org.eclipse.jetty.security.authentication

Class DigestAuthenticator

java.lang.Object

org.eclipse.jetty.security.authentication.LoginAuthenticator

org.eclipse.jetty.security.authentication.DigestAuthenticator

All Implemented Interfaces:

Authenticator

public class DigestAuthenticator
extends LoginAuthenticator

Version:

$Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $ The nonce max age in ms can be set with the SecurityHandler#setInitParameter(String, String) using the name "maxNonceAge". The nonce max count can be set with SecurityHandler#setInitParameter(String, String) using the name "maxNonceCount". When the age or count is exceeded, the nonce is considered stale.

Nested Class Summary

Nested classes/interfaces inherited from interface org.eclipse.jetty.security.Authenticator

Authenticator.AuthConfiguration, Authenticator.Factory

Field Summary

Fields inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator

_identityService, _loginService

Constructor Summary

Constructors

Constructor and Description
DigestAuthenticator()

Method Summary

Methods

Modifier and Type	Method and Description
String	getAuthMethod()
long	getMaxNonceAge()
int	getMaxNonceCount()
String	newNonce(Request request)
boolean	secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, Authentication.User validatedUser)
void	setConfiguration(Authenticator.AuthConfiguration configuration) Configure the Authenticator
void	setMaxNonceAge(long maxNonceAgeInMillis)
void	setMaxNonceCount(int maxNC)
Authentication	validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) Validate a request

Methods inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator

getLoginService, login, prepareRequest, renewSession

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DigestAuthenticator

public DigestAuthenticator()

Method Detail

setConfiguration

public void setConfiguration(Authenticator.AuthConfiguration configuration)

Description copied from interface: Authenticator

Configure the Authenticator

Specified by:

setConfiguration in interface Authenticator

Overrides:

setConfiguration in class LoginAuthenticator

See Also:

LoginAuthenticator.setConfiguration(org.eclipse.jetty.security.Authenticator.AuthConfiguration)

getMaxNonceCount

public int getMaxNonceCount()

setMaxNonceCount

public void setMaxNonceCount(int maxNC)

getMaxNonceAge

public long getMaxNonceAge()

setMaxNonceAge

public void setMaxNonceAge(long maxNonceAgeInMillis)

getAuthMethod

public String getAuthMethod()

Returns:

The name of the authentication method

secureResponse

public boolean secureResponse(ServletRequest req,
                     ServletResponse res,
                     boolean mandatory,
                     Authentication.User validatedUser)
                       throws ServerAuthException

Returns:

true if response is secure

Throws:

ServerAuthException

validateRequest

public Authentication validateRequest(ServletRequest req,
                             ServletResponse res,
                             boolean mandatory)
                               throws ServerAuthException

Description copied from interface: Authenticator

Validate a request

Parameters:

req - The request

res - The response

mandatory - True if authentication is mandatory.

Returns:

An Authentication. If Authentication is successful, this will be a Authentication.User. If a response has been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will implement Authentication.ResponseSent. If Authentication is not manditory, then a Authentication.Deferred may be returned.

Throws:

ServerAuthException

newNonce

public String newNonce(Request request)