|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.catalina.valves.ValveBase org.apache.catalina.authenticator.AuthenticatorBase
public abstract class AuthenticatorBase
Basic implementation of the Valve interface that enforces the
<security-constraint>
elements in the web application
deployment descriptor. This functionality is implemented as a Valve
so that it can be ommitted in environments that do not require these
features. Individual implementations of each supported authentication
method can subclass this base class as required.
USAGE CONSTRAINT: When this class is utilized, the Context to which it is attached (or a parent Container in a hierarchy) must have an associated Realm that can be used for authenticating users and enumerating the roles to which they have been assigned.
USAGE CONSTRAINT: This Valve is only useful when processing HTTP requests. Requests of any other type will simply be passed through.
Field Summary | |
---|---|
protected java.lang.String |
algorithm
The message digest algorithm to be used when generating session identifiers. |
protected boolean |
cache
Should we cache authenticated Principals if the request is part of an HTTP session? |
protected boolean |
changeSessionIdOnAuthentication
Should the session ID, if any, be changed upon a successful authentication to prevent a session fixation attack? |
protected Context |
context
The Context to which this Valve is attached. |
protected static java.lang.String |
DEFAULT_ALGORITHM
The default message digest algorithm to use if we cannot use the requested one. |
protected java.security.MessageDigest |
digest
Return the MessageDigest implementation to be used when creating session identifiers. |
protected boolean |
disableProxyCaching
Flag to determine if we disable proxy caching, or leave the issue up to the webapp developer. |
protected java.lang.String |
entropy
A String initialization parameter used to increase the entropy of the initialization of our random number generator. |
protected static java.lang.String |
info
Descriptive information about this implementation. |
protected LifecycleSupport |
lifecycle
The lifecycle event support for this component. |
protected java.util.Random |
random
A random number generator to use when generating session identifiers. |
protected java.lang.String |
randomClass
The Java class name of the random number generator class to be used when generating session identifiers. |
protected boolean |
securePagesWithPragma
Flag to determine if we disable proxy caching with headers incompatible with IE |
protected static int |
SESSION_ID_BYTES
The number of random bytes to include when generating a session identifier. |
protected static StringManager |
sm
The string manager for this package. |
protected SingleSignOn |
sso
The SingleSignOn implementation in our request processing chain, if there is one. |
protected boolean |
started
Has this component been started? |
Fields inherited from class org.apache.catalina.valves.ValveBase |
---|
container, containerLog, controller, domain, mserver, next, oname |
Fields inherited from interface org.apache.catalina.Lifecycle |
---|
AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, DESTROY_EVENT, INIT_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT |
Constructor Summary | |
---|---|
AuthenticatorBase()
|
Method Summary | |
---|---|
void |
addLifecycleListener(LifecycleListener listener)
Add a lifecycle event listener to this component. |
protected void |
associate(java.lang.String ssoId,
Session session)
Associate the specified single sign on identifier with the specified Session. |
boolean |
authenticate(Request request,
javax.servlet.http.HttpServletResponse response)
API login. |
protected abstract boolean |
authenticate(Request request,
javax.servlet.http.HttpServletResponse response,
LoginConfig config)
Authenticate the user making this request, based on the specified login configuration. |
LifecycleListener[] |
findLifecycleListeners()
Get the lifecycle listeners associated with this lifecycle. |
protected java.lang.String |
generateSessionId()
Generate and return a new session identifier for the cookie that identifies an SSO principal. |
java.lang.String |
getAlgorithm()
Return the message digest algorithm for this Manager. |
boolean |
getCache()
Return the cache authenticated Principals flag. |
Container |
getContainer()
Return the Container to which this Valve is attached. |
protected java.security.MessageDigest |
getDigest()
Return the MessageDigest object to be used for calculating session identifiers. |
boolean |
getDisableProxyCaching()
Return the flag that states if we add headers to disable caching by proxies. |
java.lang.String |
getEntropy()
Return the entropy increaser value, or compute a semi-useful value if this String has not yet been set. |
java.lang.String |
getInfo()
Return descriptive information about this Valve implementation. |
protected java.util.Random |
getRandom()
Return the random number generator instance we should use for generating session identifiers. |
java.lang.String |
getRandomClass()
Return the random number generator class name. |
boolean |
getSecurePagesWithPragma()
Return the flag that states, if proxy caching is disabled, what headers we add to disable the caching. |
void |
invoke(Request request,
Response response)
Enforce the security restrictions in the web application deployment descriptor of our associated Context. |
boolean |
isChangeSessionIdOnAuthentication()
|
void |
login(Request request,
java.lang.String username,
java.lang.String password)
|
void |
logout(Request request)
|
protected boolean |
reauthenticateFromSSO(java.lang.String ssoId,
Request request)
Attempts reauthentication to the Realm using
the credentials included in argument entry . |
protected void |
register(Request request,
javax.servlet.http.HttpServletResponse response,
java.security.Principal principal,
java.lang.String authType,
java.lang.String username,
java.lang.String password)
Register an authenticated Principal and authentication type in our request, in the current session (if there is one), and with our SingleSignOn valve, if there is one. |
void |
removeLifecycleListener(LifecycleListener listener)
Remove a lifecycle event listener from this component. |
void |
setAlgorithm(java.lang.String algorithm)
Set the message digest algorithm for this Manager. |
void |
setCache(boolean cache)
Set the cache authenticated Principals flag. |
void |
setChangeSessionIdOnAuthentication(boolean changeSessionIdOnAuthentication)
|
void |
setContainer(Container container)
Set the Container to which this Valve is attached. |
void |
setDisableProxyCaching(boolean nocache)
Set the value of the flag that states if we add headers to disable caching by proxies. |
void |
setEntropy(java.lang.String entropy)
Set the entropy increaser value. |
void |
setRandomClass(java.lang.String randomClass)
Set the random number generator class name. |
void |
setSecurePagesWithPragma(boolean securePagesWithPragma)
Set the value of the flag that states what headers we add to disable proxy caching. |
void |
start()
Prepare for the beginning of active use of the public methods of this component. |
void |
stop()
Gracefully terminate the active use of the public methods of this component. |
protected void |
unregister(Request request,
javax.servlet.http.HttpServletResponse response)
Register an authenticated Principal and authentication type in our request, in the current session (if there is one), and with our SingleSignOn valve, if there is one. |
Methods inherited from class org.apache.catalina.valves.ValveBase |
---|
backgroundProcess, createObjectName, event, getContainerName, getController, getDomain, getNext, getObjectName, getParentName, postDeregister, postRegister, preDeregister, preRegister, setController, setNext, setObjectName, toString |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
protected static final java.lang.String DEFAULT_ALGORITHM
protected static final int SESSION_ID_BYTES
protected java.lang.String algorithm
java.security.MessageDigest
class on your platform.
protected boolean cache
protected boolean changeSessionIdOnAuthentication
protected Context context
protected java.security.MessageDigest digest
protected java.lang.String entropy
protected static final java.lang.String info
protected boolean disableProxyCaching
protected boolean securePagesWithPragma
protected LifecycleSupport lifecycle
protected java.util.Random random
protected java.lang.String randomClass
protected static final StringManager sm
protected SingleSignOn sso
protected boolean started
Constructor Detail |
---|
public AuthenticatorBase()
Method Detail |
---|
public java.lang.String getAlgorithm()
public void setAlgorithm(java.lang.String algorithm)
algorithm
- The new message digest algorithmpublic boolean getCache()
public void setCache(boolean cache)
cache
- The new cache flagpublic boolean isChangeSessionIdOnAuthentication()
public void setChangeSessionIdOnAuthentication(boolean changeSessionIdOnAuthentication)
public Container getContainer()
getContainer
in interface Contained
getContainer
in class ValveBase
public void setContainer(Container container)
setContainer
in interface Contained
setContainer
in class ValveBase
container
- The container to which we are attachedpublic java.lang.String getEntropy()
public void setEntropy(java.lang.String entropy)
entropy
- The new entropy increaser valuepublic java.lang.String getInfo()
getInfo
in interface Valve
getInfo
in class ValveBase
public java.lang.String getRandomClass()
public void setRandomClass(java.lang.String randomClass)
randomClass
- The new random number generator class namepublic boolean getDisableProxyCaching()
public void setDisableProxyCaching(boolean nocache)
nocache
- true
if we add headers to disable proxy
caching, false
if we leave the headers alone.public boolean getSecurePagesWithPragma()
public void setSecurePagesWithPragma(boolean securePagesWithPragma)
securePagesWithPragma
- true
if we add headers which
are incompatible with downloading office documents in IE under SSL but
which fix a caching problem in Mozilla.public boolean authenticate(Request request, javax.servlet.http.HttpServletResponse response) throws java.io.IOException, javax.servlet.ServletException
authenticate
in interface Authenticator
request
- Request we are processingresponse
- Response we are creatingconfig
- Login configuration describing how authentication
should be performed
java.io.IOException
- if an input/output error occurs
javax.servlet.ServletException
public void login(Request request, java.lang.String username, java.lang.String password) throws javax.servlet.ServletException
login
in interface Authenticator
javax.servlet.ServletException
public void logout(Request request) throws javax.servlet.ServletException
logout
in interface Authenticator
javax.servlet.ServletException
public void invoke(Request request, Response response) throws java.io.IOException, javax.servlet.ServletException
invoke
in interface Valve
invoke
in class ValveBase
request
- Request to be processedresponse
- Response to be processed
java.io.IOException
- if an input/output error occurs
javax.servlet.ServletException
- if thrown by a processing elementprotected void associate(java.lang.String ssoId, Session session)
ssoId
- Single sign on identifiersession
- Session to be associatedprotected abstract boolean authenticate(Request request, javax.servlet.http.HttpServletResponse response, LoginConfig config) throws java.io.IOException
true
if any specified
constraint has been satisfied, or false
if we have
created a response challenge already.
request
- Request we are processingresponse
- Response we are creatingconfig
- Login configuration describing how authentication
should be performed
java.io.IOException
- if an input/output error occursprotected java.lang.String generateSessionId()
protected java.security.MessageDigest getDigest()
protected java.util.Random getRandom()
protected boolean reauthenticateFromSSO(java.lang.String ssoId, Request request)
Realm
using
the credentials included in argument entry
.
ssoId
- identifier of SingleSignOn session with which the
caller is associatedrequest
- the request that needs to be authenticatedprotected void register(Request request, javax.servlet.http.HttpServletResponse response, java.security.Principal principal, java.lang.String authType, java.lang.String username, java.lang.String password)
request
- The servlet request we are processingresponse
- The servlet response we are generatingprincipal
- The authenticated Principal to be registeredauthType
- The authentication type to be registeredusername
- Username used to authenticate (if any)password
- Password used to authenticate (if any)protected void unregister(Request request, javax.servlet.http.HttpServletResponse response)
request
- The servlet request we are processingresponse
- The servlet response we are generatingprincipal
- The authenticated Principal to be registeredauthType
- The authentication type to be registeredusername
- Username used to authenticate (if any)password
- Password used to authenticate (if any)public void addLifecycleListener(LifecycleListener listener)
addLifecycleListener
in interface Lifecycle
listener
- The listener to addpublic LifecycleListener[] findLifecycleListeners()
findLifecycleListeners
in interface Lifecycle
public void removeLifecycleListener(LifecycleListener listener)
removeLifecycleListener
in interface Lifecycle
listener
- The listener to removepublic void start() throws LifecycleException
configure()
,
and before any of the public methods of the component are utilized.
start
in interface Lifecycle
LifecycleException
- if this component detects a fatal error
that prevents this component from being usedpublic void stop() throws LifecycleException
stop
in interface Lifecycle
LifecycleException
- if this component detects a fatal error
that needs to be reported
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |