Class BasicAuthenticator

All Implemented Interfaces:
RegistrationListener, MBeanRegistration, Authenticator, Contained, JmxEnabled, Lifecycle, Valve

public class BasicAuthenticator extends AuthenticatorBase
An Authenticator and Valve implementation of HTTP BASIC Authentication, as outlined in RFC 7617: "The 'Basic' HTTP Authentication Scheme"
Craig R. McClanahan
  • Constructor Details

    • BasicAuthenticator

      public BasicAuthenticator()
  • Method Details

    • getCharset

      public String getCharset()
    • setCharset

      public void setCharset(String charsetString)
    • getTrimCredentials

      @Deprecated public boolean getTrimCredentials()
      Will be removed in Tomcat 11 onwards.
      Obtain the current setting for the removal of whitespace around the decoded user name and password.
      true if white space will be removed around the decoded user name and password
    • setTrimCredentials

      @Deprecated public void setTrimCredentials(boolean trimCredentials)
      Will be removed in Tomcat 11 onwards.
      Configures trimming of whitespace around the decoded user name and password.
      trimCredentials - true to remove white space around the decoded user name and password
    • doAuthenticate

      protected boolean doAuthenticate(Request request, HttpServletResponse response) throws IOException
      Description copied from class: AuthenticatorBase
      Provided for sub-classes to implement their specific authentication mechanism.
      Specified by:
      doAuthenticate in class AuthenticatorBase
      request - The request that triggered the authentication
      response - The response associated with the request
      true if the the user was authenticated, otherwise false, in which case an authentication challenge will have been written to the response
      IOException - If an I/O problem occurred during the authentication process
    • getAuthMethod

      protected String getAuthMethod()
      Description copied from class: AuthenticatorBase
      Return the authentication method, which is vendor-specific and not defined by HttpServletRequest.
      Specified by:
      getAuthMethod in class AuthenticatorBase
      the authentication method, which is vendor-specific and not defined by HttpServletRequest.
    • isPreemptiveAuthPossible

      protected boolean isPreemptiveAuthPossible(Request request)
      Description copied from class: AuthenticatorBase
      Can the authenticator perform preemptive authentication for the given request?
      isPreemptiveAuthPossible in class AuthenticatorBase
      request - The request to check for credentials
      true if preemptive authentication is possible, otherwise false