public abstract class AuthenticatorBase extends ValveBase implements Authenticator
<security-constraint>
elements in the web application
deployment descriptor. This functionality is implemented as a Valve
so that it can be omitted in environments that do not require these
features. Individual implementations of each supported authentication
method can subclass this base class as required.
USAGE CONSTRAINT: When this class is utilized, the Context to which it is attached (or a parent Container in a hierarchy) must have an associated Realm that can be used for authenticating users and enumerating the roles to which they have been assigned.
USAGE CONSTRAINT: This Valve is only useful when processing HTTP requests. Requests of any other type will simply be passed through.
Modifier and Type | Field and Description |
---|---|
protected boolean |
alwaysUseSession
Should a session always be used once a user is authenticated?
|
protected static java.lang.String |
AUTH_HEADER_NAME
Authentication header
|
protected boolean |
cache
Should we cache authenticated Principals if the request is part of
an HTTP session?
|
protected boolean |
changeSessionIdOnAuthentication
Should the session ID, if any, be changed upon a successful
authentication to prevent a session fixation attack?
|
protected Context |
context
The Context to which this Valve is attached.
|
protected boolean |
disableProxyCaching
Flag to determine if we disable proxy caching, or leave the issue
up to the webapp developer.
|
protected static java.lang.String |
info
Descriptive information about this implementation.
|
protected static java.lang.String |
REALM_NAME
Default authentication realm name.
|
protected boolean |
securePagesWithPragma
Flag to determine if we disable proxy caching with headers incompatible
with IE.
|
protected java.lang.String |
secureRandomAlgorithm
The name of the algorithm to use to create instances of
SecureRandom which are used to generate SSO session
IDs. |
protected java.lang.String |
secureRandomClass
The Java class name of the secure random number generator class to be
used when generating SSO session identifiers.
|
protected java.lang.String |
secureRandomProvider
The name of the provider to use to create instances of
SecureRandom which are used to generate session SSO
IDs. |
protected SessionIdGeneratorBase |
sessionIdGenerator |
protected static StringManager |
sm
The string manager for this package.
|
protected SingleSignOn |
sso
The SingleSignOn implementation in our request processing chain,
if there is one.
|
asyncSupported, container, containerLog, next
mserver
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
Constructor and Description |
---|
AuthenticatorBase() |
Modifier and Type | Method and Description |
---|---|
protected void |
associate(java.lang.String ssoId,
Session session)
Associate the specified single sign on identifier with the
specified Session.
|
boolean |
authenticate(Request request,
HttpServletResponse response)
Authenticate the user making this request, based on the login
configuration of the
Context with which this Authenticator is
associated. |
abstract boolean |
authenticate(Request request,
HttpServletResponse response,
LoginConfig config)
Authenticate the user making this request, based on the specified
login configuration.
|
protected boolean |
checkForCachedAuthentication(Request request,
HttpServletResponse response,
boolean useSSO)
Check to see if the user has already been authenticated earlier in the
processing chain or if there is enough information available to
authenticate the user without requiring further user interaction.
|
protected java.security.Principal |
doLogin(Request request,
java.lang.String username,
java.lang.String password)
Process the login request.
|
boolean |
getAlwaysUseSession() |
protected abstract java.lang.String |
getAuthMethod() |
boolean |
getCache()
Return the cache authenticated Principals flag.
|
boolean |
getChangeSessionIdOnAuthentication()
Return the flag that states if we should change the session ID of an
existing session upon successful authentication.
|
Container |
getContainer()
Return the Container to which this Valve is attached.
|
boolean |
getDisableProxyCaching()
Return the flag that states if we add headers to disable caching by
proxies.
|
java.lang.String |
getInfo()
Return descriptive information about this Valve implementation.
|
protected java.security.cert.X509Certificate[] |
getRequestCertificates(Request request)
Look for the X509 certificate chain in the Request under the key
javax.servlet.request.X509Certificate . |
boolean |
getSecurePagesWithPragma()
Return the flag that states, if proxy caching is disabled, what headers
we add to disable the caching.
|
java.lang.String |
getSecureRandomAlgorithm()
Return the secure random number generator algorithm name.
|
java.lang.String |
getSecureRandomClass()
Return the secure random number generator class name.
|
java.lang.String |
getSecureRandomProvider()
Return the secure random number generator provider name.
|
void |
invoke(Request request,
Response response)
Enforce the security restrictions in the web application deployment
descriptor of our associated Context.
|
void |
login(java.lang.String username,
java.lang.String password,
Request request) |
void |
logout(Request request) |
protected boolean |
reauthenticateFromSSO(java.lang.String ssoId,
Request request)
Attempts reauthentication to the
Realm using
the credentials included in argument entry . |
void |
register(Request request,
HttpServletResponse response,
java.security.Principal principal,
java.lang.String authType,
java.lang.String username,
java.lang.String password)
Register an authenticated Principal and authentication type in our
request, in the current session (if there is one), and with our
SingleSignOn valve, if there is one.
|
void |
setAlwaysUseSession(boolean alwaysUseSession) |
void |
setCache(boolean cache)
Set the cache authenticated Principals flag.
|
void |
setChangeSessionIdOnAuthentication(boolean changeSessionIdOnAuthentication)
Set the value of the flag that states if we should change the session ID
of an existing session upon successful authentication.
|
void |
setContainer(Container container)
Set the Container to which this Valve is attached.
|
void |
setDisableProxyCaching(boolean nocache)
Set the value of the flag that states if we add headers to disable
caching by proxies.
|
void |
setSecurePagesWithPragma(boolean securePagesWithPragma)
Set the value of the flag that states what headers we add to disable
proxy caching.
|
void |
setSecureRandomAlgorithm(java.lang.String secureRandomAlgorithm)
Set the secure random number generator algorithm name.
|
void |
setSecureRandomClass(java.lang.String secureRandomClass)
Set the secure random number generator class name.
|
void |
setSecureRandomProvider(java.lang.String secureRandomProvider)
Set the secure random number generator provider name.
|
protected void |
startInternal()
Start this component and implement the requirements
of
LifecycleBase.startInternal() . |
protected void |
stopInternal()
Stop this component and implement the requirements
of
LifecycleBase.stopInternal() . |
backgroundProcess, event, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toString
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, init, removeLifecycleListener, setState, setState, start, stop
protected static final java.lang.String AUTH_HEADER_NAME
protected static final java.lang.String REALM_NAME
protected boolean alwaysUseSession
protected boolean cache
protected boolean changeSessionIdOnAuthentication
protected Context context
protected static final java.lang.String info
protected boolean disableProxyCaching
protected boolean securePagesWithPragma
protected java.lang.String secureRandomClass
SecureRandom
will be
generated.protected java.lang.String secureRandomAlgorithm
SecureRandom
which are used to generate SSO session
IDs. If no algorithm is specified, SHA1PRNG is used. To use the platform
default (which may be SHA1PRNG), specify the empty string. If an invalid
algorithm and/or provider is specified the SecureRandom instances will be
created using the defaults. If that fails, the SecureRandom instances
will be created using platform defaults.protected java.lang.String secureRandomProvider
SecureRandom
which are used to generate session SSO
IDs. If no algorithm is specified the of SHA1PRNG default is used. If an
invalid algorithm and/or provider is specified the SecureRandom instances
will be created using the defaults. If that fails, the SecureRandom
instances will be created using platform defaults.protected SessionIdGeneratorBase sessionIdGenerator
protected static final StringManager sm
protected SingleSignOn sso
public boolean getAlwaysUseSession()
public void setAlwaysUseSession(boolean alwaysUseSession)
public boolean getCache()
public void setCache(boolean cache)
cache
- The new cache flagpublic Container getContainer()
getContainer
in interface Contained
getContainer
in class ValveBase
public void setContainer(Container container)
setContainer
in interface Contained
setContainer
in class ValveBase
container
- The container to which we are attachedpublic java.lang.String getInfo()
public boolean getDisableProxyCaching()
public void setDisableProxyCaching(boolean nocache)
nocache
- true
if we add headers to disable proxy
caching, false
if we leave the headers alone.public boolean getSecurePagesWithPragma()
public void setSecurePagesWithPragma(boolean securePagesWithPragma)
securePagesWithPragma
- true
if we add headers which
are incompatible with downloading office documents in IE under SSL but
which fix a caching problem in Mozilla.public boolean getChangeSessionIdOnAuthentication()
true
to change session ID upon successful
authentication, false
to do not perform the change.public void setChangeSessionIdOnAuthentication(boolean changeSessionIdOnAuthentication)
changeSessionIdOnAuthentication
- true
to change session ID upon successful
authentication, false
to do not perform the
change.public java.lang.String getSecureRandomClass()
public void setSecureRandomClass(java.lang.String secureRandomClass)
secureRandomClass
- The new secure random number generator class
namepublic java.lang.String getSecureRandomAlgorithm()
public void setSecureRandomAlgorithm(java.lang.String secureRandomAlgorithm)
secureRandomAlgorithm
- The new secure random number generator
algorithm namepublic java.lang.String getSecureRandomProvider()
public void setSecureRandomProvider(java.lang.String secureRandomProvider)
secureRandomProvider
- The new secure random number generator
provider namepublic void invoke(Request request, Response response) throws java.io.IOException, ServletException
invoke
in interface Valve
invoke
in class ValveBase
request
- Request to be processedresponse
- Response to be processedjava.io.IOException
- if an input/output error occursServletException
- if thrown by a processing elementprotected java.security.cert.X509Certificate[] getRequestCertificates(Request request) throws java.lang.IllegalStateException
javax.servlet.request.X509Certificate
. If not found, trigger
extracting the certificate chain from the Coyote request.request
- Request to be processednull
otherwise.java.lang.IllegalStateException
protected void associate(java.lang.String ssoId, Session session)
ssoId
- Single sign on identifiersession
- Session to be associatedpublic boolean authenticate(Request request, HttpServletResponse response) throws java.io.IOException
Context
with which this Authenticator is
associated. Return true
if any specified constraint has
been satisfied, or false
if we have created a response
challenge already.authenticate
in interface Authenticator
request
- Request we are processingresponse
- Response we are populatingjava.io.IOException
- if an input/output error occurspublic abstract boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws java.io.IOException
true
if any specified
constraint has been satisfied, or false
if we have
created a response challenge already.authenticate
in interface Authenticator
request
- Request we are processingresponse
- Response we are populatingconfig
- Login configuration describing how authentication
should be performedjava.io.IOException
- if an input/output error occursprotected boolean checkForCachedAuthentication(Request request, HttpServletResponse response, boolean useSSO)
request
- The current requestresponse
- The current responseuseSSO
- Should information available from SSO be used to attempt
to authenticate the current user?true
if the user was authenticated via the cache,
otherwise false
protected boolean reauthenticateFromSSO(java.lang.String ssoId, Request request)
Realm
using
the credentials included in argument entry
.ssoId
- identifier of SingleSignOn session with which the
caller is associatedrequest
- the request that needs to be authenticatedpublic void register(Request request, HttpServletResponse response, java.security.Principal principal, java.lang.String authType, java.lang.String username, java.lang.String password)
request
- The servlet request we are processingresponse
- The servlet response we are generatingprincipal
- The authenticated Principal to be registeredauthType
- The authentication type to be registeredusername
- Username used to authenticate (if any)password
- Password used to authenticate (if any)public void login(java.lang.String username, java.lang.String password, Request request) throws ServletException
login
in interface Authenticator
ServletException
protected abstract java.lang.String getAuthMethod()
protected java.security.Principal doLogin(Request request, java.lang.String username, java.lang.String password) throws ServletException
request
- Associated requestusername
- The userpassword
- The passwordServletException
public void logout(Request request) throws ServletException
logout
in interface Authenticator
ServletException
protected void startInternal() throws LifecycleException
LifecycleBase.startInternal()
.startInternal
in class ValveBase
LifecycleException
- if this component detects a fatal error
that prevents this component from being usedprotected void stopInternal() throws LifecycleException
LifecycleBase.stopInternal()
.stopInternal
in class ValveBase
LifecycleException
- if this component detects a fatal error
that prevents this component from being usedCopyright © 2000-2015 Apache Software Foundation. All Rights Reserved.