Package org.apache.catalina.realm
Class MessageDigestCredentialHandler
- java.lang.Object
-
- org.apache.catalina.realm.DigestCredentialHandlerBase
-
- org.apache.catalina.realm.MessageDigestCredentialHandler
-
- All Implemented Interfaces:
CredentialHandler
public class MessageDigestCredentialHandler extends DigestCredentialHandlerBase
This credential handler supports the following forms of stored passwords:- encodedCredential - a hex encoded digest of the password digested using the configured digest
- {MD5}encodedCredential - a Base64 encoded MD5 digest of the password
- {SHA}encodedCredential - a Base64 encoded SHA1 digest of the password
- {SSHA}encodedCredential - 20 byte Base64 encoded SHA1 digest
followed by variable length salt.
{SSHA}<sha-1 digest:20><salt:n> - salt$iterationCount$encodedCredential - a hex encoded salt, iteration code and a hex encoded credential, each separated by $
If the stored password form does not include an iteration count then an iteration count of 1 is used.
If the stored password form does not include salt then no salt is used.
-
-
Field Summary
Fields Modifier and Type Field Description static intDEFAULT_ITERATIONS-
Fields inherited from class org.apache.catalina.realm.DigestCredentialHandlerBase
DEFAULT_SALT_LENGTH, sm
-
-
Constructor Summary
Constructors Constructor Description MessageDigestCredentialHandler()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description StringgetAlgorithm()protected intgetDefaultIterations()StringgetEncoding()protected LoggetLog()booleanmatches(String inputCredentials, String storedCredentials)Checks to see if the input credentials match the stored credentialsprotected Stringmutate(String inputCredentials, byte[] salt, int iterations)Generates the equivalent stored credentials for the given input credentials, salt and iterations.voidsetAlgorithm(String algorithm)Set the algorithm used to convert input credentials to stored credentials.voidsetEncoding(String encodingName)-
Methods inherited from class org.apache.catalina.realm.DigestCredentialHandlerBase
getDefaultSaltLength, getIterations, getLogInvalidStoredCredentials, getSaltLength, matchesSaltIterationsEncoded, mutate, mutate, setIterations, setLogInvalidStoredCredentials, setSaltLength
-
-
-
-
Field Detail
-
DEFAULT_ITERATIONS
public static final int DEFAULT_ITERATIONS
- See Also:
- Constant Field Values
-
-
Method Detail
-
getEncoding
public String getEncoding()
-
setEncoding
public void setEncoding(String encodingName)
-
getAlgorithm
public String getAlgorithm()
- Specified by:
getAlgorithmin classDigestCredentialHandlerBase- Returns:
- the algorithm used to convert input credentials to stored credentials.
-
setAlgorithm
public void setAlgorithm(String algorithm) throws NoSuchAlgorithmException
Description copied from class:DigestCredentialHandlerBaseSet the algorithm used to convert input credentials to stored credentials.- Specified by:
setAlgorithmin classDigestCredentialHandlerBase- Parameters:
algorithm- the algorithm- Throws:
NoSuchAlgorithmException- if the specified algorithm is not supported
-
matches
public boolean matches(String inputCredentials, String storedCredentials)
Description copied from interface:CredentialHandlerChecks to see if the input credentials match the stored credentials- Parameters:
inputCredentials- User provided credentialsstoredCredentials- Credentials stored in theRealm- Returns:
trueif the inputCredentials match the storedCredentials, otherwisefalse
-
mutate
protected String mutate(String inputCredentials, byte[] salt, int iterations)
Description copied from class:DigestCredentialHandlerBaseGenerates the equivalent stored credentials for the given input credentials, salt and iterations. If the algorithm requires a key length, the default will be used.- Specified by:
mutatein classDigestCredentialHandlerBase- Parameters:
inputCredentials- User provided credentialssalt- Salt, if anyiterations- Number of iterations of the algorithm associated with this CredentialHandler applied to the inputCredentials to generate the equivalent stored credentials- Returns:
- The equivalent stored credentials for the given input
credentials or
nullif the generation fails
-
getDefaultIterations
protected int getDefaultIterations()
- Specified by:
getDefaultIterationsin classDigestCredentialHandlerBase- Returns:
- the default number of iterations used by the
CredentialHandler.
-
getLog
protected Log getLog()
- Specified by:
getLogin classDigestCredentialHandlerBase- Returns:
- the logger for the CredentialHandler instance.
-
-