org.apache.commons.httpclient
Class Authenticator

java.lang.Object
  |
  +--org.apache.commons.httpclient.Authenticator

public class Authenticator
extends Object

Utility methods for HTTP authorization and authentication. This class provides utility methods for generating responses to HTTP www and proxy authentication challenges.

Preemptive authentication can be turned on by using the property value of #PREEMPTIVE_PROPERTY. If left unspecified, it has the default value of #PREEMPTIVE_DEFAULT. This configurable behaviour conforms to rcf2617:

A client SHOULD assume that all paths at or deeper than the depth of the last symbolic element in the path field of the Request-URI also are within the protection space specified by the Basic realm value of the current challenge. A client MAY preemptively send the corresponding Authorization header with requests for resources in that space without receipt of another challenge from the server. Similarly, when a client sends a request to a proxy, it may reuse a userid and password in the Proxy-Authorization header field without receiving another challenge from the proxy server.

Version:
$Revision: 1.39 $ $Date: 2003/01/28 04:40:20 $
Author:
Remy Maucherat, Rodney Waldhoff, Jeff Dever, Ortwin Gl?ck, Sean C. Sullivan, Adrian Sutton, Mike Bowler

Field Summary
static String PREEMPTIVE_DEFAULT
          The default property value for #PREEMPTIVE_PROPERTY.
static String PREEMPTIVE_PROPERTY
          The boolean property name to turn on preemptive authentication.
static String PROXY_AUTH
          The proxy authenticate challange header.
static String PROXY_AUTH_RESP
          The proxy authenticate response header.
static String WWW_AUTH
          The www authenticate challange header.
static String WWW_AUTH_RESP
          The www authenticate response header.
 
Constructor Summary
Authenticator()
           
 
Method Summary
static boolean authenticate(HttpMethod method, HttpState state)
          Add requisite authentication credentials to the given method in the given state if possible.
static boolean authenticateProxy(HttpMethod method, HttpState state)
          Add requisite proxy authentication credentials to the given method in the given state if possible.
static String createDigest(String uname, String pwd, Map mapCredentials)
          Creates an MD5 response digest.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

PREEMPTIVE_PROPERTY

public static final String PREEMPTIVE_PROPERTY
The boolean property name to turn on preemptive authentication.

See Also:
Constant Field Values

PREEMPTIVE_DEFAULT

public static final String PREEMPTIVE_DEFAULT
The default property value for #PREEMPTIVE_PROPERTY.

See Also:
Constant Field Values

WWW_AUTH

public static final String WWW_AUTH
The www authenticate challange header.

See Also:
Constant Field Values

WWW_AUTH_RESP

public static final String WWW_AUTH_RESP
The www authenticate response header.

See Also:
Constant Field Values

PROXY_AUTH

public static final String PROXY_AUTH
The proxy authenticate challange header.

See Also:
Constant Field Values

PROXY_AUTH_RESP

public static final String PROXY_AUTH_RESP
The proxy authenticate response header.

See Also:
Constant Field Values
Constructor Detail

Authenticator

public Authenticator()
Method Detail

createDigest

public static String createDigest(String uname,
                                  String pwd,
                                  Map mapCredentials)
                           throws HttpException
Creates an MD5 response digest.

Parameters:
uname - Username
pwd - Password
mapCredentials - map containing necessary header parameters to construct the digest. It must/can contain: uri, realm, nonce, cnonce, qop, nc.
Returns:
The created digest as string. This will be the response tag's value in the Authentication HTTP header.
Throws:
HttpException - when MD5 is an unsupported algorithm TODO: + Add createDigest() method

authenticate

public static boolean authenticate(HttpMethod method,
                                   HttpState state)
                            throws HttpException,
                                   UnsupportedOperationException
Add requisite authentication credentials to the given method in the given state if possible.

Parameters:
method - the HttpMethod which requires authentication
state - the HttpState object providing Credentials
Returns:
true if the Authenticate response header was added
Throws:
HttpException - when a parsing or other error occurs
UnsupportedOperationException - when the challenge type is not supported
See Also:
HttpState.setCredentials(String,Credentials)

authenticateProxy

public static boolean authenticateProxy(HttpMethod method,
                                        HttpState state)
                                 throws HttpException,
                                        UnsupportedOperationException
Add requisite proxy authentication credentials to the given method in the given state if possible.

Parameters:
method - the HttpMethod which requires authentication
state - the HttpState object providing Credentials
Returns:
true if the Authenticate response header was added
Throws:
HttpException - when a parsing or other error occurs
UnsupportedOperationException - when the given challenge type is not supported
See Also:
HttpState.setProxyCredentials(String,Credentials)


Copyright (c) 1999-2002 - Apache Software Foundation