org.apache.catalina.authenticator

Class AuthenticatorBase

java.lang.Object

org.apache.catalina.valves.ValveBase

org.apache.catalina.authenticator.AuthenticatorBase

All Implemented Interfaces:

MBeanRegistration, Authenticator, Contained, Lifecycle, Valve

Direct Known Subclasses:

BasicAuthenticator, DigestAuthenticator, FormAuthenticator, NonLoginAuthenticator, SSLAuthenticator

public abstract class AuthenticatorBase
extends ValveBase
implements Authenticator, Lifecycle

Basic implementation of the Valve interface that enforces the <security-constraint> elements in the web application deployment descriptor. This functionality is implemented as a Valve so that it can be ommitted in environments that do not require these features. Individual implementations of each supported authentication method can subclass this base class as required.

USAGE CONSTRAINT: When this class is utilized, the Context to which it is attached (or a parent Container in a hierarchy) must have an associated Realm that can be used for authenticating users and enumerating the roles to which they have been assigned.

USAGE CONSTRAINT: This Valve is only useful when processing HTTP requests. Requests of any other type will simply be passed through.

Version:

$Revision: 1848 $ $Date: 2011-10-11 17:29:56 +0200 (Tue, 11 Oct 2011) $

Author:

Craig R. McClanahan

Field Summary

Fields

Modifier and Type	Field and Description
protected static String	AUTH_HEADER_NAME Authentication header
protected boolean	cache Should we cache authenticated Principals if the request is part of an HTTP session?
protected boolean	changeSessionIdOnAuthentication Should the session ID, if any, be changed upon a successful authentication to prevent a session fixation attack?
protected Context	context The Context to which this Valve is attached.
protected boolean	disableProxyCaching Flag to determine if we disable proxy caching, or leave the issue up to the webapp developer.
protected static String	info Descriptive information about this implementation.
protected LifecycleSupport	lifecycle The lifecycle event support for this component.
protected static String	REALM_NAME Default authentication realm name.
protected boolean	securePagesWithPragma Flag to determine if we disable proxy caching with headers incompatible with IE
protected static int	SESSION_ID_BYTES The number of random bytes to include when generating a session identifier.
protected SingleSignOn	sso The SingleSignOn implementation in our request processing chain, if there is one.
protected boolean	started Has this component been started?

Fields inherited from class org.apache.catalina.valves.ValveBase

container, controller, domain, mserver, next, oname

Fields inherited from interface org.apache.catalina.Lifecycle

AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, DESTROY_EVENT, INIT_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Constructors

Constructor and Description
AuthenticatorBase()

Method Summary

Modifier and Type	Method and Description
void	addLifecycleListener(LifecycleListener listener) Add a lifecycle event listener to this component.
protected void	associate(String ssoId, Session session) Associate the specified single sign on identifier with the specified Session.
boolean	authenticate(Request request, javax.servlet.http.HttpServletResponse response) API login.
protected abstract boolean	authenticate(Request request, javax.servlet.http.HttpServletResponse response, LoginConfig config) Authenticate the user making this request, based on the specified login configuration.
LifecycleListener[]	findLifecycleListeners() Get the lifecycle listeners associated with this lifecycle.
protected String	generateSessionId(Random random) Generate and return a new session identifier for the cookie that identifies an SSO principal.
boolean	getCache() Return the cache authenticated Principals flag.
Container	getContainer() Return the Container to which this Valve is attached.
boolean	getDisableProxyCaching() Return the flag that states if we add headers to disable caching by proxies.
String	getInfo() Return descriptive information about this Valve implementation.
boolean	getSecurePagesWithPragma() Return the flag that states, if proxy caching is disabled, what headers we add to disable the caching.
void	invoke(Request request, Response response) Enforce the security restrictions in the web application deployment descriptor of our associated Context.
boolean	isChangeSessionIdOnAuthentication()
void	login(Request request, String username, String password)
void	logout(Request request)
protected boolean	reauthenticateFromSSO(String ssoId, Request request) Attempts reauthentication to the Realm using the credentials included in argument entry.
protected void	register(Request request, javax.servlet.http.HttpServletResponse response, Principal principal, String authType, String username, String password) Register an authenticated Principal and authentication type in our request, in the current session (if there is one), and with our SingleSignOn valve, if there is one.
void	removeLifecycleListener(LifecycleListener listener) Remove a lifecycle event listener from this component.
void	setCache(boolean cache) Set the cache authenticated Principals flag.
void	setChangeSessionIdOnAuthentication(boolean changeSessionIdOnAuthentication)
void	setContainer(Container container) Set the Container to which this Valve is attached.
void	setDisableProxyCaching(boolean nocache) Set the value of the flag that states if we add headers to disable caching by proxies.
void	setSecurePagesWithPragma(boolean securePagesWithPragma) Set the value of the flag that states what headers we add to disable proxy caching.
void	start() Prepare for the beginning of active use of the public methods of this component.
void	stop() Gracefully terminate the active use of the public methods of this component.
protected void	unregister(Request request, javax.servlet.http.HttpServletResponse response) Register an authenticated Principal and authentication type in our request, in the current session (if there is one), and with our SingleSignOn valve, if there is one.

Methods inherited from class org.apache.catalina.valves.ValveBase

backgroundProcess, createObjectName, event, getContainerName, getController, getDomain, getNext, getObjectName, getParentName, postDeregister, postRegister, preDeregister, preRegister, setController, setNext, setObjectName, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

AUTH_HEADER_NAME

protected static final String AUTH_HEADER_NAME

Authentication header

See Also:

Constant Field Values

REALM_NAME

protected static final String REALM_NAME

Default authentication realm name.

See Also:

Constant Field Values

SESSION_ID_BYTES

protected static final int SESSION_ID_BYTES

The number of random bytes to include when generating a session identifier.

See Also:

Constant Field Values

cache

protected boolean cache

Should we cache authenticated Principals if the request is part of an HTTP session?

changeSessionIdOnAuthentication

protected boolean changeSessionIdOnAuthentication

Should the session ID, if any, be changed upon a successful authentication to prevent a session fixation attack?

context

protected Context context

The Context to which this Valve is attached.

info

protected static final String info

Descriptive information about this implementation.

See Also:

Constant Field Values

disableProxyCaching

protected boolean disableProxyCaching

Flag to determine if we disable proxy caching, or leave the issue up to the webapp developer.

securePagesWithPragma

protected boolean securePagesWithPragma

Flag to determine if we disable proxy caching with headers incompatible with IE

lifecycle

protected LifecycleSupport lifecycle

The lifecycle event support for this component.

sso

protected SingleSignOn sso

The SingleSignOn implementation in our request processing chain, if there is one.

started

protected boolean started

Has this component been started?

Constructor Detail

AuthenticatorBase

public AuthenticatorBase()

Method Detail

getCache

public boolean getCache()

Return the cache authenticated Principals flag.

setCache

public void setCache(boolean cache)

Set the cache authenticated Principals flag.

Parameters:

cache - The new cache flag

isChangeSessionIdOnAuthentication

public boolean isChangeSessionIdOnAuthentication()

setChangeSessionIdOnAuthentication

public void setChangeSessionIdOnAuthentication(boolean changeSessionIdOnAuthentication)

getContainer

public Container getContainer()

Return the Container to which this Valve is attached.

Specified by:

getContainer in interface Contained

Overrides:

getContainer in class ValveBase

setContainer

public void setContainer(Container container)

Set the Container to which this Valve is attached.

Specified by:

setContainer in interface Contained

Overrides:

setContainer in class ValveBase

Parameters:

container - The container to which we are attached

getInfo

public String getInfo()

Return descriptive information about this Valve implementation.

Specified by:

getInfo in interface Valve

Overrides:

getInfo in class ValveBase

getDisableProxyCaching

public boolean getDisableProxyCaching()

Return the flag that states if we add headers to disable caching by proxies.

setDisableProxyCaching

public void setDisableProxyCaching(boolean nocache)

Set the value of the flag that states if we add headers to disable caching by proxies.

Parameters:

nocache - true if we add headers to disable proxy caching, false if we leave the headers alone.

getSecurePagesWithPragma

public boolean getSecurePagesWithPragma()

Return the flag that states, if proxy caching is disabled, what headers we add to disable the caching.

setSecurePagesWithPragma

public void setSecurePagesWithPragma(boolean securePagesWithPragma)

Set the value of the flag that states what headers we add to disable proxy caching.

Parameters:

securePagesWithPragma - true if we add headers which are incompatible with downloading office documents in IE under SSL but which fix a caching problem in Mozilla.

authenticate

public boolean authenticate(Request request,
                            javax.servlet.http.HttpServletResponse response)
                     throws IOException,
                            javax.servlet.ServletException

API login.

Specified by:

authenticate in interface Authenticator

Parameters:

request - Request we are processing

response - Response we are creating

config - Login configuration describing how authentication should be performed

Throws:

IOException - if an input/output error occurs

javax.servlet.ServletException

login

public void login(Request request,
                  String username,
                  String password)
           throws javax.servlet.ServletException

Specified by:

login in interface Authenticator

Throws:

javax.servlet.ServletException

logout

public void logout(Request request)
            throws javax.servlet.ServletException

Specified by:

logout in interface Authenticator

Throws:

javax.servlet.ServletException

invoke

public void invoke(Request request,
                   Response response)
            throws IOException,
                   javax.servlet.ServletException

Enforce the security restrictions in the web application deployment descriptor of our associated Context.

Specified by:

invoke in interface Valve

Specified by:

invoke in class ValveBase

Parameters:

request - Request to be processed

response - Response to be processed

Throws:

IOException - if an input/output error occurs

javax.servlet.ServletException - if thrown by a processing element

associate

protected void associate(String ssoId,
                         Session session)

Associate the specified single sign on identifier with the specified Session.

Parameters:

ssoId - Single sign on identifier

session - Session to be associated

authenticate

protected abstract boolean authenticate(Request request,
                                        javax.servlet.http.HttpServletResponse response,
                                        LoginConfig config)
                                 throws IOException

Authenticate the user making this request, based on the specified login configuration. Return true if any specified constraint has been satisfied, or false if we have created a response challenge already.

Parameters:

request - Request we are processing

response - Response we are creating

config - Login configuration describing how authentication should be performed

Throws:

IOException - if an input/output error occurs

generateSessionId

protected String generateSessionId(Random random)

Generate and return a new session identifier for the cookie that identifies an SSO principal.

reauthenticateFromSSO

protected boolean reauthenticateFromSSO(String ssoId,
                                        Request request)

Attempts reauthentication to the Realm using the credentials included in argument entry.

Parameters:

ssoId - identifier of SingleSignOn session with which the caller is associated

request - the request that needs to be authenticated

register

protected void register(Request request,
                        javax.servlet.http.HttpServletResponse response,
                        Principal principal,
                        String authType,
                        String username,
                        String password)

Register an authenticated Principal and authentication type in our request, in the current session (if there is one), and with our SingleSignOn valve, if there is one. Set the appropriate cookie to be returned.

Parameters:

request - The servlet request we are processing

response - The servlet response we are generating

principal - The authenticated Principal to be registered

authType - The authentication type to be registered

username - Username used to authenticate (if any)

password - Password used to authenticate (if any)

unregister

protected void unregister(Request request,
                          javax.servlet.http.HttpServletResponse response)

Register an authenticated Principal and authentication type in our request, in the current session (if there is one), and with our SingleSignOn valve, if there is one. Set the appropriate cookie to be returned.

Parameters:

request - The servlet request we are processing

response - The servlet response we are generating

principal - The authenticated Principal to be registered

authType - The authentication type to be registered

username - Username used to authenticate (if any)

password - Password used to authenticate (if any)

addLifecycleListener

public void addLifecycleListener(LifecycleListener listener)

Add a lifecycle event listener to this component.

Specified by:

addLifecycleListener in interface Lifecycle

Parameters:

listener - The listener to add

findLifecycleListeners

public LifecycleListener[] findLifecycleListeners()

Get the lifecycle listeners associated with this lifecycle. If this Lifecycle has no listeners registered, a zero-length array is returned.

Specified by:

findLifecycleListeners in interface Lifecycle

removeLifecycleListener

public void removeLifecycleListener(LifecycleListener listener)

Remove a lifecycle event listener from this component.

Specified by:

removeLifecycleListener in interface Lifecycle

Parameters:

listener - The listener to remove

start

public void start()
           throws LifecycleException

Prepare for the beginning of active use of the public methods of this component. This method should be called after configure(), and before any of the public methods of the component are utilized.

Specified by:

start in interface Lifecycle

Throws:

LifecycleException - if this component detects a fatal error that prevents this component from being used

stop

public void stop()
          throws LifecycleException

Gracefully terminate the active use of the public methods of this component. This method should be the last one called on a given instance of this component.

Specified by:

stop in interface Lifecycle

Throws:

LifecycleException - if this component detects a fatal error that needs to be reported