Module io.inverno.mod.security.http

Package io.inverno.mod.security.http.digest

Class DigestCredentialsMatcher<A extends LoginCredentials>

java.lang.Object

io.inverno.mod.security.http.digest.DigestCredentialsMatcher<A>

Type Parameters:

A - the type of login credentials

All Implemented Interfaces:

CredentialsMatcher<DigestCredentials,A>

public class DigestCredentialsMatcher<A extends LoginCredentials>
extends Object
implements CredentialsMatcher<DigestCredentials,A>

A credentials matcher used to verify digest credentials as defined by RFC 7616.

HTTP Digest authentication basically requires a raw password in the login credentials in order to compute A1 as defined by RFC 7616 Section 3.4.2 and compute the expected digest response. This implementation accepts login credentials with raw password as well as login credentials with DigestPassword which allows to store login credentials with encoded passwords (still limited to digest encoding). Using any other type of password in the login credentials will result in an authentication failure.

Since:

1.5

Author:

Jeremy Kuhn

Constructor Summary

Constructors

Constructor	Description
DigestCredentialsMatcher(String secret)	Creates a digest credentials matcher with the specified secret.

Method Summary

Modifier and Type	Method	Description
boolean	matches(DigestCredentials credentials, A otherCredentials)	Determines whether the two specified credentials are matching.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

DigestCredentialsMatcher

public DigestCredentialsMatcher(String secret)

Creates a digest credentials matcher with the specified secret.

The secret must be the same as the one specified used to generate the www-authenticate header previously sent to the client.

Parameters:

secret - the secret

Method Details

matches

public boolean matches(DigestCredentials credentials,
 A otherCredentials)
                throws AuthenticationException

Description copied from interface: CredentialsMatcher

Determines whether the two specified credentials are matching.

This method must be:

• reflexive: matches(credentials, credentials) should return true
• symetric: if matches(credentials1, credentials2) returns true (matches(credentials2, credentials1)) should also return true
• transitive: if matches(credentials1, credentials2) returns true and matches(credentials2, credentials3) returns true then matches(credentials1, credentials3) should also return true

However this method does not have to be consistent: multiple invocations of matches(credentials1, credentials2) are not guaranteed to always return the same result.

Specified by:

matches in interface CredentialsMatcher<DigestCredentials,A extends LoginCredentials>

Parameters:

credentials - the credentials

otherCredentials - the other credentials

Returns:

true if the credentials matches the other credentials, false otherwise

Throws:

AuthenticationException