You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2012/11/02 12:05:08 UTC

svn commit: r1404918 - in /tomcat/trunk: java/org/apache/catalina/authenticator/DigestAuthenticator.java test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java webapps/docs/config/valve.xml

Author: markt
Date: Fri Nov  2 11:05:07 2012
New Revision: 1404918

URL: http://svn.apache.org/viewvc?rev=1404918&view=rev
Log:
Make the nonceCountWindowSize configurable else the performance test fails.

Modified:
    tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java
    tomcat/trunk/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java
    tomcat/trunk/webapps/docs/config/valve.xml

Modified: tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java?rev=1404918&r1=1404917&r2=1404918&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java Fri Nov  2 11:05:07 2012
@@ -97,6 +97,12 @@ public class DigestAuthenticator extends
 
 
     /**
+     * The window size to use to track seen nonce count values for a given
+     * nonce. If not specified, the default of 100 is used.
+     */
+    protected int nonceCountWindowSize = 100;
+
+    /**
      * Private key.
      */
     protected String key = null;
@@ -123,6 +129,16 @@ public class DigestAuthenticator extends
 
     // ------------------------------------------------------------- Properties
 
+    public int getNonceCountWindowSize() {
+        return nonceCountWindowSize;
+    }
+
+
+    public void setNonceCountWindowSize(int nonceCountWindowSize) {
+        this.nonceCountWindowSize = nonceCountWindowSize;
+    }
+
+
     public int getNonceCacheSize() {
         return nonceCacheSize;
     }
@@ -315,7 +331,7 @@ public class DigestAuthenticator extends
                 ipTimeKey.getBytes(B2CConverter.ISO_8859_1));
         String nonce = currentTime + ":" + MD5Encoder.encode(buffer);
 
-        NonceInfo info = new NonceInfo(currentTime, 100);
+        NonceInfo info = new NonceInfo(currentTime, getNonceCountWindowSize());
         synchronized (nonces) {
             nonces.put(nonce, info);
         }

Modified: tomcat/trunk/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java?rev=1404918&r1=1404917&r2=1404918&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java (original)
+++ tomcat/trunk/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java Fri Nov  2 11:05:07 2012
@@ -123,6 +123,7 @@ public class TesterDigestAuthenticatorPe
 
         // Make the Context and Realm visible to the Authenticator
         authenticator.setContainer(context);
+        authenticator.setNonceCountWindowSize(8 * 1024);
 
         authenticator.start();
     }
@@ -130,7 +131,6 @@ public class TesterDigestAuthenticatorPe
 
     private class TesterRunnable implements Runnable {
 
-
         private String nonce;
         private int requestCount;
 

Modified: tomcat/trunk/webapps/docs/config/valve.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/valve.xml?rev=1404918&r1=1404917&r2=1404918&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/valve.xml (original)
+++ tomcat/trunk/webapps/docs/config/valve.xml Fri Nov  2 11:05:07 2012
@@ -897,6 +897,15 @@
         of that cache. If not specified, the default value of 1000 is used.</p>
       </attribute>
 
+      <attribute name="nonceCountWindowSize" required="false">
+        <p>Client requests may be processed out of order which in turn means
+        that the nonce count values may be processed out of order. To prevent
+        authentication failures when nonce counts are presented out of order
+        the authenticator tracks a window of nonce count values. This attribute
+        controls how big that window is. If not specified, the default value of
+        100 is used.</p>
+      </attribute>
+
       <attribute name="nonceValidity" required="false">
         <p>The time, in milliseconds, that a server generated nonce will be
         considered valid for use in authentication. If not specified, the



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org