DigestAuthenticator (Apache Tomcat 7.0.67 API Documentation)

java.lang.Object
- org.apache.catalina.util.LifecycleBase
- - org.apache.catalina.util.LifecycleMBeanBase
  - - org.apache.catalina.valves.ValveBase
    - - org.apache.catalina.authenticator.AuthenticatorBase
      - org.apache.catalina.authenticator.DigestAuthenticator

All Implemented Interfaces:

javax.management.MBeanRegistration, Authenticator, Contained, Lifecycle, Valve
```
public class DigestAuthenticator
extends AuthenticatorBase
```
An Authenticator and Valve implementation of HTTP DIGEST Authentication (see RFC 2069).

Author:

Craig R. McClanahan, Remy Maucherat

Field Summary

Fields
Modifier and Type	Field and Description
`protected static java.lang.String`	`info` Descriptive information about this implementation.
`protected java.lang.String`	`key` Private key.
`protected long`	`lastTimestamp` The last timestamp used to generate a nonce.
`protected java.lang.Object`	`lastTimestampLock`
`protected static MD5Encoder`	`md5Encoder` Deprecated. Unused - will be removed in Tomcat 8.0.x
`protected static java.security.MessageDigest`	`md5Helper` Deprecated. Unused - will be removed in Tomcat 8.0.x onwards
`protected int`	`nonceCacheSize` Maximum number of server nonces to keep in the cache.
`protected int`	`nonceCountWindowSize` The window size to use to track seen nonce count values for a given nonce.
`protected java.util.Map<java.lang.String,org.apache.catalina.authenticator.DigestAuthenticator.NonceInfo>`	`nonces` List of server nonce values currently being tracked
`protected long`	`nonceValidity` How long server nonces are valid for in milliseconds.
`protected java.lang.String`	`opaque` Opaque string.
`protected static java.lang.String`	`QOP` Tomcat's DIGEST implementation only supports auth quality of protection.
`protected boolean`	`validateUri` Should the URI be validated as required by RFC2617?

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase
alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sessionIdGenerator, sm, sso

Fields inherited from class org.apache.catalina.valves.ValveBase
asyncSupported, container, containerLog, next

Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase
mserver

Fields inherited from interface org.apache.catalina.Lifecycle
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Constructors
Constructor and Description

DigestAuthenticator()

Constructors
Constructor and Description
`DigestAuthenticator()`

Method Summary

Methods
Modifier and Type	Method and Description
`boolean`	`authenticate(Request request, HttpServletResponse response, LoginConfig config)` Authenticate the user making this request, based on the specified login configuration.
`protected java.lang.String`	`generateNonce(Request request)` Generate a unique token.
`protected java.lang.String`	`getAuthMethod()`
`java.lang.String`	`getInfo()` Return descriptive information about this Valve implementation.
`java.lang.String`	`getKey()`
`int`	`getNonceCacheSize()`
`int`	`getNonceCountWindowSize()`
`long`	`getNonceValidity()`
`java.lang.String`	`getOpaque()`
`boolean`	`isValidateUri()`
`protected java.lang.String`	`parseUsername(java.lang.String authorization)` Deprecated. Unused. Will be removed in Tomcat 8.0.x
`protected static java.lang.String`	`removeQuotes(java.lang.String quotedString)` Removes the quotes on a string.
`protected static java.lang.String`	`removeQuotes(java.lang.String quotedString, boolean quotesRequired)` Removes the quotes on a string.
`protected void`	`setAuthenticateHeader(HttpServletRequest request, HttpServletResponse response, LoginConfig config, java.lang.String nonce, boolean isNonceStale)` Generates the WWW-Authenticate header.
`void`	`setKey(java.lang.String key)`
`void`	`setNonceCacheSize(int nonceCacheSize)`
`void`	`setNonceCountWindowSize(int nonceCountWindowSize)`
`void`	`setNonceValidity(long nonceValidity)`
`void`	`setOpaque(java.lang.String opaque)`
`void`	`setValidateUri(boolean validateUri)`
`protected void`	`startInternal()` Start this component and implement the requirements of `LifecycleBase.startInternal()`.

Methods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, event, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toString

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister

Methods inherited from class org.apache.catalina.util.LifecycleBase
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, init, removeLifecycleListener, setState, setState, start, stop

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Field Detail
  - md5Encoder
```
@Deprecated
protected static final MD5Encoder md5Encoder
```
    Deprecated. Unused - will be removed in Tomcat 8.0.x
    
    The MD5 helper object for this class.
  - info
```
protected static final java.lang.String info
```
    Descriptive information about this implementation.
    
    See Also:
    Constant Field Values
  - QOP
```
protected static final java.lang.String QOP
```
    Tomcat's DIGEST implementation only supports auth quality of protection.
    
    See Also:
    Constant Field Values
  - md5Helper
```
@Deprecated
protected static volatile java.security.MessageDigest md5Helper
```
    Deprecated. Unused - will be removed in Tomcat 8.0.x onwards
    
    MD5 message digest provider.
  - nonces
```
protected java.util.Map<java.lang.String,org.apache.catalina.authenticator.DigestAuthenticator.NonceInfo> nonces
```
    List of server nonce values currently being tracked
  - lastTimestamp
```
protected long lastTimestamp
```
    The last timestamp used to generate a nonce. Each nonce should get a unique timestamp.
  - lastTimestampLock
```
protected final java.lang.Object lastTimestampLock
```
  - nonceCacheSize
```
protected int nonceCacheSize
```
    Maximum number of server nonces to keep in the cache. If not specified, the default value of 1000 is used.
  - nonceCountWindowSize
```
protected int nonceCountWindowSize
```
    The window size to use to track seen nonce count values for a given nonce. If not specified, the default of 100 is used.
  - key
```
protected java.lang.String key
```
    Private key.
  - nonceValidity
```
protected long nonceValidity
```
    How long server nonces are valid for in milliseconds. Defaults to 5 minutes.
  - opaque
```
protected java.lang.String opaque
```
    Opaque string.
  - validateUri
```
protected boolean validateUri
```
    Should the URI be validated as required by RFC2617? Can be disabled in reverse proxies where the proxy has modified the URI.
- Constructor Detail
  - DigestAuthenticator
```
public DigestAuthenticator()
```
- Method Detail
  - getInfo
```
public java.lang.String getInfo()
```
    Return descriptive information about this Valve implementation.
    
    Specified by:
    
    getInfo in interface Valve
    
    Overrides:
    
    getInfo in class AuthenticatorBase
  - getNonceCountWindowSize
```
public int getNonceCountWindowSize()
```
  - setNonceCountWindowSize
```
public void setNonceCountWindowSize(int nonceCountWindowSize)
```
  - getNonceCacheSize
```
public int getNonceCacheSize()
```
  - setNonceCacheSize
```
public void setNonceCacheSize(int nonceCacheSize)
```
  - getKey
```
public java.lang.String getKey()
```
  - setKey
```
public void setKey(java.lang.String key)
```
  - getNonceValidity
```
public long getNonceValidity()
```
  - setNonceValidity
```
public void setNonceValidity(long nonceValidity)
```
  - getOpaque
```
public java.lang.String getOpaque()
```
  - setOpaque
```
public void setOpaque(java.lang.String opaque)
```
  - isValidateUri
```
public boolean isValidateUri()
```
  - setValidateUri
```
public void setValidateUri(boolean validateUri)
```
  - authenticate
```
public boolean authenticate(Request request,
                   HttpServletResponse response,
                   LoginConfig config)
                     throws java.io.IOException
```
    Authenticate the user making this request, based on the specified login configuration. Return true if any specified constraint has been satisfied, or false if we have created a response challenge already.
    
    Specified by:
    
    authenticate in interface Authenticator
    
    Specified by:
    
    authenticate in class AuthenticatorBase
    
    Parameters:
    request - Request we are processing
    response - Response we are creating
    config - Login configuration describing how authentication should be performed
    
    Throws:
    
    java.io.IOException - if an input/output error occurs
  - getAuthMethod
```
protected java.lang.String getAuthMethod()
```
    Specified by:
    
    getAuthMethod in class AuthenticatorBase
  - parseUsername
```
@Deprecated
protected java.lang.String parseUsername(java.lang.String authorization)
```
    Deprecated. Unused. Will be removed in Tomcat 8.0.x
    
    Parse the username from the specified authorization string. If none can be identified, return null
    
    Parameters:
    authorization - Authorization string to be parsed
  - removeQuotes
```
protected static java.lang.String removeQuotes(java.lang.String quotedString,
                            boolean quotesRequired)
```
    Removes the quotes on a string. RFC2617 states quotes are optional for all parameters except realm.
  - removeQuotes
```
protected static java.lang.String removeQuotes(java.lang.String quotedString)
```
    Removes the quotes on a string.
  - generateNonce
```
protected java.lang.String generateNonce(Request request)
```
    Generate a unique token. The token is generated according to the following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":" time-stamp ":" private-key ) ).
    
    Parameters:
    request - HTTP Servlet request
  - setAuthenticateHeader
```
protected void setAuthenticateHeader(HttpServletRequest request,
                         HttpServletResponse response,
                         LoginConfig config,
                         java.lang.String nonce,
                         boolean isNonceStale)
```
    Generates the WWW-Authenticate header.
    The header MUST follow this template :
```
      WWW-Authenticate    = "WWW-Authenticate" ":" "Digest"
                            digest-challenge

      digest-challenge    = 1#( realm | [ domain ] | nonce |
                  [ digest-opaque ] |[ stale ] | [ algorithm ] )

      realm               = "realm" "=" realm-value
      realm-value         = quoted-string
      domain              = "domain" "=" <"> 1#URI <">
      nonce               = "nonce" "=" nonce-value
      nonce-value         = quoted-string
      opaque              = "opaque" "=" quoted-string
      stale               = "stale" "=" ( "true" | "false" )
      algorithm           = "algorithm" "=" ( "MD5" | token )
 
```
    Parameters:
    request - HTTP Servlet request
    response - HTTP Servlet response
    config - Login configuration describing how authentication should be performed
    nonce - nonce token
  - startInternal
```
protected void startInternal()
                      throws LifecycleException
```
    Description copied from class: AuthenticatorBase
    
    Start this component and implement the requirements of LifecycleBase.startInternal().
    
    Overrides:
    
    startInternal in class AuthenticatorBase
    
    Throws:
    
    LifecycleException - if this component detects a fatal error that prevents this component from being used

Class DigestAuthenticator

Field Summary

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

Fields inherited from class org.apache.catalina.valves.ValveBase

Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase

Fields inherited from interface org.apache.catalina.Lifecycle

Constructor Summary

Method Summary

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

Methods inherited from class org.apache.catalina.valves.ValveBase

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase

Methods inherited from class org.apache.catalina.util.LifecycleBase

Methods inherited from class java.lang.Object

Field Detail

md5Encoder

info

QOP

md5Helper

nonces

lastTimestamp

lastTimestampLock

nonceCacheSize

nonceCountWindowSize

key

nonceValidity

opaque

validateUri

Constructor Detail

DigestAuthenticator

Method Detail

getInfo

getNonceCountWindowSize

setNonceCountWindowSize

getNonceCacheSize

setNonceCacheSize

getKey

setKey

getNonceValidity

setNonceValidity

getOpaque

setOpaque

isValidateUri

setValidateUri

authenticate

getAuthMethod

parseUsername

removeQuotes

removeQuotes

generateNonce

setAuthenticateHeader

startInternal