org.restlet.ext.crypto

Class DigestAuthenticator

java.lang.Object

org.restlet.Restlet

org.restlet.routing.Filter

org.restlet.security.Authenticator

org.restlet.security.ChallengeAuthenticator

org.restlet.ext.crypto.DigestAuthenticator

All Implemented Interfaces:

Uniform

public class DigestAuthenticator
extends ChallengeAuthenticator

Authenticator supporting the digest challenge authentication schemes. By default, it only knows about the ChallengeScheme.HTTP_DIGEST scheme.

Author:

Jerome Louvel

See Also:

DigestVerifier, DigestAuthenticator

Field Summary

Fields inherited from class org.restlet.routing.Filter

CONTINUE, SKIP, STOP

Constructor Summary

Constructors

Constructor and Description
DigestAuthenticator(Context context, boolean optional, java.lang.String realm, java.util.List<Reference> domainRefs, java.lang.String serverKey) Constructor.
DigestAuthenticator(Context context, java.lang.String realm, java.lang.String serverKey) Constructor.

Method Summary

Modifier and Type	Method and Description
protected ChallengeRequest	createChallengeRequest(boolean stale)
java.lang.String	generateServerNonce() Generates a server nonce.
java.util.List<Reference>	getDomainRefs() Returns the base URI references that collectively define the protected domains for the digest authentication.
java.lang.String	getHashedSecret(java.lang.String identifier, char[] secret) Return the hashed secret.
long	getMaxServerNonceAge() Returns the number of milliseconds between each mandatory nonce refresh.
java.lang.String	getServerKey() Returns the secret key known only by server.
DigestVerifier<LocalVerifier>	getVerifier()
void	setDomainRefs(java.util.List<Reference> domainRefs) Sets the URI references that define the protection domains for the digest authentication.
void	setMaxServerNonceAge(long maxServerNonceAge) Sets the number of milliseconds between each mandatory nonce refresh.
void	setServerKey(java.lang.String serverKey) Sets the secret key known only by server.
void	setVerifier(Verifier verifier) Set the internal verifier.
void	setWrappedAlgorithm(java.lang.String wrappedAlgorithm) Sets the digest algorithm of secrets returned by the wrapped verifier.
void	setWrappedVerifier(LocalVerifier localVerifier) Sets the secret verifier that will be wrapped by real verifier supporting all the HTTP DIGEST verifications (nonce, domain URIs, etc.).

Methods inherited from class org.restlet.security.ChallengeAuthenticator

authenticate, challenge, forbid, getRealm, getScheme, isRechallenging, setRealm, setRechallenging

Methods inherited from class org.restlet.security.Authenticator

authenticated, beforeHandle, getEnroler, isMultiAuthenticating, isOptional, setEnroler, setMultiAuthenticating, setOptional, unauthenticated

Methods inherited from class org.restlet.routing.Filter

afterHandle, doHandle, getNext, handle, hasNext, setNext, setNext, start, stop

Methods inherited from class org.restlet.Restlet

createFinder, finalize, getApplication, getAuthor, getContext, getDescription, getFinderClass, getLogger, getName, getOwner, handle, handle, handle, isStarted, isStopped, setAuthor, setContext, setDescription, setFinderClass, setName, setOwner

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DigestAuthenticator

public DigestAuthenticator(Context context,
                           boolean optional,
                           java.lang.String realm,
                           java.util.List<Reference> domainRefs,
                           java.lang.String serverKey)

Constructor. Sets the challenge scheme to ChallengeScheme.HTTP_DIGEST and the nonce lifespan to 5 minutes by default.

Parameters:

context - The context.

optional - Indicates if the authentication success is optional.

realm - The authentication realm.

domainRefs - The URI references that define the protection domains.

serverKey - The secret key known only to server.

DigestAuthenticator

public DigestAuthenticator(Context context,
                           java.lang.String realm,
                           java.lang.String serverKey)

Constructor. By default, it set the "optional" property to 'false' and the "domainUris" property to a single '/' URI.

Parameters:

context - The context.

realm - The authentication realm.

serverKey - secret key known only to server

Method Detail

createChallengeRequest

protected ChallengeRequest createChallengeRequest(boolean stale)

Overrides:

createChallengeRequest in class ChallengeAuthenticator

generateServerNonce

public java.lang.String generateServerNonce()

Generates a server nonce.

Returns:

A new server nonce.

getDomainRefs

public java.util.List<Reference> getDomainRefs()

Returns the base URI references that collectively define the protected domains for the digest authentication. By default, it returns a list with a single "/" URI reference.

Returns:

The base URI references.

getHashedSecret

public java.lang.String getHashedSecret(java.lang.String identifier,
                                        char[] secret)

Return the hashed secret. By default, it knows how to hash HTTP DIGEST secrets, specified as A1 in section 3.2.2.2 of RFC2617, or null if the identifier has no corresponding secret.

Parameters:

identifier - The user identifier to hash.

secret - The user secret.

Returns:

A hash of the user name, realm, and password.

getMaxServerNonceAge

public long getMaxServerNonceAge()

Returns the number of milliseconds between each mandatory nonce refresh.

Returns:

The server nonce lifespan.

getServerKey

public java.lang.String getServerKey()

Returns the secret key known only by server.

Returns:

The server secret key.

getVerifier

public DigestVerifier<LocalVerifier> getVerifier()

Overrides:

getVerifier in class ChallengeAuthenticator

setDomainRefs

public void setDomainRefs(java.util.List<Reference> domainRefs)

Sets the URI references that define the protection domains for the digest authentication.

Parameters:

domainRefs - The base URI references.

setMaxServerNonceAge

public void setMaxServerNonceAge(long maxServerNonceAge)

Sets the number of milliseconds between each mandatory nonce refresh.

Parameters:

maxServerNonceAge - The nonce lifespan in milliseconds.

setServerKey

public void setServerKey(java.lang.String serverKey)

Sets the secret key known only by server.

Parameters:

serverKey - The server secret key.

setVerifier

public void setVerifier(Verifier verifier)

Set the internal verifier. In general you shouldn't replace it and instead use the setWrappedVerifier(LocalVerifier) method.

Overrides:

setVerifier in class ChallengeAuthenticator

Parameters:

verifier - The internal verifier.

setWrappedAlgorithm

public void setWrappedAlgorithm(java.lang.String wrappedAlgorithm)

Sets the digest algorithm of secrets returned by the wrapped verifier. The secrets from the wrapped verifier are the ones used by the verifier to compare those sent by clients when attempting to authenticate.

Parameters:

wrappedAlgorithm - The digest algorithm of secrets returned by the wrapped verifier.

See Also:

Digest

setWrappedVerifier

public void setWrappedVerifier(LocalVerifier localVerifier)

Sets the secret verifier that will be wrapped by real verifier supporting all the HTTP DIGEST verifications (nonce, domain URIs, etc.).

Parameters:

localVerifier - The local verifier to wrap.