You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2012/11/02 12:05:08 UTC
svn commit: r1404918 - in /tomcat/trunk:
java/org/apache/catalina/authenticator/DigestAuthenticator.java
test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java
webapps/docs/config/valve.xml
Author: markt
Date: Fri Nov 2 11:05:07 2012
New Revision: 1404918
URL: http://svn.apache.org/viewvc?rev=1404918&view=rev
Log:
Make the nonceCountWindowSize configurable else the performance test fails.
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java
tomcat/trunk/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java
tomcat/trunk/webapps/docs/config/valve.xml
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java?rev=1404918&r1=1404917&r2=1404918&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java Fri Nov 2 11:05:07 2012
@@ -97,6 +97,12 @@ public class DigestAuthenticator extends
/**
+ * The window size to use to track seen nonce count values for a given
+ * nonce. If not specified, the default of 100 is used.
+ */
+ protected int nonceCountWindowSize = 100;
+
+ /**
* Private key.
*/
protected String key = null;
@@ -123,6 +129,16 @@ public class DigestAuthenticator extends
// ------------------------------------------------------------- Properties
+ public int getNonceCountWindowSize() {
+ return nonceCountWindowSize;
+ }
+
+
+ public void setNonceCountWindowSize(int nonceCountWindowSize) {
+ this.nonceCountWindowSize = nonceCountWindowSize;
+ }
+
+
public int getNonceCacheSize() {
return nonceCacheSize;
}
@@ -315,7 +331,7 @@ public class DigestAuthenticator extends
ipTimeKey.getBytes(B2CConverter.ISO_8859_1));
String nonce = currentTime + ":" + MD5Encoder.encode(buffer);
- NonceInfo info = new NonceInfo(currentTime, 100);
+ NonceInfo info = new NonceInfo(currentTime, getNonceCountWindowSize());
synchronized (nonces) {
nonces.put(nonce, info);
}
Modified: tomcat/trunk/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java?rev=1404918&r1=1404917&r2=1404918&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java (original)
+++ tomcat/trunk/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java Fri Nov 2 11:05:07 2012
@@ -123,6 +123,7 @@ public class TesterDigestAuthenticatorPe
// Make the Context and Realm visible to the Authenticator
authenticator.setContainer(context);
+ authenticator.setNonceCountWindowSize(8 * 1024);
authenticator.start();
}
@@ -130,7 +131,6 @@ public class TesterDigestAuthenticatorPe
private class TesterRunnable implements Runnable {
-
private String nonce;
private int requestCount;
Modified: tomcat/trunk/webapps/docs/config/valve.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/valve.xml?rev=1404918&r1=1404917&r2=1404918&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/valve.xml (original)
+++ tomcat/trunk/webapps/docs/config/valve.xml Fri Nov 2 11:05:07 2012
@@ -897,6 +897,15 @@
of that cache. If not specified, the default value of 1000 is used.</p>
</attribute>
+ <attribute name="nonceCountWindowSize" required="false">
+ <p>Client requests may be processed out of order which in turn means
+ that the nonce count values may be processed out of order. To prevent
+ authentication failures when nonce counts are presented out of order
+ the authenticator tracks a window of nonce count values. This attribute
+ controls how big that window is. If not specified, the default value of
+ 100 is used.</p>
+ </attribute>
+
<attribute name="nonceValidity" required="false">
<p>The time, in milliseconds, that a server generated nonce will be
considered valid for use in authentication. If not specified, the
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org