public abstract class AuthenticatorBase extends ValveBase implements Authenticator
<security-constraint> elements in the web application
 deployment descriptor. This functionality is implemented as a Valve so that
 it can be omitted in environments that do not require these features.
 Individual implementations of each supported authentication method can
 subclass this base class as required.
 USAGE CONSTRAINT: When this class is utilized, the Context to which it is attached (or a parent Container in a hierarchy) must have an associated Realm that can be used for authenticating users and enumerating the roles to which they have been assigned.
USAGE CONSTRAINT: This Valve is only useful when processing HTTP requests. Requests of any other type will simply be passed through.
| Modifier and Type | Class and Description | 
|---|---|
| protected static class  | AuthenticatorBase.AllowCorsPreflight | 
Lifecycle.SingleUse| Modifier and Type | Field and Description | 
|---|---|
| protected boolean | alwaysUseSessionShould a session always be used once a user is authenticated? | 
| protected static String | AUTH_HEADER_NAMEAuthentication header | 
| protected boolean | cacheShould we cache authenticated Principals if the request is part of an
 HTTP session? | 
| protected boolean | changeSessionIdOnAuthenticationShould the session ID, if any, be changed upon a successful
 authentication to prevent a session fixation attack? | 
| protected Context | contextThe Context to which this Valve is attached. | 
| protected boolean | disableProxyCachingFlag to determine if we disable proxy caching, or leave the issue up to
 the webapp developer. | 
| protected static String | infoDescriptive information about this implementation. | 
| protected static String | REALM_NAMEDefault authentication realm name. | 
| protected boolean | securePagesWithPragmaFlag to determine if we disable proxy caching with headers incompatible
 with IE. | 
| protected String | secureRandomAlgorithmThe name of the algorithm to use to create instances of
  SecureRandomwhich are used to generate SSO session
 IDs. | 
| protected String | secureRandomClassThe Java class name of the secure random number generator class to be
 used when generating SSO session identifiers. | 
| protected String | secureRandomProviderThe name of the provider to use to create instances of
  SecureRandomwhich are used to generate session SSO
 IDs. | 
| protected boolean | sendAuthInfoResponseHeadersShould the auth information (remote user and auth type) be returned as response
 headers for a forwarded/proxied request? | 
| protected SessionIdGeneratorBase | sessionIdGenerator | 
| protected static StringManager | smThe string manager for this package. | 
| protected SingleSignOn | ssoThe SingleSignOn implementation in our request processing chain, if there
 is one. | 
asyncSupported, container, containerLog, nextmserverAFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT| Constructor and Description | 
|---|
| AuthenticatorBase() | 
| Modifier and Type | Method and Description | 
|---|---|
| protected boolean | allowCorsPreflightBypass(Request request) | 
| protected void | associate(String ssoId,
         Session session)Associate the specified single sign on identifier with the specified
 Session. | 
| boolean | authenticate(Request request,
            HttpServletResponse httpResponse)Authenticate the user making this request, based on the login
 configuration of the  Contextwith which this Authenticator is
 associated. | 
| abstract boolean | authenticate(Request request,
            HttpServletResponse response,
            LoginConfig config)Authenticate the user making this request, based on the specified
 login configuration. | 
| protected String | changeSessionID(Request request,
               Session session) | 
| protected boolean | checkForCachedAuthentication(Request request,
                            HttpServletResponse response,
                            boolean useSSO)Check to see if the user has already been authenticated earlier in the
 processing chain or if there is enough information available to
 authenticate the user without requiring further user interaction. | 
| protected Principal | doLogin(Request request,
       String username,
       String password)Process the login request. | 
| String | getAllowCorsPreflight() | 
| boolean | getAlwaysUseSession() | 
| protected abstract String | getAuthMethod() | 
| boolean | getCache()Return the cache authenticated Principals flag. | 
| boolean | getChangeSessionIdOnAuthentication()Return the flag that states if we should change the session ID of an
 existing session upon successful authentication. | 
| Container | getContainer()Return the Container to which this Valve is attached. | 
| boolean | getDisableProxyCaching()Return the flag that states if we add headers to disable caching by
 proxies. | 
| String | getInfo()Return descriptive information about this Valve implementation. | 
| protected X509Certificate[] | getRequestCertificates(Request request)Look for the X509 certificate chain in the Request under the key
  javax.servlet.request.X509Certificate. | 
| boolean | getSecurePagesWithPragma()Return the flag that states, if proxy caching is disabled, what headers
 we add to disable the caching. | 
| String | getSecureRandomAlgorithm()Return the secure random number generator algorithm name. | 
| String | getSecureRandomClass()Return the secure random number generator class name. | 
| String | getSecureRandomProvider()Return the secure random number generator provider name. | 
| void | invoke(Request request,
      Response response)Enforce the security restrictions in the web application deployment
 descriptor of our associated Context. | 
| protected boolean | isContinuationRequired(Request request)Does this authenticator require that  authenticate(Request,
 HttpServletResponse)is called to continue an authentication process
 that started in a previous request? | 
| boolean | isSendAuthInfoResponseHeaders()Returns the flag whether authentication information will be sent to a reverse
 proxy on a forwarded request. | 
| void | login(String username,
     String password,
     Request request) | 
| void | logout(Request request) | 
| protected boolean | reauthenticateFromSSO(String ssoId,
                     Request request)Attempts reauthentication to the  Realmusing the credentials
 included in argumententry. | 
| void | register(Request request,
        HttpServletResponse response,
        Principal principal,
        String authType,
        String username,
        String password)Register an authenticated Principal and authentication type in our
 request, in the current session (if there is one), and with our
 SingleSignOn valve, if there is one. | 
| void | setAllowCorsPreflight(String allowCorsPreflight) | 
| void | setAlwaysUseSession(boolean alwaysUseSession) | 
| void | setCache(boolean cache)Set the cache authenticated Principals flag. | 
| void | setChangeSessionIdOnAuthentication(boolean changeSessionIdOnAuthentication)Set the value of the flag that states if we should change the session ID
 of an existing session upon successful authentication. | 
| void | setContainer(Container container)Set the Container to which this Valve is attached. | 
| void | setDisableProxyCaching(boolean nocache)Set the value of the flag that states if we add headers to disable
 caching by proxies. | 
| void | setSecurePagesWithPragma(boolean securePagesWithPragma)Set the value of the flag that states what headers we add to disable
 proxy caching. | 
| void | setSecureRandomAlgorithm(String secureRandomAlgorithm)Set the secure random number generator algorithm name. | 
| void | setSecureRandomClass(String secureRandomClass)Set the secure random number generator class name. | 
| void | setSecureRandomProvider(String secureRandomProvider)Set the secure random number generator provider name. | 
| void | setSendAuthInfoResponseHeaders(boolean sendAuthInfoResponseHeaders)Sets the flag whether authentication information will be send to a reverse
 proxy on a forwarded request. | 
| protected void | startInternal()Start this component and implement the requirements of
  LifecycleBase.startInternal(). | 
| protected void | stopInternal()Stop this component and implement the requirements of
  LifecycleBase.stopInternal(). | 
backgroundProcess, event, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toStringdestroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregisteraddLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stopprotected static final StringManager sm
protected static final String AUTH_HEADER_NAME
protected static final String REALM_NAME
protected boolean alwaysUseSession
protected boolean cache
protected boolean changeSessionIdOnAuthentication
protected Context context
protected static final String info
protected boolean disableProxyCaching
protected boolean securePagesWithPragma
protected String secureRandomClass
SecureRandom will be
 generated.protected String secureRandomAlgorithm
SecureRandom which are used to generate SSO session
 IDs. If no algorithm is specified, SHA1PRNG is used. To use the platform
 default (which may be SHA1PRNG), specify the empty string. If an invalid
 algorithm and/or provider is specified the SecureRandom instances will be
 created using the defaults. If that fails, the SecureRandom instances
 will be created using platform defaults.protected String secureRandomProvider
SecureRandom which are used to generate session SSO
 IDs. If no algorithm is specified the of SHA1PRNG default is used. If an
 invalid algorithm and/or provider is specified the SecureRandom instances
 will be created using the defaults. If that fails, the SecureRandom
 instances will be created using platform defaults.protected boolean sendAuthInfoResponseHeaders
RemoteIpValve or
 RemoteIpFilter mark a forwarded request with the
 Globals.REQUEST_FORWARDED_ATTRIBUTE this authenticator can return the
 values of HttpServletRequest.getRemoteUser() and
 HttpServletRequest.getAuthType() as reponse headers remote-user
 and auth-type to a reverse proxy. This is useful, e.g., for access log
 consistency or other decisions to make.protected SessionIdGeneratorBase sessionIdGenerator
protected SingleSignOn sso
public String getAllowCorsPreflight()
public void setAllowCorsPreflight(String allowCorsPreflight)
public boolean getAlwaysUseSession()
public void setAlwaysUseSession(boolean alwaysUseSession)
public boolean getCache()
true if authenticated Principals will be cached,
         otherwise falsepublic void setCache(boolean cache)
cache - The new cache flagpublic Container getContainer()
getContainer in interface ContainedgetContainer in class ValveBasenull if not associated with a Containerpublic void setContainer(Container container)
setContainer in interface ContainedsetContainer in class ValveBasecontainer - The container to which we are attachedpublic String getInfo()
public boolean getDisableProxyCaching()
true if the headers will be added, otherwise
         falsepublic void setDisableProxyCaching(boolean nocache)
nocache - true if we add headers to disable proxy caching,
            false if we leave the headers alone.public boolean getSecurePagesWithPragma()
true if a Pragma header should be used, otherwise
         falsepublic void setSecurePagesWithPragma(boolean securePagesWithPragma)
securePagesWithPragma - true if we add headers which are incompatible
            with downloading office documents in IE under SSL but which
            fix a caching problem in Mozilla.public boolean getChangeSessionIdOnAuthentication()
true to change session ID upon successful
         authentication, false to do not perform the change.public void setChangeSessionIdOnAuthentication(boolean changeSessionIdOnAuthentication)
changeSessionIdOnAuthentication - true to change
            session ID upon successful authentication, false
            to do not perform the change.public String getSecureRandomClass()
public void setSecureRandomClass(String secureRandomClass)
secureRandomClass - The new secure random number generator class namepublic String getSecureRandomAlgorithm()
public void setSecureRandomAlgorithm(String secureRandomAlgorithm)
secureRandomAlgorithm - The new secure random number generator algorithm namepublic String getSecureRandomProvider()
public void setSecureRandomProvider(String secureRandomProvider)
secureRandomProvider - The new secure random number generator provider namepublic boolean isSendAuthInfoResponseHeaders()
true if response headers shall be sent,  false otherwisepublic void setSendAuthInfoResponseHeaders(boolean sendAuthInfoResponseHeaders)
sendAuthInfoResponseHeaders - true if response headers shall be
                                    sent, false otherwisepublic void invoke(Request request, Response response) throws IOException, ServletException
invoke in interface Valveinvoke in class ValveBaserequest - Request to be processedresponse - Response to be processedIOException - if an input/output error occursServletException - if thrown by a processing elementprotected boolean allowCorsPreflightBypass(Request request)
public boolean authenticate(Request request, HttpServletResponse httpResponse) throws IOException
AuthenticatorContext with which this Authenticator is
 associated.authenticate in interface Authenticatorrequest - Request we are processinghttpResponse - Response we are populatingtrue if any specified constraints have been
         satisfied, or false if one more constraints were not
         satisfied (in which case an authentication challenge will have
         been written to the response).IOException - if an input/output error occurspublic abstract boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws IOException
Authenticatorauthenticate in interface Authenticatorrequest - Request we are processingresponse - Response we are populatingconfig - Login configuration describing how authentication
              should be performedtrue if any specified constraints have been
         satisfied, or false if one more constraints were not
         satisfied (in which case an authentication challenge will have
         been written to the response).IOException - if an input/output error occursprotected boolean isContinuationRequired(Request request)
authenticate(Request,
 HttpServletResponse) is called to continue an authentication process
 that started in a previous request?request - The request currently being processedtrue if authenticate() must be called, otherwise
         falseprotected X509Certificate[] getRequestCertificates(Request request) throws IllegalStateException
javax.servlet.request.X509Certificate. If not found, trigger
 extracting the certificate chain from the Coyote request.request - Request to be processednull otherwise.IllegalStateExceptionprotected void associate(String ssoId, Session session)
ssoId - Single sign on identifiersession - Session to be associatedprotected boolean checkForCachedAuthentication(Request request, HttpServletResponse response, boolean useSSO)
request - The current requestresponse - The current responseuseSSO - Should information available from SSO be used to attempt to
            authenticate the current user?true if the user was authenticated via the cache,
         otherwise falseprotected boolean reauthenticateFromSSO(String ssoId, Request request)
Realm using the credentials
 included in argument entry.ssoId - identifier of SingleSignOn session with which the caller is
            associatedrequest - the request that needs to be authenticatedtrue if the reauthentication from SSL occurredpublic void register(Request request, HttpServletResponse response, Principal principal, String authType, String username, String password)
request - The servlet request we are processingresponse - The servlet response we are generatingprincipal - The authenticated Principal to be registeredauthType - The authentication type to be registeredusername - Username used to authenticate (if any)password - Password used to authenticate (if any)public void login(String username, String password, Request request) throws ServletException
login in interface AuthenticatorServletExceptionprotected abstract String getAuthMethod()
protected Principal doLogin(Request request, String username, String password) throws ServletException
request - Associated requestusername - The userpassword - The passwordServletException - No principal was authenticated with the specified credentialspublic void logout(Request request) throws ServletException
logout in interface AuthenticatorServletExceptionprotected void startInternal()
                      throws LifecycleException
LifecycleBase.startInternal().startInternal in class ValveBaseLifecycleException - if this component detects a fatal error that prevents this
                component from being usedprotected void stopInternal()
                     throws LifecycleException
LifecycleBase.stopInternal().stopInternal in class ValveBaseLifecycleException - if this component detects a fatal error that prevents this
                component from being usedCopyright © 2000-2020 Apache Software Foundation. All Rights Reserved.