com.caucho.security

Class DigestLogin

java.lang.Object

com.caucho.security.AbstractLogin

com.caucho.security.DigestLogin

All Implemented Interfaces:

Login

Direct Known Subclasses:

DigestLogin

@ApplicationScoped
public class DigestLogin
extends AbstractLogin

Implements the "digest" auth-method. Basic uses the HTTP authentication with WWW-Authenticate and SC_UNAUTHORIZE. The HTTP Digest authentication uses the following algorithm to calculate the digest. The digest is then compared to the client digest.

 A1 = MD5(username + ':' + realm + ':' + password)
 A2 = MD5(method + ':' + uri)
 digest = MD5(A1 + ':' + nonce + A2)
 

Field Summary

Fields inherited from class com.caucho.security.AbstractLogin

_auth, _singleSignon

Fields inherited from interface com.caucho.security.Login

LOGIN_PASSWORD, LOGIN_USER, LOGIN_USER_NAME

Constructor Summary

Constructors

Constructor and Description
DigestLogin()

Method Summary

Modifier and Type	Method and Description
protected byte[]	decodeDigest(java.lang.String digest)
java.lang.String	getAuthType() Returns the authentication type.
protected long	getRandomLong(ServletContext application)
java.lang.String	getRealmName() Gets the realm.
protected java.security.Principal	getUserPrincipalImpl(HttpServletRequest request) Returns the principal from a digest authentication
protected void	loginChallenge(HttpServletRequest req, HttpServletResponse res) Sends a challenge for basic authentication.
protected java.lang.String	scanKey(CharCursor cursor)
protected java.lang.String	scanValue(CharCursor cursor)
void	setRealmName(java.lang.String realm) Sets the login realm.
protected void	skipWhitespace(CharCursor cursor)

Methods inherited from class com.caucho.security.AbstractLogin

findSavedUser, getAuthenticator, getLoginPrincipalImpl, getSingleSignon, getUserPrincipal, init, isLoginUsedForRequest, isLogoutOnSessionTimeout, isPasswordBased, isSavedUserValid, isSessionSaveLogin, isUserInRole, login, login, loginSuccessResponse, logout, logoutImpl, saveUser, sessionInvalidate, setAuthenticator, setLogoutOnSessionTimeout, setSessionSaveLogin, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

DigestLogin

public DigestLogin()

Method Detail

setRealmName

public void setRealmName(java.lang.String realm)

Sets the login realm.

getRealmName

public java.lang.String getRealmName()

Gets the realm.

getAuthType

public java.lang.String getAuthType()

Returns the authentication type.

Specified by:

getAuthType in interface Login

Overrides:

getAuthType in class AbstractLogin

getUserPrincipalImpl

protected java.security.Principal getUserPrincipalImpl(HttpServletRequest request)

Returns the principal from a digest authentication

Overrides:

getUserPrincipalImpl in class AbstractLogin

Parameters:

auth - the authenticator for this application.

loginChallenge

protected void loginChallenge(HttpServletRequest req,
                              HttpServletResponse res)
                       throws ServletException,
                              java.io.IOException

Sends a challenge for basic authentication.

Overrides:

loginChallenge in class AbstractLogin

Throws:

ServletException

java.io.IOException

getRandomLong

protected long getRandomLong(ServletContext application)

decodeDigest

protected byte[] decodeDigest(java.lang.String digest)

scanKey

protected java.lang.String scanKey(CharCursor cursor)

scanValue

protected java.lang.String scanValue(CharCursor cursor)

skipWhitespace

protected void skipWhitespace(CharCursor cursor)