public class DigestAuthenticator extends AuthenticatorBase
AuthenticatorBase.AllowCorsPreflightLifecycle.SingleUse| Modifier and Type | Field and Description | 
|---|---|
| protected static String | infoDescriptive information about this implementation. | 
| protected String | keyPrivate key. | 
| protected long | lastTimestampThe last timestamp used to generate a nonce. | 
| protected Object | lastTimestampLock | 
| protected static MD5Encoder | md5EncoderDeprecated. 
 Unused - will be removed in Tomcat 8.0.x | 
| protected static MessageDigest | md5HelperDeprecated. 
 Unused - will be removed in Tomcat 8.0.x onwards | 
| protected int | nonceCacheSizeMaximum number of server nonces to keep in the cache. | 
| protected int | nonceCountWindowSizeThe window size to use to track seen nonce count values for a given
 nonce. | 
| protected Map<String,org.apache.catalina.authenticator.DigestAuthenticator.NonceInfo> | noncesList of server nonce values currently being tracked | 
| protected long | nonceValidityHow long server nonces are valid for in milliseconds. | 
| protected String | opaqueOpaque string. | 
| protected static String | QOPTomcat's DIGEST implementation only supports auth quality of protection. | 
| protected boolean | validateUriShould the URI be validated as required by RFC2617? | 
alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sendAuthInfoResponseHeaders, sessionIdGenerator, sm, ssoasyncSupported, container, containerLog, nextmserverAFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT| Constructor and Description | 
|---|
| DigestAuthenticator() | 
| Modifier and Type | Method and Description | 
|---|---|
| boolean | authenticate(Request request,
            HttpServletResponse response,
            LoginConfig config)Authenticate the user making this request, based on the specified
 login configuration. | 
| protected String | generateNonce(Request request)Generate a unique token. | 
| protected String | getAuthMethod() | 
| String | getInfo()Return descriptive information about this Valve implementation. | 
| String | getKey() | 
| int | getNonceCacheSize() | 
| int | getNonceCountWindowSize() | 
| long | getNonceValidity() | 
| String | getOpaque() | 
| boolean | isValidateUri() | 
| protected String | parseUsername(String authorization)Deprecated. 
 Unused. Will be removed in Tomcat 8.0.x | 
| protected static String | removeQuotes(String quotedString)Removes the quotes on a string. | 
| protected static String | removeQuotes(String quotedString,
            boolean quotesRequired)Removes the quotes on a string. | 
| protected void | setAuthenticateHeader(HttpServletRequest request,
                     HttpServletResponse response,
                     LoginConfig config,
                     String nonce,
                     boolean isNonceStale)Generates the WWW-Authenticate header. | 
| void | setKey(String key) | 
| void | setNonceCacheSize(int nonceCacheSize) | 
| void | setNonceCountWindowSize(int nonceCountWindowSize) | 
| void | setNonceValidity(long nonceValidity) | 
| void | setOpaque(String opaque) | 
| void | setValidateUri(boolean validateUri) | 
| protected void | startInternal()Start this component and implement the requirements of
  LifecycleBase.startInternal(). | 
allowCorsPreflightBypass, associate, authenticate, changeSessionID, checkForCachedAuthentication, doLogin, getAllowCorsPreflight, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getRequestCertificates, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, isContinuationRequired, isSendAuthInfoResponseHeaders, login, logout, reauthenticateFromSSO, register, setAllowCorsPreflight, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, setSendAuthInfoResponseHeaders, stopInternalbackgroundProcess, event, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toStringdestroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregisteraddLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop@Deprecated protected static final MD5Encoder md5Encoder
protected static final String info
protected static final String QOP
@Deprecated protected static volatile MessageDigest md5Helper
protected Map<String,org.apache.catalina.authenticator.DigestAuthenticator.NonceInfo> nonces
protected long lastTimestamp
protected final Object lastTimestampLock
protected int nonceCacheSize
protected int nonceCountWindowSize
protected String key
protected long nonceValidity
protected String opaque
protected boolean validateUri
public String getInfo()
getInfo in interface ValvegetInfo in class AuthenticatorBasepublic int getNonceCountWindowSize()
public void setNonceCountWindowSize(int nonceCountWindowSize)
public int getNonceCacheSize()
public void setNonceCacheSize(int nonceCacheSize)
public String getKey()
public void setKey(String key)
public long getNonceValidity()
public void setNonceValidity(long nonceValidity)
public String getOpaque()
public void setOpaque(String opaque)
public boolean isValidateUri()
public void setValidateUri(boolean validateUri)
public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws IOException
true if any specified
 constraint has been satisfied, or false if we have
 created a response challenge already.authenticate in interface Authenticatorauthenticate in class AuthenticatorBaserequest - Request we are processingresponse - Response we are creatingconfig - Login configuration describing how authentication
              should be performedtrue if any specified constraints have been
         satisfied, or false if one more constraints were not
         satisfied (in which case an authentication challenge will have
         been written to the response).IOException - if an input/output error occursprotected String getAuthMethod()
getAuthMethod in class AuthenticatorBase@Deprecated protected String parseUsername(String authorization)
nullauthorization - Authorization string to be parsednull is none was foundprotected static String removeQuotes(String quotedString, boolean quotesRequired)
quotedString - The quoted stringquotesRequired - true if quotes were requiredprotected static String removeQuotes(String quotedString)
quotedString - The quoted stringprotected String generateNonce(Request request)
request - HTTP Servlet requestprotected void setAuthenticateHeader(HttpServletRequest request, HttpServletResponse response, LoginConfig config, String nonce, boolean isNonceStale)
The header MUST follow this template :
      WWW-Authenticate    = "WWW-Authenticate" ":" "Digest"
                            digest-challenge
      digest-challenge    = 1#( realm | [ domain ] | nonce |
                  [ digest-opaque ] |[ stale ] | [ algorithm ] )
      realm               = "realm" "=" realm-value
      realm-value         = quoted-string
      domain              = "domain" "=" <"> 1#URI <">
      nonce               = "nonce" "=" nonce-value
      nonce-value         = quoted-string
      opaque              = "opaque" "=" quoted-string
      stale               = "stale" "=" ( "true" | "false" )
      algorithm           = "algorithm" "=" ( "MD5" | token )
 request - HTTP Servlet requestresponse - HTTP Servlet responseconfig - Login configuration describing how authentication
              should be performednonce - nonce tokenisNonceStale - true to add a stale parameterprotected void startInternal()
                      throws LifecycleException
AuthenticatorBaseLifecycleBase.startInternal().startInternal in class AuthenticatorBaseLifecycleException - if this component detects a fatal error that prevents this
                component from being usedCopyright © 2000-2020 Apache Software Foundation. All Rights Reserved.