID_BYTES
The number of random bytes to include when generating a session identifier.

Method Detail

addLifecycleListener

public void addLifecycleListener(LifecycleListener listener)
Add a lifecycle event listener to this component.

Parameters: listener The listener to add

associate

protected void associate(String ssoId, Session session)
Associate the specified single sign on identifier with the specified Session.

Parameters: ssoId Single sign on identifier session Session to be associated

authenticate

protected abstract boolean authenticate(Request request, Response response, LoginConfig config)
Authenticate the user making this request, based on the specified login configuration. Return true if any specified constraint has been satisfied, or false if we have created a response challenge already.

Parameters: request Request we are processing response Response we are creating config Login configuration describing how authentication should be performed

Throws: IOException if an input/output error occurs

findLifecycleListeners

public LifecycleListener[] findLifecycleListeners()
Get the lifecycle listeners associated with this lifecycle. If this Lifecycle has no listeners registered, a zero-length array is returned.

generateSessionId

protected String generateSessionId()
Generate and return a new session identifier for the cookie that identifies an SSO principal.

getAlgorithm

public String getAlgorithm()
Return the message digest algorithm for this Manager.

getCache

public boolean getCache()
Return the cache authenticated Principals flag.

getChangeSessionIdOnAuthentication

public boolean getChangeSessionIdOnAuthentication()
Return the flag that states if we should change the session ID of an existing session upon successful authentication.

Returns: true to change session ID upon successful authentication, false to do not perform the change.

getContainer

public Container getContainer()
Return the Container to which this Valve is attached.

getDigest

protected MessageDigest getDigest()
Return the MessageDigest object to be used for calculating session identifiers. If none has been created yet, initialize one the first time this method is called.

getDisableProxyCaching

public boolean getDisableProxyCaching()
Return the flag that states if we add headers to disable caching by proxies.

getEntropy

public String getEntropy()
Return the entropy increaser value, or compute a semi-useful value if this String has not yet been set.

getInfo

public String getInfo()
Return descriptive information about this Valve implementation.

getRandom

protected Random getRandom()
Return the random number generator instance we should use for generating session identifiers. If there is no such generator currently defined, construct and seed a new one.

getRandomClass

public String getRandomClass()
Return the random number generator class name.

getSecurePagesWithPragma

public boolean getSecurePagesWithPragma()
Return the flag that states, if proxy caching is disabled, what headers we add to disable the caching.

invoke

public void invoke(Request request, Response response)
Enforce the security restrictions in the web application deployment descriptor of our associated Context.

Parameters: request Request to be processed response Response to be processed

Throws: IOException if an input/output error occurs ServletException if thrown by a processing element

reauthenticateFromSSO

protected boolean reauthenticateFromSSO(String ssoId, Request request)
Attempts reauthentication to the Realm using the credentials included in argument entry.

Parameters: ssoId identifier of SingleSignOn session with which the caller is associated request the request that needs to be authenticated

register

protected void register(Request request, Response response, Principal principal, String authType, String username, String password)
Register an authenticated Principal and authentication type in our request, in the current session (if there is one), and with our SingleSignOn valve, if there is one. Set the appropriate cookie to be returned.

Parameters: request The servlet request we are processing response The servlet response we are generating principal The authenticated Principal to be registered authType The authentication type to be registered username Username used to authenticate (if any) password Password used to authenticate (if any)

removeLifecycleListener

public void removeLifecycleListener(LifecycleListener listener)
Remove a lifecycle event listener from this component.

Parameters: listener The listener to remove

setAlgorithm

public void setAlgorithm(String algorithm)
Set the message digest algorithm for this Manager.

Parameters: algorithm The new message digest algorithm

setCache

public void setCache(boolean cache)
Set the cache authenticated Principals flag.

Parameters: cache The new cache flag

setChangeSessionIdOnAuthentication

public void setChangeSessionIdOnAuthentication(boolean changeSessionIdOnAuthentication)
Set the value of the flag that states if we should change the session ID of an existing session upon successful authentication.

Parameters: changeSessionIdOnAuthentication true to change session ID upon successful authentication, false to do not perform the change.

setContainer

public void setContainer(Container container)
Set the Container to which this Valve is attached.

Parameters: container The container to which we are attached

setDisableProxyCaching

public void setDisableProxyCaching(boolean nocache)
Set the value of the flag that states if we add headers to disable caching by proxies.

Parameters: nocache true if we add headers to disable proxy caching, false if we leave the headers alone.

setEntropy

public void setEntropy(String entropy)
Set the entropy increaser value.

Parameters: entropy The new entropy increaser value

setRandomClass

public void setRandomClass(String randomClass)
Set the random number generator class name.

Parameters: randomClass The new random number generator class name

setSecurePagesWithPragma

public void setSecurePagesWithPragma(boolean securePagesWithPragma)
Set the value of the flag that states what headers we add to disable proxy caching.

Parameters: securePagesWithPragma true if we add headers which are incompatible with downloading office documents in IE under SSL but which fix a caching problem in Mozilla.

start

public void start()
Prepare for the beginning of active use of the public methods of this component. This method should be called after configure(), and before any of the public methods of the component are utilized.

Throws: LifecycleException if this component detects a fatal error that prevents this component from being used

stop

public void stop()
Gracefully terminate the active use of the public methods of this component. This method should be the last one called on a given instance of this component.

Throws: LifecycleException if this component detects a fatal error that needs to be reported

Copyright © 2000-2011 Apache Software Foundation. All Rights Reserved.