Home » apache-tomcat-6.0.26-src » org.apache » catalina » authenticator » [javadoc | source]
org.apache.catalina.authenticator
public class: DigestAuthenticator [javadoc | source]
java.lang.Object
   org.apache.catalina.valves.ValveBase
      org.apache.catalina.authenticator.AuthenticatorBase
         org.apache.catalina.authenticator.DigestAuthenticator

All Implemented Interfaces:
    Authenticator, Lifecycle, Valve, MBeanRegistration, Contained

An Authenticator and Valve implementation of HTTP DIGEST Authentication (see RFC 2069).
Field Summary
protected static final  MD5Encoder md5Encoder    The MD5 helper object for this class. 
protected static final  String info    Descriptive information about this implementation. 
protected static  MessageDigest md5Helper    MD5 message digest provider. 
protected  String key    Private key. 
Fields inherited from org.apache.catalina.authenticator.AuthenticatorBase:
DEFAULT_ALGORITHM,  SESSION_ID_BYTES,  algorithm,  cache,  changeSessionIdOnAuthentication,  context,  digest,  entropy,  info,  disableProxyCaching,  securePagesWithPragma,  lifecycle,  random,  randomClass,  sm,  sso,  started
Fields inherited from org.apache.catalina.valves.ValveBase:
container,  containerLog,  info,  next,  sm,  domain,  oname,  mserver,  controller
Constructor:
 public DigestAuthenticator() 
Method from org.apache.catalina.authenticator.DigestAuthenticator Summary:
authenticate,   findPrincipal,   generateNOnce,   getInfo,   parseUsername,   removeQuotes,   removeQuotes,   setAuthenticateHeader
Methods from org.apache.catalina.authenticator.AuthenticatorBase:
addLifecycleListener,   associate,   authenticate,   findLifecycleListeners,   generateSessionId,   getAlgorithm,   getCache,   getChangeSessionIdOnAuthentication,   getContainer,   getDigest,   getDisableProxyCaching,   getEntropy,   getInfo,   getRandom,   getRandomClass,   getSecurePagesWithPragma,   invoke,   reauthenticateFromSSO,   register,   removeLifecycleListener,   setAlgorithm,   setCache,   setChangeSessionIdOnAuthentication,   setContainer,   setDisableProxyCaching,   setEntropy,   setRandomClass,   setSecurePagesWithPragma,   start,   stop
Methods from org.apache.catalina.valves.ValveBase:
backgroundProcess,   createObjectName,   event,   getContainer,   getContainerName,   getController,   getDomain,   getInfo,   getNext,   getObjectName,   getParentName,   invoke,   postDeregister,   postRegister,   preDeregister,   preRegister,   setContainer,   setController,   setNext,   setObjectName,   toString
Methods from java.lang.Object:
clone,   equals,   finalize,   getClass,   hashCode,   notify,   notifyAll,   toString,   wait,   wait,   wait
Method from org.apache.catalina.authenticator.DigestAuthenticator Detail:
 public boolean authenticate(Request request,
    Response response,
    LoginConfig config) throws IOException 
    Authenticate the user making this request, based on the specified login configuration. Return true if any specified constraint has been satisfied, or false if we have created a response challenge already.
 protected static Principal findPrincipal(Request request,
    String authorization,
    Realm realm) 
    Parse the specified authorization credentials, and return the associated Principal that these credentials authenticate (if any) from the specified Realm. If there is no such Principal, return null.
 protected String generateNOnce(Request request) 
    Generate a unique token. The token is generated according to the following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":" time-stamp ":" private-key ) ).
 public String getInfo() 
    Return descriptive information about this Valve implementation.
 protected String parseUsername(String authorization) 
    Parse the username from the specified authorization string. If none can be identified, return null
 protected static String removeQuotes(String quotedString) 
    Removes the quotes on a string.
 protected static String removeQuotes(String quotedString,
    boolean quotesRequired) 
    Removes the quotes on a string. RFC2617 states quotes are optional for all parameters except realm.
 protected  void setAuthenticateHeader(Request request,
    Response response,
    LoginConfig config,
    String nOnce) 
    Generates the WWW-Authenticate header.

    The header MUST follow this template :

         WWW-Authenticate    = "WWW-Authenticate" ":" "Digest"
                               digest-challenge
    
         digest-challenge    = 1#( realm | [ domain ] | nOnce |
                     [ digest-opaque ] |[ stale ] | [ algorithm ] )
    
         realm               = "realm" "=" realm-value
         realm-value         = quoted-string
         domain              = "domain" "=" <"> 1#URI <">
         nonce               = "nonce" "=" nonce-value
         nonce-value         = quoted-string
         opaque              = "opaque" "=" quoted-string
         stale               = "stale" "=" ( "true" | "false" )
         algorithm           = "algorithm" "=" ( "MD5" | token )