DigestAuthenticator (Apache Tomcat 7.0.109 API Documentation)

java.lang.Object
- org.apache.catalina.util.LifecycleBase
- - org.apache.catalina.util.LifecycleMBeanBase
  - - org.apache.catalina.valves.ValveBase
    - - org.apache.catalina.authenticator.AuthenticatorBase
      - org.apache.catalina.authenticator.DigestAuthenticator

All Implemented Interfaces:

MBeanRegistration, Authenticator, Contained, JmxEnabled, Lifecycle, Valve
```
public class DigestAuthenticator
extends AuthenticatorBase
```
An Authenticator and Valve implementation of HTTP DIGEST Authentication (see RFC 2069).

Author:

Craig R. McClanahan, Remy Maucherat

Nested Class Summary
- Nested classes/interfaces inherited from class org.apache.catalina.authenticator.AuthenticatorBase
  AuthenticatorBase.AllowCorsPreflight
- Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle
  Lifecycle.SingleUse

Field Summary

Fields
Modifier and Type	Field and Description
`protected static String`	`info` Descriptive information about this implementation.
`protected String`	`key` Private key.
`protected long`	`lastTimestamp` The last timestamp used to generate a nonce.
`protected Object`	`lastTimestampLock`
`protected static MD5Encoder`	`md5Encoder` Deprecated. Unused - will be removed in Tomcat 8.0.x
`protected static MessageDigest`	`md5Helper` Deprecated. Unused - will be removed in Tomcat 8.0.x onwards
`protected int`	`nonceCacheSize` Maximum number of server nonces to keep in the cache.
`protected int`	`nonceCountWindowSize` The window size to use to track seen nonce count values for a given nonce.
`protected Map<String,org.apache.catalina.authenticator.DigestAuthenticator.NonceInfo>`	`nonces` List of server nonce values currently being tracked
`protected long`	`nonceValidity` How long server nonces are valid for in milliseconds.
`protected String`	`opaque` Opaque string.
`protected static String`	`QOP` Tomcat's DIGEST implementation only supports auth quality of protection.
`protected boolean`	`validateUri` Should the URI be validated as required by RFC2617?

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase
alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sendAuthInfoResponseHeaders, sessionIdGenerator, sm, sso

Fields inherited from class org.apache.catalina.valves.ValveBase
asyncSupported, container, containerLog, next

Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase
mserver

Fields inherited from interface org.apache.catalina.Lifecycle
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Constructors
Constructor and Description

DigestAuthenticator()

Constructors
Constructor and Description
`DigestAuthenticator()`

Method Summary

Methods
Modifier and Type	Method and Description
`boolean`	`authenticate(Request request, HttpServletResponse response, LoginConfig config)` Authenticate the user making this request, based on the specified login configuration.
`protected String`	`generateNonce(Request request)` Generate a unique token.
`protected String`	`getAuthMethod()`
`String`	`getInfo()` Return descriptive information about this Valve implementation.
`String`	`getKey()`
`int`	`getNonceCacheSize()`
`int`	`getNonceCountWindowSize()`
`long`	`getNonceValidity()`
`String`	`getOpaque()`
`boolean`	`isValidateUri()`
`protected String`	`parseUsername(String authorization)` Deprecated. Unused. Will be removed in Tomcat 8.0.x
`protected static String`	`removeQuotes(String quotedString)` Removes the quotes on a string.
`protected static String`	`removeQuotes(String quotedString, boolean quotesRequired)` Removes the quotes on a string.
`protected void`	`setAuthenticateHeader(HttpServletRequest request, HttpServletResponse response, LoginConfig config, String nonce, boolean isNonceStale)` Generates the WWW-Authenticate header.
`void`	`setKey(String key)`
`void`	`setNonceCacheSize(int nonceCacheSize)`
`void`	`setNonceCountWindowSize(int nonceCountWindowSize)`
`void`	`setNonceValidity(long nonceValidity)`
`void`	`setOpaque(String opaque)`
`void`	`setValidateUri(boolean validateUri)`
`protected void`	`startInternal()` Start this component and implement the requirements of `LifecycleBase.startInternal()`.

Methods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, event, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toString

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister

Methods inherited from class org.apache.catalina.util.LifecycleBase
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Field Detail
  - md5Encoder
```
@Deprecated
protected static final MD5Encoder md5Encoder
```
    Deprecated. Unused - will be removed in Tomcat 8.0.x
    
    The MD5 helper object for this class.
  - info
```
protected static final String info
```
    Descriptive information about this implementation.
    
    See Also:
    Constant Field Values
  - QOP
```
protected static final String QOP
```
    Tomcat's DIGEST implementation only supports auth quality of protection.
    
    See Also:
    Constant Field Values
  - md5Helper
```
@Deprecated
protected static volatile MessageDigest md5Helper
```
    Deprecated. Unused - will be removed in Tomcat 8.0.x onwards
    
    MD5 message digest provider.
  - nonces
```
protected Map<String,org.apache.catalina.authenticator.DigestAuthenticator.NonceInfo> nonces
```
    List of server nonce values currently being tracked
  - lastTimestamp
```
protected long lastTimestamp
```
    The last timestamp used to generate a nonce. Each nonce should get a unique timestamp.
  - lastTimestampLock
```
protected final Object lastTimestampLock
```
  - nonceCacheSize
```
protected int nonceCacheSize
```
    Maximum number of server nonces to keep in the cache. If not specified, the default value of 1000 is used.
  - nonceCountWindowSize
```
protected int nonceCountWindowSize
```
    The window size to use to track seen nonce count values for a given nonce. If not specified, the default of 100 is used.
  - key
```
protected String key
```
    Private key.
  - nonceValidity
```
protected long nonceValidity
```
    How long server nonces are valid for in milliseconds. Defaults to 5 minutes.
  - opaque
```
protected String opaque
```
    Opaque string.
  - validateUri
```
protected boolean validateUri
```
    Should the URI be validated as required by RFC2617? Can be disabled in reverse proxies where the proxy has modified the URI.
- Constructor Detail
  - DigestAuthenticator
```
public DigestAuthenticator()
```
- Method Detail
  - getInfo
```
public String getInfo()
```
    Return descriptive information about this Valve implementation.
    
    Specified by:
    
    getInfo in interface Valve
    
    Overrides:
    
    getInfo in class AuthenticatorBase
    
    Returns:
    descriptive information about this Valve implementation.
  - getNonceCountWindowSize
```
public int getNonceCountWindowSize()
```
  - setNonceCountWindowSize
```
public void setNonceCountWindowSize(int nonceCountWindowSize)
```
  - getNonceCacheSize
```
public int getNonceCacheSize()
```
  - setNonceCacheSize
```
public void setNonceCacheSize(int nonceCacheSize)
```
  - getKey
```
public String getKey()
```
  - setKey
```
public void setKey(String key)
```
  - getNonceValidity
```
public long getNonceValidity()
```
  - setNonceValidity
```
public void setNonceValidity(long nonceValidity)
```
  - getOpaque
```
public String getOpaque()
```
  - setOpaque
```
public void setOpaque(String opaque)
```
  - isValidateUri
```
public boolean isValidateUri()
```
  - setValidateUri
```
public void setValidateUri(boolean validateUri)
```
  - authenticate
```
public boolean authenticate(Request request,
                   HttpServletResponse response,
                   LoginConfig config)
                     throws IOException
```
    Authenticate the user making this request, based on the specified login configuration. Return true if any specified constraint has been satisfied, or false if we have created a response challenge already.
    
    Specified by:
    
    authenticate in interface Authenticator
    
    Specified by:
    
    authenticate in class AuthenticatorBase
    
    Parameters:
    request - Request we are processing
    response - Response we are creating
    config - Login configuration describing how authentication should be performed
    
    Returns:
    true if any specified constraints have been satisfied, or false if one more constraints were not satisfied (in which case an authentication challenge will have been written to the response).
    
    Throws:
    
    IOException - if an input/output error occurs
  - getAuthMethod
```
protected String getAuthMethod()
```
    Specified by:
    
    getAuthMethod in class AuthenticatorBase
  - parseUsername
```
@Deprecated
protected String parseUsername(String authorization)
```
    Deprecated. Unused. Will be removed in Tomcat 8.0.x
    
    Parse the username from the specified authorization string. If none can be identified, return null
    
    Parameters:
    authorization - Authorization string to be parsed
    
    Returns:
    The extracted username or null is none was found
  - removeQuotes
```
protected static String removeQuotes(String quotedString,
                  boolean quotesRequired)
```
    Removes the quotes on a string. RFC2617 states quotes are optional for all parameters except realm.
    
    Parameters:
    quotedString - The quoted string
    quotesRequired - true if quotes were required
    
    Returns:
    The unquoted string
  - removeQuotes
```
protected static String removeQuotes(String quotedString)
```
    Removes the quotes on a string.
    
    Parameters:
    quotedString - The quoted string
    
    Returns:
    The unquoted string
  - generateNonce
```
protected String generateNonce(Request request)
```
    Generate a unique token. The token is generated according to the following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":" time-stamp ":" private-key ) ).
    
    Parameters:
    request - HTTP Servlet request
    
    Returns:
    The generated nonce
  - setAuthenticateHeader
```
protected void setAuthenticateHeader(HttpServletRequest request,
                         HttpServletResponse response,
                         LoginConfig config,
                         String nonce,
                         boolean isNonceStale)
```
    Generates the WWW-Authenticate header.
    The header MUST follow this template :
```
      WWW-Authenticate    = "WWW-Authenticate" ":" "Digest"
                            digest-challenge

      digest-challenge    = 1#( realm | [ domain ] | nonce |
                  [ digest-opaque ] |[ stale ] | [ algorithm ] )

      realm               = "realm" "=" realm-value
      realm-value         = quoted-string
      domain              = "domain" "=" <"> 1#URI <">
      nonce               = "nonce" "=" nonce-value
      nonce-value         = quoted-string
      opaque              = "opaque" "=" quoted-string
      stale               = "stale" "=" ( "true" | "false" )
      algorithm           = "algorithm" "=" ( "MD5" | token )
 
```
    Parameters:
    request - HTTP Servlet request
    response - HTTP Servlet response
    config - Login configuration describing how authentication should be performed
    nonce - nonce token
    isNonceStale - true to add a stale parameter
  - startInternal
```
protected void startInternal()
                      throws LifecycleException
```
    Description copied from class: AuthenticatorBase
    
    Start this component and implement the requirements of LifecycleBase.startInternal().
    
    Overrides:
    
    startInternal in class AuthenticatorBase
    
    Throws:
    
    LifecycleException - if this component detects a fatal error that prevents this component from being used

Class DigestAuthenticator

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.catalina.authenticator.AuthenticatorBase

Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle

Field Summary

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

Fields inherited from class org.apache.catalina.valves.ValveBase

Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase

Fields inherited from interface org.apache.catalina.Lifecycle

Constructor Summary

Method Summary

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

Methods inherited from class org.apache.catalina.valves.ValveBase

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase

Methods inherited from class org.apache.catalina.util.LifecycleBase

Methods inherited from class java.lang.Object

Field Detail

md5Encoder

info

QOP

md5Helper

nonces

lastTimestamp

lastTimestampLock

nonceCacheSize

nonceCountWindowSize

key

nonceValidity

opaque

validateUri

Constructor Detail

DigestAuthenticator

Method Detail

getInfo

getNonceCountWindowSize

setNonceCountWindowSize

getNonceCacheSize

setNonceCacheSize

getKey

setKey

getNonceValidity

setNonceValidity

getOpaque

setOpaque

isValidateUri

setValidateUri

authenticate

getAuthMethod

parseUsername

removeQuotes

removeQuotes

generateNonce

setAuthenticateHeader

startInternal