com.caucho.security
Class DigestLogin

java.lang.Object
  extended by com.caucho.security.AbstractLogin
      extended by com.caucho.security.DigestLogin
All Implemented Interfaces:
Login
Direct Known Subclasses:
DigestLogin

@ApplicationScoped
public class DigestLogin
extends AbstractLogin

Implements the "digest" auth-method. Basic uses the HTTP authentication with WWW-Authenticate and SC_UNAUTHORIZE. The HTTP Digest authentication uses the following algorithm to calculate the digest. The digest is then compared to the client digest.

 A1 = MD5(username + ':' + realm + ':' + password)
 A2 = MD5(method + ':' + uri)
 digest = MD5(A1 + ':' + nonce + A2)
 


Field Summary
protected  java.lang.String _realm
           
 
Fields inherited from class com.caucho.security.AbstractLogin
_auth, _singleSignon, log
 
Fields inherited from interface com.caucho.security.Login
LOGIN_PASSWORD, LOGIN_USER_NAME, LOGIN_USER_PRINCIPAL
 
Constructor Summary
DigestLogin()
           
 
Method Summary
protected  byte[] decodeDigest(java.lang.String digest)
           
 java.lang.String getAuthType()
          Returns the authentication type.
protected  long getRandomLong(ServletContext application)
           
 java.lang.String getRealmName()
          Gets the realm.
protected  java.security.Principal getUserPrincipalImpl(HttpServletRequest request)
          Returns the principal from a digest authentication
protected  void loginChallenge(HttpServletRequest req, HttpServletResponse res)
          Sends a challenge for basic authentication.
protected  java.lang.String scanKey(CharCursor cursor)
           
protected  java.lang.String scanValue(CharCursor cursor)
           
 void setRealmName(java.lang.String realm)
          Sets the login realm.
protected  void skipWhitespace(CharCursor cursor)
           
 
Methods inherited from class com.caucho.security.AbstractLogin
findSavedUser, getAuthenticator, getLoginPrincipalImpl, getSingleSignon, getUserPrincipal, init, isLoginUsedForRequest, isLogoutOnSessionTimeout, isPasswordBased, isSavedUserValid, isSessionSaveLogin, isUserInRole, login, login, loginSuccessResponse, logout, logoutImpl, saveUser, sessionInvalidate, setAuthenticator, setLogoutOnSessionTimeout, setSessionSaveLogin, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

_realm

protected java.lang.String _realm
Constructor Detail

DigestLogin

public DigestLogin()
Method Detail

setRealmName

public void setRealmName(java.lang.String realm)
Sets the login realm.


getRealmName

public java.lang.String getRealmName()
Gets the realm.


getAuthType

public java.lang.String getAuthType()
Returns the authentication type.

Specified by:
getAuthType in interface Login
Overrides:
getAuthType in class AbstractLogin

getUserPrincipalImpl

protected java.security.Principal getUserPrincipalImpl(HttpServletRequest request)
Returns the principal from a digest authentication

Overrides:
getUserPrincipalImpl in class AbstractLogin
Parameters:
auth - the authenticator for this application.

loginChallenge

protected void loginChallenge(HttpServletRequest req,
                              HttpServletResponse res)
                       throws ServletException,
                              java.io.IOException
Sends a challenge for basic authentication.

Overrides:
loginChallenge in class AbstractLogin
Throws:
ServletException
java.io.IOException

getRandomLong

protected long getRandomLong(ServletContext application)

decodeDigest

protected byte[] decodeDigest(java.lang.String digest)

scanKey

protected java.lang.String scanKey(CharCursor cursor)

scanValue

protected java.lang.String scanValue(CharCursor cursor)

skipWhitespace

protected void skipWhitespace(CharCursor cursor)