Class DigestCredentialsMatcher<A extends LoginCredentials>

Type Parameters:
A - the type of login credentials
All Implemented Interfaces:

public class DigestCredentialsMatcher<A extends LoginCredentials> extends Object implements CredentialsMatcher<DigestCredentials,A>

A credentials matcher used to verify digest credentials as defined by RFC 7616.

HTTP Digest authentication basically requires a raw password in the login credentials in order to compute A1 as defined by RFC 7616 Section 3.4.2 and compute the expected digest response. This implementation accepts login credentials with raw password as well as login credentials with DigestPassword which allows to store login credentials with encoded passwords (still limited to digest encoding). Using any other type of password in the login credentials will result in an authentication failure.

Jeremy Kuhn
  • Constructor Details

    • DigestCredentialsMatcher

      public DigestCredentialsMatcher(String secret)

      Creates a digest credentials matcher with the specified secret.

      The secret must be the same as the one specified used to generate the www-authenticate header previously sent to the client.

      secret - the secret
  • Method Details

    • matches

      public boolean matches(DigestCredentials credentials, A otherCredentials) throws AuthenticationException
      Description copied from interface: CredentialsMatcher

      Determines whether the two specified credentials are matching.

      This method must be:

      • reflexive: matches(credentials, credentials) should return true
      • symetric: if matches(credentials1, credentials2) returns true (matches(credentials2, credentials1)) should also return true
      • transitive: if matches(credentials1, credentials2) returns true and matches(credentials2, credentials3) returns true then matches(credentials1, credentials3) should also return true

      However this method does not have to be consistent: multiple invocations of matches(credentials1, credentials2) are not guaranteed to always return the same result.

      Specified by:
      matches in interface CredentialsMatcher<DigestCredentials,A extends LoginCredentials>
      credentials - the credentials
      otherCredentials - the other credentials
      true if the credentials matches the other credentials, false otherwise