public class DigestAuthenticator extends LoginAuthenticator
SecurityHandler.setInitParameter(String, String)
using the name "maxNonceAge". The nonce max count can be set with SecurityHandler.setInitParameter(String, String)
using the name "maxNonceCount". When the age or count is exceeded, the nonce is considered stale.Authenticator.AuthConfiguration, Authenticator.Factory
_identityService, _loginService
Constructor and Description |
---|
DigestAuthenticator() |
Modifier and Type | Method and Description |
---|---|
String |
getAuthMethod() |
long |
getMaxNonceAge() |
int |
getMaxNonceCount() |
UserIdentity |
login(String username,
Object credentials,
ServletRequest request) |
String |
newNonce(Request request) |
boolean |
secureResponse(ServletRequest req,
ServletResponse res,
boolean mandatory,
Authentication.User validatedUser)
is response secure
|
void |
setConfiguration(Authenticator.AuthConfiguration configuration)
Configure the Authenticator
|
void |
setMaxNonceAge(long maxNonceAgeInMillis) |
void |
setMaxNonceCount(int maxNC) |
Authentication |
validateRequest(ServletRequest req,
ServletResponse res,
boolean mandatory)
Validate a request
|
getLoginService, prepareRequest, renewSession
public void setConfiguration(Authenticator.AuthConfiguration configuration)
Authenticator
setConfiguration
in interface Authenticator
setConfiguration
in class LoginAuthenticator
configuration
- the configurationpublic int getMaxNonceCount()
public void setMaxNonceCount(int maxNC)
public long getMaxNonceAge()
public void setMaxNonceAge(long maxNonceAgeInMillis)
public String getAuthMethod()
public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, Authentication.User validatedUser) throws ServerAuthException
Authenticator
req
- the requestres
- the responsemandatory
- if security is mandatorvalidatedUser
- the user that was validatedServerAuthException
- if unable to test responsepublic Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException
Authenticator
req
- The requestres
- The responsemandatory
- True if authentication is mandatory.Authentication.User
. If a response has
been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will
implement Authentication.ResponseSent
. If Authentication is not manditory, then a
Authentication.Deferred
may be returned.ServerAuthException
- if unable to validate requestpublic UserIdentity login(String username, Object credentials, ServletRequest request)
login
in class LoginAuthenticator
Copyright © 1995–2017 Webtide. All rights reserved.