| org.apache.catalina.authenticator.AuthenticatorBase org.apache.catalina.authenticator.DigestAuthenticator
DigestAuthenticator | public class DigestAuthenticator extends AuthenticatorBase (Code) | | An Authenticator and Valve implementation of HTTP DIGEST
Authentication (see RFC 2069).
author: Craig R. McClanahan author: Remy Maucherat version: $Revision: 1.10 $ $Date: 2001/10/19 16:23:57 $ |
Field Summary | |
final protected static int | TIMEOUT_INFINITE Indicates that no once tokens are used only once. | final protected static int | USE_NEVER_EXPIRES Indicates that no once tokens are used only once. | final protected static int | USE_ONCE Indicates that no once tokens are used only once. | final protected static String | info Descriptive information about this implementation. | protected String | key Private key. | final protected static MD5Encoder | md5Encoder The MD5 helper object for this class. | protected static MessageDigest | md5Helper MD5 message digest provider. | protected long | nOnceTimeout No once expiration (in millisecond). | protected Hashtable | nOnceTokens No once hashtable. | protected int | nOnceUses No once expiration after a specified number of uses. |
TIMEOUT_INFINITE | final protected static int TIMEOUT_INFINITE(Code) | | Indicates that no once tokens are used only once.
|
USE_NEVER_EXPIRES | final protected static int USE_NEVER_EXPIRES(Code) | | Indicates that no once tokens are used only once.
|
USE_ONCE | final protected static int USE_ONCE(Code) | | Indicates that no once tokens are used only once.
|
info | final protected static String info(Code) | | Descriptive information about this implementation.
|
md5Encoder | final protected static MD5Encoder md5Encoder(Code) | | The MD5 helper object for this class.
|
nOnceTimeout | protected long nOnceTimeout(Code) | | No once expiration (in millisecond). A shorter amount would mean a
better security level (since the token is generated more often), but at
the expense of a bigger server overhead.
|
nOnceUses | protected int nOnceUses(Code) | | No once expiration after a specified number of uses. A lower number
would produce more overhead, since a token would have to be generated
more often, but would be more secure.
|
DigestAuthenticator | public DigestAuthenticator()(Code) | | |
authenticate | public boolean authenticate(HttpRequest request, HttpResponse response, LoginConfig config) throws IOException(Code) | | Authenticate the user making this request, based on the specified
login configuration. Return true if any specified
constraint has been satisfied, or false if we have
created a response challenge already.
Parameters: request - Request we are processing Parameters: response - Response we are creating Parameters: login - Login configuration describing how authenticationshould be performed exception: IOException - if an input/output error occurs |
findPrincipal | protected static Principal findPrincipal(HttpServletRequest request, String authorization, Realm realm)(Code) | | Parse the specified authorization credentials, and return the
associated Principal that these credentials authenticate (if any)
from the specified Realm. If there is no such Principal, return
null .
Parameters: request - HTTP servlet request Parameters: authorization - Authorization credentials from this request Parameters: login - Login configuration describing how authenticationshould be performed Parameters: realm - Realm used to authenticate Principals |
generateNOnce | protected String generateNOnce(HttpServletRequest request)(Code) | | Generate a unique token. The token is generated according to the
following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":"
time-stamp ":" private-key ) ).
Parameters: request - HTTP Servlet request |
getInfo | public String getInfo()(Code) | | Return descriptive information about this Valve implementation.
|
parseUsername | protected String parseUsername(String authorization)(Code) | | Parse the username from the specified authorization string. If none
can be identified, return null
Parameters: authorization - Authorization string to be parsed |
removeQuotes | protected static String removeQuotes(String quotedString)(Code) | | Removes the quotes on a string.
|
setAuthenticateHeader | protected void setAuthenticateHeader(HttpServletRequest request, HttpServletResponse response, LoginConfig config, String nOnce)(Code) | | Generates the WWW-Authenticate header.
The header MUST follow this template :
WWW-Authenticate = "WWW-Authenticate" ":" "Digest"
digest-challenge
digest-challenge = 1#( realm | [ domain ] | nOnce |
[ digest-opaque ] |[ stale ] | [ algorithm ] )
realm = "realm" "=" realm-value
realm-value = quoted-string
domain = "domain" "=" <"> 1#URI <">
nonce = "nonce" "=" nonce-value
nonce-value = quoted-string
opaque = "opaque" "=" quoted-string
stale = "stale" "=" ( "true" | "false" )
algorithm = "algorithm" "=" ( "MD5" | token )
Parameters: request - HTTP Servlet request Parameters: resonse - HTTP Servlet response Parameters: login - Login configuration describing how authenticationshould be performed Parameters: nOnce - nonce token |
Methods inherited from org.apache.catalina.authenticator.AuthenticatorBase | protected boolean accessControl(HttpRequest request, HttpResponse response, SecurityConstraint constraint) throws IOException(Code)(Java Doc) public void addLifecycleListener(LifecycleListener listener)(Code)(Java Doc) protected void associate(String ssoId, Session session)(Code)(Java Doc) abstract protected boolean authenticate(HttpRequest request, HttpResponse response, LoginConfig config) throws IOException(Code)(Java Doc) protected boolean checkUserData(HttpRequest request, HttpResponse response, SecurityConstraint constraint) throws IOException(Code)(Java Doc) protected SecurityConstraint findConstraint(HttpRequest request)(Code)(Java Doc) public LifecycleListener[] findLifecycleListeners()(Code)(Java Doc) protected synchronized String generateSessionId()(Code)(Java Doc) public String getAlgorithm()(Code)(Java Doc) public boolean getCache()(Code)(Java Doc) public Container getContainer()(Code)(Java Doc) public int getDebug()(Code)(Java Doc) protected synchronized MessageDigest getDigest()(Code)(Java Doc) public String getEntropy()(Code)(Java Doc) public String getInfo()(Code)(Java Doc) protected synchronized Random getRandom()(Code)(Java Doc) public String getRandomClass()(Code)(Java Doc) protected Session getSession(HttpRequest request)(Code)(Java Doc) protected Session getSession(HttpRequest request, boolean create)(Code)(Java Doc) public void invoke(Request request, Response response, ValveContext context) throws IOException, ServletException(Code)(Java Doc) protected void log(String message)(Code)(Java Doc) protected void log(String message, Throwable throwable)(Code)(Java Doc) protected void register(HttpRequest request, HttpResponse response, Principal principal, String authType, String username, String password)(Code)(Java Doc) public void removeLifecycleListener(LifecycleListener listener)(Code)(Java Doc) public void setAlgorithm(String algorithm)(Code)(Java Doc) public void setCache(boolean cache)(Code)(Java Doc) public void setContainer(Container container)(Code)(Java Doc) public void setDebug(int debug)(Code)(Java Doc) public void setEntropy(String entropy)(Code)(Java Doc) public void setRandomClass(String randomClass)(Code)(Java Doc) public void start() throws LifecycleException(Code)(Java Doc) public void stop() throws LifecycleException(Code)(Java Doc)
|
|
|