org.apache.catalina.authenticator

Class DigestAuthenticator

java.lang.Object

org.apache.catalina.valves.ValveBase

org.apache.catalina.authenticator.AuthenticatorBase

org.apache.catalina.authenticator.DigestAuthenticator

All Implemented Interfaces:

Authenticator, Contained, Lifecycle, Valve, GlassFishValve

public class DigestAuthenticator
extends AuthenticatorBase

An Authenticator and Valve implementation of HTTP DIGEST Authentication (see RFC 2069).

Version:

$Revision: 1.6 $ $Date: 2007/04/17 21:33:22 $

Author:

Craig R. McClanahan, Remy Maucherat

Field Summary

Fields

Modifier and Type	Field and Description
protected static String	algorithm The message digest algorithm to be used when generating session identifiers.
protected int	cnonceCacheSize Maximum number of client nonces to keep in the cache.
protected static String	DEFAULT_ALGORITHM The default message digest algorithm to use if we cannot use the requested one.
protected static DigestEncoder	digestEncoder The MD5 helper object for this class.
protected static String	info Descriptive information about this implementation.
protected String	key Private key.
protected static MessageDigest	messageDigest MD5 message digest provider.
protected long	nonceValidity How long server nonces are valid for in milliseconds.
protected String	opaque Opaque string.
protected static String	QOP DIGEST implementation only supports auth quality of protection.
protected boolean	validateUri Should the URI be validated as required by RFC2617? Can be disabled in reverse proxies where the proxy has modified the URI.

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, entropy, log, random, randomClass, rb, REALM_NAME, securePagesWithPragma, SESSION_ID_BYTES, sso

Fields inherited from class org.apache.catalina.valves.ValveBase

container, controller, debug, domain, lifecycle, next, oname, started

Fields inherited from interface org.apache.catalina.Lifecycle

AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, INIT_EVENT, START_EVENT, STOP_EVENT

Fields inherited from interface org.glassfish.web.valve.GlassFishValve

END_PIPELINE, INVOKE_NEXT

Constructor Summary

Constructors

Constructor and Description
DigestAuthenticator()

Method Summary

Modifier and Type	Method and Description
boolean	authenticate(HttpRequest request, HttpResponse response, LoginConfig config) Authenticate the user making this request, based on the specified login configuration.
protected static byte[]	digest(byte[] data)
protected String	generateNonce(javax.servlet.http.HttpServletRequest request) Generate a unique token.
static String	getAlgorithm() Return the message digest algorithm for this Manager.
protected String	getAuthMethod()
int	getCnonceCacheSize()
String	getInfo() Return descriptive information about this Valve implementation.
String	getKey()
protected static MessageDigest	getMessageDigest()
long	getNonceValidity()
String	getOpaque()
boolean	isValidateUri()
protected String	parseUsername(String authorization) Parse the username from the specified authorization string.
protected static String	removeQuotes(String quotedString) Removes the quotes on a string.
protected static String	removeQuotes(String quotedString, boolean quotesRequired) Removes the quotes on a string.
static void	setAlgorithm(String alg) Set the message digest algorithm for this Manager.
protected void	setAuthenticateHeader(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, LoginConfig config, String nOnce, boolean isNonceStale) Generates the WWW-Authenticate header.
void	setCnonceCacheSize(int cnonceCacheSize)
void	setKey(String key)
void	setNonceValidity(long nonceValidity)
void	setOpaque(String opaque)
void	setValidateUri(boolean validateUri)
void	start() Prepare for the beginning of active use of the public methods of this component.

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

associate, doLogin, generateSessionId, getAlwaysUseSession, getCache, getContainer, getDebug, getDisableProxyCaching, getEntropy, getRandom, getRandomClass, getRealmName, getSession, getSession, getSingleSignOn, invoke, isChangeSessionIdOnAuthentication, isSecurePagesWithPragma, log, log, login, logout, postInvoke, register, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDebug, setDisableProxyCaching, setEntropy, setRandomClass, setRealmName, setSecurePagesWithPragma, setSingleSignOn, stop

Methods inherited from class org.apache.catalina.valves.ValveBase

addLifecycleListener, backgroundProcess, createObjectName, event, findLifecycleListeners, getController, getDomain, getNext, getObjectName, getParentName, invoke, isStarted, removeLifecycleListener, setController, setNext, setObjectName

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

digestEncoder

protected static final DigestEncoder digestEncoder

The MD5 helper object for this class.

info

protected static final String info

Descriptive information about this implementation.

See Also:

Constant Field Values

QOP

protected static final String QOP

DIGEST implementation only supports auth quality of protection.

See Also:

Constant Field Values

DEFAULT_ALGORITHM

protected static final String DEFAULT_ALGORITHM

The default message digest algorithm to use if we cannot use the requested one.

See Also:

Constant Field Values

algorithm

protected static volatile String algorithm

The message digest algorithm to be used when generating session identifiers. This must be an algorithm supported by the java.security.MessageDigest class on your platform.

messageDigest

protected static volatile MessageDigest messageDigest

MD5 message digest provider.

cnonceCacheSize

protected int cnonceCacheSize

Maximum number of client nonces to keep in the cache. If not specified, the default value of 1000 is used.

key

protected String key

Private key.

nonceValidity

protected long nonceValidity

How long server nonces are valid for in milliseconds. Defaults to 5 minutes.

opaque

protected String opaque

Opaque string.

validateUri

protected boolean validateUri

Should the URI be validated as required by RFC2617? Can be disabled in reverse proxies where the proxy has modified the URI.

Constructor Detail

DigestAuthenticator

public DigestAuthenticator()

Method Detail

getAlgorithm

public static String getAlgorithm()

Return the message digest algorithm for this Manager.

setAlgorithm

public static void setAlgorithm(String alg)

Set the message digest algorithm for this Manager.

Parameters:

alg - The new message digest algorithm

getInfo

public String getInfo()

Return descriptive information about this Valve implementation.

Specified by:

getInfo in interface Valve

Specified by:

getInfo in interface GlassFishValve

Overrides:

getInfo in class AuthenticatorBase

getCnonceCacheSize

public int getCnonceCacheSize()

setCnonceCacheSize

public void setCnonceCacheSize(int cnonceCacheSize)

getKey

public String getKey()

setKey

public void setKey(String key)

getNonceValidity

public long getNonceValidity()

setNonceValidity

public void setNonceValidity(long nonceValidity)

getOpaque

public String getOpaque()

setOpaque

public void setOpaque(String opaque)

isValidateUri

public boolean isValidateUri()

setValidateUri

public void setValidateUri(boolean validateUri)

authenticate

public boolean authenticate(HttpRequest request,
                            HttpResponse response,
                            LoginConfig config)
                     throws IOException

Authenticate the user making this request, based on the specified login configuration. Return true if any specified constraint has been satisfied, or false if we have created a response challenge already.

Specified by:

authenticate in class AuthenticatorBase

Parameters:

request - Request we are processing

response - Response we are creating

config - Login configuration describing how authentication should be performed

Throws:

IOException - if an input/output error occurs

parseUsername

protected String parseUsername(String authorization)

Parse the username from the specified authorization string. If none can be identified, return null

Parameters:

authorization - Authorization string to be parsed

getAuthMethod

protected String getAuthMethod()

Specified by:

getAuthMethod in class AuthenticatorBase

removeQuotes

protected static String removeQuotes(String quotedString,
                                     boolean quotesRequired)

Removes the quotes on a string.

removeQuotes

protected static String removeQuotes(String quotedString)

Removes the quotes on a string.

generateNonce

protected String generateNonce(javax.servlet.http.HttpServletRequest request)

Generate a unique token. The token is generated according to the following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":" time-stamp ":" private-key ) ).

Parameters:

request - HTTP Servlet request

setAuthenticateHeader

protected void setAuthenticateHeader(javax.servlet.http.HttpServletRequest request,
                                     javax.servlet.http.HttpServletResponse response,
                                     LoginConfig config,
                                     String nOnce,
                                     boolean isNonceStale)

Generates the WWW-Authenticate header.

The header MUST follow this template :

      WWW-Authenticate    = "WWW-Authenticate" ":" "Digest"
                            digest-challenge

      digest-challenge    = 1#( realm | [ domain ] | nOnce |
                  [ digest-opaque ] |[ stale ] | [ algorithm ] )

      realm               = "realm" "=" realm-value
      realm-value         = quoted-string
      domain              = "domain" "=" <"> 1#URI <">
      nonce               = "nonce" "=" nonce-value
      nonce-value         = quoted-string
      opaque              = "opaque" "=" quoted-string
      stale               = "stale" "=" ( "true" | "false" )
      algorithm           = "algorithm" "=" ( "MD5" | token )
 

Parameters:

request - HTTP Servlet request

response - HTTP Servlet response

config - Login configuration describing how authentication should be performed

nOnce - nonce token

getMessageDigest

protected static MessageDigest getMessageDigest()

digest

protected static byte[] digest(byte[] data)

start

public void start()
           throws LifecycleException

Description copied from class: AuthenticatorBase

Prepare for the beginning of active use of the public methods of this component. This method should be called after configure(), and before any of the public methods of the component are utilized.

Specified by:

start in interface Lifecycle

Overrides:

start in class AuthenticatorBase

Throws:

LifecycleException - if this component detects a fatal error that prevents this component from being used