org.eclipse.jetty.security.authentication
Class DigestAuthenticator

java.lang.Object
  org.eclipse.jetty.security.authentication.LoginAuthenticator
      org.eclipse.jetty.security.authentication.DigestAuthenticator

All Implemented Interfaces:

Authenticator

public class DigestAuthenticator
extends LoginAuthenticator

Version:

$Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $ The nonce max age can be set with the SecurityHandler.setInitParameter(String, String) using the name "maxNonceAge"

Nested Class Summary

Nested classes/interfaces inherited from interface org.eclipse.jetty.security.Authenticator

Authenticator.AuthConfiguration, Authenticator.Factory

Field Summary

protected long	_maxNonceAge
protected long	_nonceSecret
protected boolean	_useStale

Fields inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator

_deferred, _identityService, _loginService, SESSION_SECURED

Constructor Summary

DigestAuthenticator()

Method Summary

String	getAuthMethod()
String	newNonce(Request request)
boolean	secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, Authentication.User validatedUser)
void	setConfiguration(Authenticator.AuthConfiguration configuration) Configure the Authenticator
Authentication	validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) Validate a response

Methods inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator

getLoginService, renewSessionOnAuthentication

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

_maxNonceAge

protected long _maxNonceAge

_nonceSecret

protected long _nonceSecret

_useStale

protected boolean _useStale

Constructor Detail

DigestAuthenticator

public DigestAuthenticator()

Method Detail

setConfiguration

public void setConfiguration(Authenticator.AuthConfiguration configuration)

Description copied from interface: Authenticator

Configure the Authenticator

Specified by:

setConfiguration in interface Authenticator

Overrides:

setConfiguration in class LoginAuthenticator

See Also:

LoginAuthenticator.setConfiguration(org.eclipse.jetty.security.Authenticator.AuthConfiguration)

getAuthMethod

public String getAuthMethod()

Returns:

The name of the authentication method

secureResponse

public boolean secureResponse(ServletRequest req,
                              ServletResponse res,
                              boolean mandatory,
                              Authentication.User validatedUser)
                       throws ServerAuthException

Returns:

true if response is secure

Throws:

ServerAuthException

validateRequest

public Authentication validateRequest(ServletRequest req,
                                      ServletResponse res,
                                      boolean mandatory)
                               throws ServerAuthException

Description copied from interface: Authenticator

Validate a response

Parameters:

req - The request

res - The response

mandatory - True if authentication is mandatory.

Returns:

An Authentication. If Authentication is successful, this will be a Authentication.User. If a response has been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will implement Authentication.ResponseSent. If Authentication is not manditory, then a Authentication.Deferred may be returned.

Throws:

ServerAuthException

newNonce

public String newNonce(Request request)