org.apache.commons.httpclient.auth
Class HttpAuthenticator

java.lang.Object
  |
  +--org.apache.commons.httpclient.auth.HttpAuthenticator

public final class HttpAuthenticator
extends java.lang.Object

Utility methods for HTTP authorization and authentication. This class provides utility methods for generating responses to HTTP www and proxy authentication challenges.

A client SHOULD assume that all paths at or deeper than the depth of the last symbolic element in the path field of the Request-URI also are within the protection space specified by the basic realm value of the current challenge. A client MAY preemptively send the corresponding Authorization header with requests for resources in that space without receipt of another challenge from the server. Similarly, when a client sends a request to a proxy, it may reuse a userid and password in the Proxy-Authorization header field without receiving another challenge from the proxy server.

Author:
Remy Maucherat, Rodney Waldhoff, Jeff Dever, Ortwin Gl?ck, Sean C. Sullivan, Adrian Sutton, Mike Bowler, Oleg Kalnichevski

Field Summary
static java.lang.String PROXY_AUTH
          The proxy authenticate challange header.
static java.lang.String PROXY_AUTH_RESP
          The proxy authenticate response header.
static java.lang.String WWW_AUTH
          The www authenticate challange header.
static java.lang.String WWW_AUTH_RESP
          The www authenticate response header.
 
Constructor Summary
HttpAuthenticator()
           
 
Method Summary
static boolean authenticate(AuthScheme authscheme, HttpMethod method, HttpConnection conn, HttpState state)
          Attempt to provide requisite authentication credentials to the given method in the given context using the given authentication scheme.
static boolean authenticateDefault(HttpMethod method, HttpConnection conn, HttpState state)
          Attempt to provide default authentication credentials to the given method in the given context using basic authentication scheme.
static boolean authenticateProxy(AuthScheme authscheme, HttpMethod method, HttpConnection conn, HttpState state)
          Attempt to provide requisite proxy authentication credentials to the given method in the given context using the given authentication scheme.
static boolean authenticateProxyDefault(HttpMethod method, HttpConnection conn, HttpState state)
          Attempt to provide default proxy authentication credentials to the given method in the given context using basic authentication scheme.
static AuthScheme selectAuthScheme(Header[] challenges)
          Chooses the strongest authentication scheme supported from the array of authentication challenges.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

WWW_AUTH

public static final java.lang.String WWW_AUTH
The www authenticate challange header.

WWW_AUTH_RESP

public static final java.lang.String WWW_AUTH_RESP
The www authenticate response header.

PROXY_AUTH

public static final java.lang.String PROXY_AUTH
The proxy authenticate challange header.

PROXY_AUTH_RESP

public static final java.lang.String PROXY_AUTH_RESP
The proxy authenticate response header.
Constructor Detail

HttpAuthenticator

public HttpAuthenticator()
Method Detail

selectAuthScheme

public static AuthScheme selectAuthScheme(Header[] challenges)
                                   throws MalformedChallengeException
Chooses the strongest authentication scheme supported from the array of authentication challenges. Currently only NTLM, Digest, Basic schemes are recognized. The NTLM scheme is considered the strongest and is preferred to all others. The Digest scheme is preferred to the Basic one which provides no encryption for credentials. The Basic scheme is used only if it is the only one supported.
Parameters:
challenges - The array of authentication challenges
Returns:
The strongest authentication scheme supported
Throws:
MalformedChallengeException - is thrown if an authentication challenge is malformed
java.lang.UnsupportedOperationException - when none of challenge types available is supported.

authenticateDefault

public static boolean authenticateDefault(HttpMethod method,
                                          HttpConnection conn,
                                          HttpState state)
                                   throws AuthenticationException
Attempt to provide default authentication credentials to the given method in the given context using basic authentication scheme.
Parameters:
method - the HttpMethod which requires authentication
conn - the connection to a specific host. This parameter may be null if default credentials (not specific to any particular host) are to be used
state - the HttpState object providing Credentials
Returns:
true if the Authenticate response header was added
Throws:
AuthenticationException - when a parsing or other error occurs
See Also:
HttpState.setCredentials(String,String,Credentials)

authenticateProxyDefault

public static boolean authenticateProxyDefault(HttpMethod method,
                                               HttpConnection conn,
                                               HttpState state)
                                        throws AuthenticationException
Attempt to provide default proxy authentication credentials to the given method in the given context using basic authentication scheme.
Parameters:
method - the HttpMethod which requires authentication
conn - the connection to a specific host. This parameter may be null if default credentials (not specific to any particular host) are to be used
state - the HttpState object providing Credentials
Returns:
true if the Proxy-Authenticate response header was added
Throws:
AuthenticationException - when a parsing or other error occurs
See Also:
HttpState.setCredentials(String,Credentials)

authenticate

public static boolean authenticate(AuthScheme authscheme,
                                   HttpMethod method,
                                   HttpConnection conn,
                                   HttpState state)
                            throws AuthenticationException
Attempt to provide requisite authentication credentials to the given method in the given context using the given authentication scheme.
Parameters:
authscheme - The authentication scheme to be used
method - The HttpMethod which requires authentication
conn - the connection to a specific host. This parameter may be null if default credentials (not specific to any particular host) are to be used
state - The HttpState object providing Credentials
Returns:
true if the Authenticate response header was added
Throws:
AuthenticationException - when a parsing or other error occurs
See Also:
HttpState.setCredentials(String,Credentials)

authenticateProxy

public static boolean authenticateProxy(AuthScheme authscheme,
                                        HttpMethod method,
                                        HttpConnection conn,
                                        HttpState state)
                                 throws AuthenticationException
Attempt to provide requisite proxy authentication credentials to the given method in the given context using the given authentication scheme.
Parameters:
authscheme - The authentication scheme to be used
method - the HttpMethod which requires authentication
conn - the connection to a specific host. This parameter may be null if default credentials (not specific to any particular host) are to be used
state - the HttpState object providing Credentials
Returns:
true if the Proxy-Authenticate response header was added
Throws:
AuthenticationException - when a parsing or other error occurs
See Also:
HttpState.setCredentials(String,Credentials)


Copyright © 2001-2004 Apache Software Foundation. All Rights Reserved.