Package org.nuxeo.ecm.ui.web.auth.digest
Class DigestAuthenticator
- java.lang.Object
-
- org.nuxeo.ecm.ui.web.auth.digest.DigestAuthenticator
-
- All Implemented Interfaces:
NuxeoAuthenticationPlugin
public class DigestAuthenticator extends Object implements NuxeoAuthenticationPlugin
Nuxeo Authenticator for HTTP Digest Access Authentication (RFC 2617).
-
-
Field Summary
Fields Modifier and Type Field Description protected StringaccessKeyprotected static StringBA_HEADER_NAMEprotected static StringCNONCEprotected static longDEFAULT_NONCE_VALIDITY_SECONDSprotected static StringDEFAULT_REALMNAMEprotected static StringHTTP_METHODprotected static StringNCprotected static StringNONCEprotected longnonceValiditySecondsprotected static StringQOPprotected static StringREALMprotected static StringREALM_NAME_KEYprotected StringrealmNameprotected static StringURI
-
Constructor Summary
Constructors Constructor Description DigestAuthenticator()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected static StringcomputeDigest(String ha1, String httpMethod, String uri, String qop, String nonce, String nc, String cnonce)protected StringgetStoredHA1(String username)List<String>getUnAuthenticatedURLPrefix()Returns the list of prefix for unauthenticated URLs, typically the URLs associated to login prompt.protected StringgetValidatedUsername(Map<String,String> headerMap)BooleanhandleLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse, String baseURL)Handles the Login Prompt.UserIdentificationInfohandleRetrieveIdentity(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)Retrieves user identification information from the request.voidinitPlugin(Map<String,String> parameters)Initializes the Plugin from parameters set in the XML descriptor.BooleanneedLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest)Defines if the authentication plugin needs to do a login prompt.static Map<String,String>splitParameters(String auth)
-
-
-
Field Detail
-
DEFAULT_REALMNAME
protected static final String DEFAULT_REALMNAME
- See Also:
- Constant Field Values
-
DEFAULT_NONCE_VALIDITY_SECONDS
protected static final long DEFAULT_NONCE_VALIDITY_SECONDS
- See Also:
- Constant Field Values
-
REALM
protected static final String REALM
- See Also:
- Constant Field Values
-
HTTP_METHOD
protected static final String HTTP_METHOD
- See Also:
- Constant Field Values
-
URI
protected static final String URI
- See Also:
- Constant Field Values
-
QOP
protected static final String QOP
- See Also:
- Constant Field Values
-
NONCE
protected static final String NONCE
- See Also:
- Constant Field Values
-
NC
protected static final String NC
- See Also:
- Constant Field Values
-
CNONCE
protected static final String CNONCE
- See Also:
- Constant Field Values
-
REALM_NAME_KEY
protected static final String REALM_NAME_KEY
- See Also:
- Constant Field Values
-
BA_HEADER_NAME
protected static final String BA_HEADER_NAME
- See Also:
- Constant Field Values
-
realmName
protected String realmName
-
nonceValiditySeconds
protected long nonceValiditySeconds
-
accessKey
protected String accessKey
-
-
Method Detail
-
handleLoginPrompt
public Boolean handleLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse, String baseURL)
Description copied from interface:NuxeoAuthenticationPluginHandles the Login Prompt.- Specified by:
handleLoginPromptin interfaceNuxeoAuthenticationPlugin- Parameters:
httpRequest- the requesthttpResponse- the response- Returns:
- true if AuthFilter must stop execution (ie: login prompt generated a redirect), false otherwise
-
handleRetrieveIdentity
public UserIdentificationInfo handleRetrieveIdentity(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
Description copied from interface:NuxeoAuthenticationPluginRetrieves user identification information from the request.- Specified by:
handleRetrieveIdentityin interfaceNuxeoAuthenticationPlugin- Parameters:
httpRequest- the requesthttpResponse- the response
-
needLoginPrompt
public Boolean needLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest)
Description copied from interface:NuxeoAuthenticationPluginDefines if the authentication plugin needs to do a login prompt.- Specified by:
needLoginPromptin interfaceNuxeoAuthenticationPlugin- Returns:
- true if LoginPrompt is used
-
initPlugin
public void initPlugin(Map<String,String> parameters)
Description copied from interface:NuxeoAuthenticationPluginInitializes the Plugin from parameters set in the XML descriptor.- Specified by:
initPluginin interfaceNuxeoAuthenticationPlugin
-
getUnAuthenticatedURLPrefix
public List<String> getUnAuthenticatedURLPrefix()
Description copied from interface:NuxeoAuthenticationPluginReturns the list of prefix for unauthenticated URLs, typically the URLs associated to login prompt.- Specified by:
getUnAuthenticatedURLPrefixin interfaceNuxeoAuthenticationPlugin
-
computeDigest
protected static String computeDigest(String ha1, String httpMethod, String uri, String qop, String nonce, String nc, String cnonce) throws IllegalArgumentException
- Throws:
IllegalArgumentException
-
-