Apache Tomcat 7.0.0

Class AuthenticatorBase

  extended by org.apache.catalina.util.LifecycleBase
      extended by org.apache.catalina.util.LifecycleMBeanBase
          extended by org.apache.catalina.valves.ValveBase
              extended by org.apache.catalina.authenticator.AuthenticatorBase
All Implemented Interfaces:
MBeanRegistration, Authenticator, Contained, Lifecycle, Valve
Direct Known Subclasses:
BasicAuthenticator, DigestAuthenticator, FormAuthenticator, NonLoginAuthenticator, SSLAuthenticator

public abstract class AuthenticatorBase
extends ValveBase
implements Authenticator

Basic implementation of the Valve interface that enforces the <security-constraint> elements in the web application deployment descriptor. This functionality is implemented as a Valve so that it can be omitted in environments that do not require these features. Individual implementations of each supported authentication method can subclass this base class as required.

USAGE CONSTRAINT: When this class is utilized, the Context to which it is attached (or a parent Container in a hierarchy) must have an associated Realm that can be used for authenticating users and enumerating the roles to which they have been assigned.

USAGE CONSTRAINT: This Valve is only useful when processing HTTP requests. Requests of any other type will simply be passed through.

$Id: AuthenticatorBase.java 942813 2010-05-10 16:17:22Z markt $
Craig R. McClanahan

Field Summary
protected  String algorithm
          The message digest algorithm to be used when generating session identifiers.
protected static String AUTH_HEADER_NAME
          Authentication header
protected  boolean cache
          Should we cache authenticated Principals if the request is part of an HTTP session?
protected  boolean changeSessionIdOnAuthentication
          Should the session ID, if any, be changed upon a successful authentication to prevent a session fixation attack?
protected  Context context
          The Context to which this Valve is attached.
protected static String DEFAULT_ALGORITHM
          The default message digest algorithm to use if we cannot use the requested one.
protected  MessageDigest digest
          Return the MessageDigest implementation to be used when creating session identifiers.
protected  boolean disableProxyCaching
          Flag to determine if we disable proxy caching, or leave the issue up to the webapp developer.
protected  String entropy
          A String initialization parameter used to increase the entropy of the initialization of our random number generator.
protected static String info
          Descriptive information about this implementation.
protected  Random random
          A random number generator to use when generating session identifiers.
protected  String randomClass
          The Java class name of the random number generator class to be used when generating session identifiers.
protected static String REALM_NAME
          Default authentication realm name.
protected  boolean securePagesWithPragma
          Flag to determine if we disable proxy caching with headers incompatible with IE
protected static int SESSION_ID_BYTES
          The number of random bytes to include when generating a session identifier.
protected static StringManager sm
          The string manager for this package.
protected  SingleSignOn sso
          The SingleSignOn implementation in our request processing chain, if there is one.
Fields inherited from class org.apache.catalina.valves.ValveBase
asyncSupported, container, containerLog, next
Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase
Fields inherited from interface org.apache.catalina.Lifecycle
Constructor Summary
Method Summary
protected  void associate(String ssoId, Session session)
          Associate the specified single sign on identifier with the specified Session.
abstract  boolean authenticate(Request request, javax.servlet.http.HttpServletResponse response, LoginConfig config)
          Authenticate the user making this request, based on the specified login configuration.
protected  String generateSessionId()
          Generate and return a new session identifier for the cookie that identifies an SSO principal.
 String getAlgorithm()
          Return the message digest algorithm for this Manager.
 boolean getCache()
          Return the cache authenticated Principals flag.
 boolean getChangeSessionIdOnAuthentication()
          Return the flag that states if we should change the session ID of an existing session upon successful authentication.
 Container getContainer()
          Return the Container to which this Valve is attached.
protected  MessageDigest getDigest()
          Return the MessageDigest object to be used for calculating session identifiers.
 boolean getDisableProxyCaching()
          Return the flag that states if we add headers to disable caching by proxies.
 String getEntropy()
          Return the entropy increaser value, or compute a semi-useful value if this String has not yet been set.
 String getInfo()
          Return descriptive information about this Valve implementation.
protected  Random getRandom()
          Return the random number generator instance we should use for generating session identifiers.
 String getRandomClass()
          Return the random number generator class name.
 boolean getSecurePagesWithPragma()
          Return the flag that states, if proxy caching is disabled, what headers we add to disable the caching.
 void invoke(Request request, Response response)
          Enforce the security restrictions in the web application deployment descriptor of our associated Context.
protected  boolean reauthenticateFromSSO(String ssoId, Request request)
          Attempts reauthentication to the Realm using the credentials included in argument entry.
 void register(Request request, javax.servlet.http.HttpServletResponse response, Principal principal, String authType, String username, String password)
          Register an authenticated Principal and authentication type in our request, in the current session (if there is one), and with our SingleSignOn valve, if there is one.
 void setAlgorithm(String algorithm)
          Set the message digest algorithm for this Manager.
 void setCache(boolean cache)
          Set the cache authenticated Principals flag.
 void setChangeSessionIdOnAuthentication(boolean changeSessionIdOnAuthentication)
          Set the value of the flag that states if we should change the session ID of an existing session upon successful authentication.
 void setContainer(Container container)
          Set the Container to which this Valve is attached.
 void setDisableProxyCaching(boolean nocache)
          Set the value of the flag that states if we add headers to disable caching by proxies.
 void setEntropy(String entropy)
          Set the entropy increaser value.
 void setRandomClass(String randomClass)
          Set the random number generator class name.
 void setSecurePagesWithPragma(boolean securePagesWithPragma)
          Set the value of the flag that states what headers we add to disable proxy caching.
protected  void startInternal()
          Start this component and implement the requirements of LifecycleBase.startInternal().
protected  void stopInternal()
          Stop this component and implement the requirements of LifecycleBase.stopInternal().
Methods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, event, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toString
Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister
Methods inherited from class org.apache.catalina.util.LifecycleBase
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, init, removeLifecycleListener, setState, setState, start, stop
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail


protected static final String DEFAULT_ALGORITHM
The default message digest algorithm to use if we cannot use the requested one.

See Also:
Constant Field Values


protected static final int SESSION_ID_BYTES
The number of random bytes to include when generating a session identifier.

See Also:
Constant Field Values


protected static final String AUTH_HEADER_NAME
Authentication header

See Also:
Constant Field Values


protected static final String REALM_NAME
Default authentication realm name.

See Also:
Constant Field Values


protected String algorithm
The message digest algorithm to be used when generating session identifiers. This must be an algorithm supported by the java.security.MessageDigest class on your platform.


protected boolean cache
Should we cache authenticated Principals if the request is part of an HTTP session?


protected boolean changeSessionIdOnAuthentication
Should the session ID, if any, be changed upon a successful authentication to prevent a session fixation attack?


protected Context context
The Context to which this Valve is attached.


protected MessageDigest digest
Return the MessageDigest implementation to be used when creating session identifiers.


protected String entropy
A String initialization parameter used to increase the entropy of the initialization of our random number generator.


protected static final String info
Descriptive information about this implementation.

See Also:
Constant Field Values


protected boolean disableProxyCaching
Flag to determine if we disable proxy caching, or leave the issue up to the webapp developer.


protected boolean securePagesWithPragma
Flag to determine if we disable proxy caching with headers incompatible with IE


protected Random random
A random number generator to use when generating session identifiers.


protected String randomClass
The Java class name of the random number generator class to be used when generating session identifiers.


protected static final StringManager sm
The string manager for this package.


protected SingleSignOn sso
The SingleSignOn implementation in our request processing chain, if there is one.

Constructor Detail


public AuthenticatorBase()
Method Detail


public String getAlgorithm()
Return the message digest algorithm for this Manager.


public void setAlgorithm(String algorithm)
Set the message digest algorithm for this Manager.

algorithm - The new message digest algorithm


public boolean getCache()
Return the cache authenticated Principals flag.


public void setCache(boolean cache)
Set the cache authenticated Principals flag.

cache - The new cache flag


public Container getContainer()
Return the Container to which this Valve is attached.

Specified by:
getContainer in interface Contained
getContainer in class ValveBase


public void setContainer(Container container)
Set the Container to which this Valve is attached.

Specified by:
setContainer in interface Contained
setContainer in class ValveBase
container - The container to which we are attached


public String getEntropy()
Return the entropy increaser value, or compute a semi-useful value if this String has not yet been set.


public void setEntropy(String entropy)
Set the entropy increaser value.

entropy - The new entropy increaser value


public String getInfo()
Return descriptive information about this Valve implementation.

Specified by:
getInfo in interface Valve
getInfo in class ValveBase


public String getRandomClass()
Return the random number generator class name.


public void setRandomClass(String randomClass)
Set the random number generator class name.

randomClass - The new random number generator class name


public boolean getDisableProxyCaching()
Return the flag that states if we add headers to disable caching by proxies.


public void setDisableProxyCaching(boolean nocache)
Set the value of the flag that states if we add headers to disable caching by proxies.

nocache - true if we add headers to disable proxy caching, false if we leave the headers alone.


public boolean getSecurePagesWithPragma()
Return the flag that states, if proxy caching is disabled, what headers we add to disable the caching.


public void setSecurePagesWithPragma(boolean securePagesWithPragma)
Set the value of the flag that states what headers we add to disable proxy caching.

securePagesWithPragma - true if we add headers which are incompatible with downloading office documents in IE under SSL but which fix a caching problem in Mozilla.


public boolean getChangeSessionIdOnAuthentication()
Return the flag that states if we should change the session ID of an existing session upon successful authentication.

true to change session ID upon successful authentication, false to do not perform the change.


public void setChangeSessionIdOnAuthentication(boolean changeSessionIdOnAuthentication)
Set the value of the flag that states if we should change the session ID of an existing session upon successful authentication.

changeSessionIdOnAuthentication - true to change session ID upon successful authentication, false to do not perform the change.


public void invoke(Request request,
                   Response response)
            throws IOException,
Enforce the security restrictions in the web application deployment descriptor of our associated Context.

Specified by:
invoke in interface Valve
Specified by:
invoke in class ValveBase
request - Request to be processed
response - Response to be processed
IOException - if an input/output error occurs
javax.servlet.ServletException - if thrown by a processing element


protected void associate(String ssoId,
                         Session session)
Associate the specified single sign on identifier with the specified Session.

ssoId - Single sign on identifier
session - Session to be associated


public abstract boolean authenticate(Request request,
                                     javax.servlet.http.HttpServletResponse response,
                                     LoginConfig config)
                              throws IOException
Authenticate the user making this request, based on the specified login configuration. Return true if any specified constraint has been satisfied, or false if we have created a response challenge already.

Specified by:
authenticate in interface Authenticator
request - Request we are processing
response - Response we are populating
config - Login configuration describing how authentication should be performed
IOException - if an input/output error occurs


protected String generateSessionId()
Generate and return a new session identifier for the cookie that identifies an SSO principal.


protected MessageDigest getDigest()
Return the MessageDigest object to be used for calculating session identifiers. If none has been created yet, initialize one the first time this method is called.


protected Random getRandom()
Return the random number generator instance we should use for generating session identifiers. If there is no such generator currently defined, construct and seed a new one.


protected boolean reauthenticateFromSSO(String ssoId,
                                        Request request)
Attempts reauthentication to the Realm using the credentials included in argument entry.

ssoId - identifier of SingleSignOn session with which the caller is associated
request - the request that needs to be authenticated


public void register(Request request,
                     javax.servlet.http.HttpServletResponse response,
                     Principal principal,
                     String authType,
                     String username,
                     String password)
Register an authenticated Principal and authentication type in our request, in the current session (if there is one), and with our SingleSignOn valve, if there is one. Set the appropriate cookie to be returned.

Specified by:
register in interface Authenticator
request - The servlet request we are processing
response - The servlet response we are generating
principal - The authenticated Principal to be registered
authType - The authentication type to be registered
username - Username used to authenticate (if any)
password - Password used to authenticate (if any)


protected void startInternal()
                      throws LifecycleException
Start this component and implement the requirements of LifecycleBase.startInternal().

startInternal in class ValveBase
LifecycleException - if this component detects a fatal error that prevents this component from being used


protected void stopInternal()
                     throws LifecycleException
Stop this component and implement the requirements of LifecycleBase.stopInternal().

stopInternal in class ValveBase
LifecycleException - if this component detects a fatal error that prevents this component from being used

Apache Tomcat 7.0.0

Copyright © 2000-2010 Apache Software Foundation. All Rights Reserved.