org.apache.catalina.authenticator

Class DigestAuthenticator

Implemented Interfaces:
Authenticator, Contained, Lifecycle, MBeanRegistration, Valve

public class DigestAuthenticator
extends AuthenticatorBase

An Authenticator and Valve implementation of HTTP DIGEST Authentication (see RFC 2069).

Version:
$Revision: 1.6 $ $Date: 2004/04/22 21:48:32 $

Authors:
Craig R. McClanahan
Remy Maucherat

Field Summary

protected static int
TIMEOUT_INFINITE
Indicates that no once tokens are used only once.
protected static int
USE_NEVER_EXPIRES
Indicates that no once tokens are used only once.
protected static int
USE_ONCE
Indicates that no once tokens are used only once.
protected static String
info
Descriptive information about this implementation.
protected String
key
Private key.
protected static MD5Encoder
md5Encoder
The MD5 helper object for this class.
protected static MessageDigest
md5Helper
MD5 message digest provider.
protected long
nOnceTimeout
No once expiration (in millisecond).
protected Hashtable
nOnceTokens
No once hashtable.
protected int
nOnceUses
No once expiration after a specified number of uses.

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

DEFAULT_ALGORITHM, SESSION_ID_BYTES, algorithm, cache, context, debug, digest, disableProxyCaching, entropy, info, lifecycle, random, randomClass, sm, sso, started

Fields inherited from class org.apache.catalina.valves.ValveBase

container, controller, debug, domain, info, mserver, oname, sm

Fields inherited from interface org.apache.catalina.Lifecycle

AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

DigestAuthenticator()

Method Summary

boolean
authenticate(HttpRequest request, HttpResponse response, LoginConfig config)
Authenticate the user making this request, based on the specified login configuration.
protected static Principal
findPrincipal(HttpServletRequest request, String authorization, Realm realm)
Parse the specified authorization credentials, and return the associated Principal that these credentials authenticate (if any) from the specified Realm.
protected String
generateNOnce(HttpServletRequest request)
Generate a unique token.
String
getInfo()
Return descriptive information about this Valve implementation.
protected String
parseUsername(String authorization)
Parse the username from the specified authorization string.
protected static String
removeQuotes(String quotedString)
Removes the quotes on a string.
protected static String
removeQuotes(String quotedString, boolean quotesRequired)
Removes the quotes on a string.
protected void
setAuthenticateHeader(HttpServletRequest request, HttpServletResponse response, LoginConfig config, String nOnce)
Generates the WWW-Authenticate header.

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

addLifecycleListener, associate, authenticate, findLifecycleListeners, generateSessionId, getAlgorithm, getCache, getContainer, getDebug, getDigest, getDisableProxyCaching, getEntropy, getInfo, getRandom, getRandomClass, getSession, getSession, invoke, log, log, reauthenticateFromSSO, register, removeLifecycleListener, setAlgorithm, setCache, setContainer, setDebug, setDisableProxyCaching, setEntropy, setRandomClass, start, stop

Methods inherited from class org.apache.catalina.valves.ValveBase

createObjectName, getContainer, getContainerName, getController, getDebug, getDomain, getInfo, getObjectName, getParentName, invoke, postDeregister, postRegister, preDeregister, preRegister, setContainer, setController, setDebug, setObjectName

Field Details

TIMEOUT_INFINITE

protected static final int TIMEOUT_INFINITE
Indicates that no once tokens are used only once.


USE_NEVER_EXPIRES

protected static final int USE_NEVER_EXPIRES
Indicates that no once tokens are used only once.


USE_ONCE

protected static final int USE_ONCE
Indicates that no once tokens are used only once.

Field Value:
1


info

protected static final String info
Descriptive information about this implementation.


key

protected String key
Private key.


md5Encoder

protected static final MD5Encoder md5Encoder
The MD5 helper object for this class.


md5Helper

protected static MessageDigest md5Helper
MD5 message digest provider.


nOnceTimeout

protected long nOnceTimeout
No once expiration (in millisecond). A shorter amount would mean a better security level (since the token is generated more often), but at the expense of a bigger server overhead.


nOnceTokens

protected Hashtable nOnceTokens
No once hashtable.


nOnceUses

protected int nOnceUses
No once expiration after a specified number of uses. A lower number would produce more overhead, since a token would have to be generated more often, but would be more secure.

Constructor Details

DigestAuthenticator

public DigestAuthenticator()

Method Details

authenticate

public boolean authenticate(HttpRequest request,
                            HttpResponse response,
                            LoginConfig config)
            throws IOException
Authenticate the user making this request, based on the specified login configuration. Return true if any specified constraint has been satisfied, or false if we have created a response challenge already.
Overrides:
authenticate in interface AuthenticatorBase

Parameters:
request - Request we are processing
response - Response we are creating
config - Login configuration describing how authentication should be performed


findPrincipal

protected static Principal findPrincipal(HttpServletRequest request,
                                         String authorization,
                                         Realm realm)
Parse the specified authorization credentials, and return the associated Principal that these credentials authenticate (if any) from the specified Realm. If there is no such Principal, return null.

Parameters:
request - HTTP servlet request
authorization - Authorization credentials from this request
realm - Realm used to authenticate Principals


generateNOnce

protected String generateNOnce(HttpServletRequest request)
Generate a unique token. The token is generated according to the following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":" time-stamp ":" private-key ) ).

Parameters:
request - HTTP Servlet request


getInfo

public String getInfo()
Return descriptive information about this Valve implementation.
Specified by:
getInfo in interface Valve
Overrides:
getInfo in interface AuthenticatorBase


parseUsername

protected String parseUsername(String authorization)
Parse the username from the specified authorization string. If none can be identified, return null

Parameters:
authorization - Authorization string to be parsed


removeQuotes

protected static String removeQuotes(String quotedString)
Removes the quotes on a string.


removeQuotes

protected static String removeQuotes(String quotedString,
                                     boolean quotesRequired)
Removes the quotes on a string. RFC2617 states quotes are optional for all parameters except realm.


setAuthenticateHeader

protected void setAuthenticateHeader(HttpServletRequest request,
                                     HttpServletResponse response,
                                     LoginConfig config,
                                     String nOnce)
Generates the WWW-Authenticate header.

The header MUST follow this template :

      WWW-Authenticate    = "WWW-Authenticate" ":" "Digest"
                            digest-challenge

      digest-challenge    = 1#( realm | [ domain ] | nOnce |
                  [ digest-opaque ] |[ stale ] | [ algorithm ] )

      realm               = "realm" "=" realm-value
      realm-value         = quoted-string
      domain              = "domain" "=" <"> 1#URI <">
      nonce               = "nonce" "=" nonce-value
      nonce-value         = quoted-string
      opaque              = "opaque" "=" quoted-string
      stale               = "stale" "=" ( "true" | "false" )
      algorithm           = "algorithm" "=" ( "MD5" | token )
 

Parameters:
request - HTTP Servlet request
response - HTTP Servlet response
config - Login configuration describing how authentication should be performed
nOnce - nonce token


Copyright B) 2000-2003 Apache Software Foundation. All Rights Reserved.