Package org.restlet.ext.crypto

Class DigestAuthenticator

java.lang.Object

org.restlet.Restlet

org.restlet.routing.Filter

org.restlet.security.Authenticator

org.restlet.security.ChallengeAuthenticator

org.restlet.ext.crypto.DigestAuthenticator

All Implemented Interfaces:

Uniform

public class DigestAuthenticator
extends ChallengeAuthenticator

Authenticator supporting the digest challenge authentication schemes. By default, it only knows about the ChallengeScheme.HTTP_DIGEST scheme.

See Also:

DigestVerifier, DigestAuthenticator

Field Summary

Fields

Modifier and Type	Field	Description
private static long	DEFAULT_MAX_SERVER_NONCE_AGE	Default lifespan for generated nonces (5 minutes).
private java.util.List<Reference>	domainRefs	The URI references that define the protection domains.
private long	maxServerNonceAge	Lifespan of nonce in milliseconds
private java.lang.String	serverKey	The secret key known only to server.

Fields inherited from class org.restlet.routing.Filter

CONTINUE, SKIP, STOP

Constructor Summary

Constructors

Constructor	Description
DigestAuthenticator(Context context, boolean optional, java.lang.String realm, java.util.List<Reference> domainRefs, java.lang.String serverKey)	Constructor.
DigestAuthenticator(Context context, java.lang.String realm, java.lang.String serverKey)	Constructor.

Method Summary

Modifier and Type	Method	Description
protected ChallengeRequest	createChallengeRequest(boolean stale)	Creates a new challenge request.
java.lang.String	generateServerNonce()	Generates a server nonce.
java.util.List<Reference>	getDomainRefs()	Returns the base URI references that collectively define the protected domains for the digest authentication.
java.lang.String	getHashedSecret(java.lang.String identifier, char[] secret)	Return the hashed secret.
long	getMaxServerNonceAge()	Returns the number of milliseconds between each mandatory nonce refresh.
java.lang.String	getServerKey()	Returns the secret key known only by server.
DigestVerifier<LocalVerifier>	getVerifier()	Returns the credentials verifier.
void	setDomainRefs(java.util.List<Reference> domainRefs)	Sets the URI references that define the protection domains for the digest authentication.
void	setMaxServerNonceAge(long maxServerNonceAge)	Sets the number of milliseconds between each mandatory nonce refresh.
void	setServerKey(java.lang.String serverKey)	Sets the secret key known only by server.
void	setVerifier(Verifier verifier)	Set the internal verifier.
void	setWrappedAlgorithm(java.lang.String wrappedAlgorithm)	Sets the digest algorithm of secrets returned by the wrapped verifier.
void	setWrappedVerifier(LocalVerifier localVerifier)	Sets the secret verifier that will be wrapped by real verifier supporting all the HTTP DIGEST verifications (nonce, domain URIs, etc.).

Methods inherited from class org.restlet.security.ChallengeAuthenticator

authenticate, challenge, forbid, getRealm, getScheme, isRechallenging, setRealm, setRechallenging

Methods inherited from class org.restlet.security.Authenticator

authenticated, beforeHandle, getEnroler, isMultiAuthenticating, isOptional, setEnroler, setMultiAuthenticating, setOptional, unauthenticated

Methods inherited from class org.restlet.routing.Filter

afterHandle, doHandle, getNext, handle, hasNext, setNext, setNext, start, stop

Methods inherited from class org.restlet.Restlet

createFinder, finalize, getApplication, getAuthor, getContext, getDescription, getFinderClass, getLogger, getName, getOwner, handle, handle, handle, isStarted, isStopped, setAuthor, setContext, setDescription, setFinderClass, setName, setOwner

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_MAX_SERVER_NONCE_AGE

private static final long DEFAULT_MAX_SERVER_NONCE_AGE

Default lifespan for generated nonces (5 minutes).

See Also:

Constant Field Values

domainRefs

private volatile java.util.List<Reference> domainRefs

The URI references that define the protection domains.

maxServerNonceAge

private volatile long maxServerNonceAge

Lifespan of nonce in milliseconds

serverKey

private volatile java.lang.String serverKey

The secret key known only to server.

Constructor Detail

DigestAuthenticator

public DigestAuthenticator(Context context,
                           boolean optional,
                           java.lang.String realm,
                           java.util.List<Reference> domainRefs,
                           java.lang.String serverKey)

Constructor. Sets the challenge scheme to ChallengeScheme.HTTP_DIGEST and the nonce lifespan to 5 minutes by default.

Parameters:

context - The context.

optional - Indicates if the authentication success is optional.

realm - The authentication realm.

domainRefs - The URI references that define the protection domains.

serverKey - The secret key known only to server.

DigestAuthenticator

public DigestAuthenticator(Context context,
                           java.lang.String realm,
                           java.lang.String serverKey)

Constructor. By default, it set the "optional" property to 'false' and the "domainUris" property to a single '/' URI.

Parameters:

context - The context.

realm - The authentication realm.

serverKey - secret key known only to server

Method Detail

createChallengeRequest

protected ChallengeRequest createChallengeRequest(boolean stale)

Description copied from class: ChallengeAuthenticator

Creates a new challenge request.

Overrides:

createChallengeRequest in class ChallengeAuthenticator

Parameters:

stale - Indicates if the new challenge is due to a stale response.

Returns:

A new challenge request.

generateServerNonce

public java.lang.String generateServerNonce()

Generates a server nonce.

Returns:

A new server nonce.

getDomainRefs

public java.util.List<Reference> getDomainRefs()

Returns the base URI references that collectively define the protected domains for the digest authentication. By default, it returns a list with a single "/" URI reference.

Returns:

The base URI references.

getHashedSecret

public java.lang.String getHashedSecret(java.lang.String identifier,
                                        char[] secret)

Return the hashed secret. By default, it knows how to hash HTTP DIGEST secrets, specified as A1 in section 3.2.2.2 of RFC2617, or null if the identifier has no corresponding secret.

Parameters:

identifier - The user identifier to hash.

secret - The user secret.

Returns:

A hash of the user name, realm, and password.

getMaxServerNonceAge

public long getMaxServerNonceAge()

Returns the number of milliseconds between each mandatory nonce refresh.

Returns:

The server nonce lifespan.

getServerKey

public java.lang.String getServerKey()

Returns the secret key known only by server.

Returns:

The server secret key.

getVerifier

public DigestVerifier<LocalVerifier> getVerifier()

Description copied from class: ChallengeAuthenticator

Returns the credentials verifier.

Overrides:

getVerifier in class ChallengeAuthenticator

Returns:

The credentials verifier.

setDomainRefs

public void setDomainRefs(java.util.List<Reference> domainRefs)

Sets the URI references that define the protection domains for the digest authentication.

Parameters:

domainRefs - The base URI references.

setMaxServerNonceAge

public void setMaxServerNonceAge(long maxServerNonceAge)

Sets the number of milliseconds between each mandatory nonce refresh.

Parameters:

maxServerNonceAge - The nonce lifespan in milliseconds.

setServerKey

public void setServerKey(java.lang.String serverKey)

Sets the secret key known only by server.

Parameters:

serverKey - The server secret key.

setVerifier

public void setVerifier(Verifier verifier)

Set the internal verifier. In general you shouldn't replace it and instead use the setWrappedVerifier(LocalVerifier) method.

Overrides:

setVerifier in class ChallengeAuthenticator

Parameters:

verifier - The internal verifier.

setWrappedAlgorithm

public void setWrappedAlgorithm(java.lang.String wrappedAlgorithm)

Sets the digest algorithm of secrets returned by the wrapped verifier. The secrets from the wrapped verifier are the ones used by the verifier to compare those sent by clients when attempting to authenticate.

Parameters:

wrappedAlgorithm - The digest algorithm of secrets returned by the wrapped verifier.

See Also:

Digest

setWrappedVerifier

public void setWrappedVerifier(LocalVerifier localVerifier)

Sets the secret verifier that will be wrapped by real verifier supporting all the HTTP DIGEST verifications (nonce, domain URIs, etc.).

Parameters:

localVerifier - The local verifier to wrap.