Class DigestAuthenticator

java.lang.Object
org.eclipse.jetty.security.authentication.LoginAuthenticator
org.eclipse.jetty.security.authentication.DigestAuthenticator
All Implemented Interfaces:
Authenticator
public class DigestAuthenticator extends LoginAuthenticator
The nonce max age in ms can be set with the SecurityHandler.setParameter(String, String) using the name "maxNonceAge". The nonce max count can be set with SecurityHandler.setParameter(String, String) using the name "maxNonceCount". When the age or count is exceeded, the nonce is considered stale.

  • Constructor Details

    • DigestAuthenticator

      public DigestAuthenticator()

  • Method Details

    • setConfiguration

      public void setConfiguration(Authenticator.Configuration configuration)
      Description copied from interface: Authenticator
      Configure the Authenticator
      Specified by:
      setConfiguration in interface Authenticator
      Overrides:
      setConfiguration in class LoginAuthenticator
      Parameters:
      configuration - the configuration

    • getMaxNonceCount

      public int getMaxNonceCount()
      Returns:
      the max number of times a nonce is used

    • setMaxNonceCount

      public void setMaxNonceCount(int maxNonceCount)
      Parameters:
      maxNonceCount - the max number of times a nonce is used

    • getMaxNonceAge

      public long getMaxNonceAge()
      Returns:
      the max age of a nonce in milliseconds

    • setMaxNonceAge

      public void setMaxNonceAge(long maxNonceAgeInMillis)
      Parameters:
      maxNonceAgeInMillis - the max age of a nonce in milliseconds

    • getAlgorithm

      public String getAlgorithm()
      Returns:
      the MessageDigest algorithm

    • setAlgorithm

      public void setAlgorithm(String algorithm)
      Parameters:
      algorithm - the MessageDigest algorithm

    • isUserHashing

      public boolean isUserHashing()
      Returns:
      whether the username is hashed

    • setUserHashing

      public void setUserHashing(boolean userHashing)
      Parameters:
      userHashing - whether the username is hashed

    • getAuthenticationType

      public String getAuthenticationType()
      Returns:
      The name of the authentication type

    • validateRequest

      public AuthenticationState validateRequest(org.eclipse.jetty.server.Request req, org.eclipse.jetty.server.Response res, org.eclipse.jetty.util.Callback callback) throws ServerAuthException
      Description copied from interface: Authenticator
      Attempts to validate the authentication state of the given request.

      If authentication is successful, an AuthenticationState.Succeeded is returned. If the authenticator has already committed a response (for either success or failure), the returned value will implement AuthenticationState.ResponseSent, and the provided Callback will be eventually be completed, otherwise the caller is responsible for completing the Callback.

      A null return value indicates that no authentication state could be established, possibly because the response has already been committed.

      Parameters:
      req - the request to validate.
      res - the response associated with the request.
      callback - the callback to use for writing a response.
      Returns:
      an AuthenticationState, or null if authentication could not be resolved.
      Throws:
      ServerAuthException - if unable to validate request.

    • resolveHashedUserName

      protected String resolveHashedUserName(String hashedUserName)

      Resolves the hashed username received in the Authorization header.

      This method should look up the plain username from the username hash.

      By default, this method throws UnsupportedOperationException.

      Parameters:
      hashedUserName - the hashed username
      Returns:
      the plain username

    • resolveEncodedUserName

      protected String resolveEncodedUserName(String encodedUserName)

      Resolves the encoded username received in the Authorization header.

      The username is encoded with RFC-5987 and this method should decode it.

      By default, this method only decodes RFC-5987 usernames encoded with UTF-8 and no language; for example username: UTF-8''caf%E2%82%AC is decoded as caf€.

      Parameters:
      encodedUserName - the encoded username
      Returns:
      the decoded username

    • login

      public UserIdentity login(String username, Object credentials, org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response)
      Description copied from class: LoginAuthenticator
      If the UserIdentity returned from LoginService.login(String, Object, Request, Function) is not null, it is assumed that the user is fully authenticated and we need to change the session id to prevent session fixation vulnerability. If the UserIdentity is not necessarily fully authenticated, then subclasses must override this method and determine when the UserIdentity IS fully authenticated and renew the session id.
      Overrides:
      login in class LoginAuthenticator
      Parameters:
      username - the username of the client to be authenticated
      credentials - the user's credential
      request - the inbound request that needs authentication

    • newNonce

      public String newNonce(org.eclipse.jetty.server.Request request)