|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.restlet.Uniform
org.restlet.Restlet
org.restlet.Filter
org.restlet.Guard
public class Guard
Filter guarding the access to an attached Restlet. More concretely, it guards from unauthenticated and unauthorized requests, providing facilities to check credentials such as passwords. It is also a relatively generic class which can work with several challenge schemes such as HTTP Basic and HTTP Digest.
Here are the processing steps of a Guard when a request reaches it:
Field Summary | |
---|---|
static int |
AUTHENTICATION_INVALID
Indicates that an authentication response is considered invalid. |
static int |
AUTHENTICATION_MISSING
Indicates that an authentication response couldn't be found. |
static int |
AUTHENTICATION_STALE
Indicates that an authentication response is stale. |
static int |
AUTHENTICATION_VALID
Indicates that an authentication response is valid. |
static long |
DEFAULT_NONCE_LIFESPAN_MILLIS
Default lifespan for generated nonces (5 minutes). |
Fields inherited from class org.restlet.Filter |
---|
CONTINUE, SKIP, STOP |
Constructor Summary | |
---|---|
Guard(Context context,
ChallengeScheme scheme,
java.lang.String realm)
Constructor. |
|
Guard(Context context,
java.lang.String realm,
java.util.Collection<java.lang.String> baseUris,
java.lang.String serverKey)
Alternate Constructor for HTTP DIGEST authentication scheme. |
Method Summary | |
---|---|
void |
accept(Request request,
Response response)
Accepts the call. |
int |
authenticate(Request request)
Indicates if the call is properly authenticated. |
boolean |
authorize(Request request)
Indicates if the request is authorized to pass through the Guard. |
void |
challenge(Response response)
Deprecated. Use the challenge(Response, boolean) method instead. |
void |
challenge(Response response,
boolean stale)
Challenges the client by adding a challenge request to the response and by setting the status to CLIENT_ERROR_UNAUTHORIZED. |
boolean |
checkSecret(Request request,
java.lang.String identifier,
char[] secret)
Indicates if the secret is valid for the given identifier. |
protected boolean |
checkSecret(java.lang.String identifier,
char[] secret)
Deprecated. Use the checkSecret(Request, String, char[]) method
instead. |
int |
doHandle(Request request,
Response response)
Handles the call by distributing it to the next Restlet. |
char[] |
findSecret(java.lang.String identifier)
Finds the secret associated to a given identifier. |
void |
forbid(Response response)
Rejects the call due to a failed authentication or authorization. |
java.util.Collection<java.lang.String> |
getDomainUris()
Returns the base URIs that collectively define the protected domain for HTTP Digest Authentication. |
long |
getNonceLifespan()
Returns the number of milliseconds between each mandatory nonce refresh. |
java.lang.String |
getRealm()
Returns the authentication realm. |
ChallengeScheme |
getScheme()
Returns the authentication challenge scheme. |
Resolver<char[]> |
getSecretResolver()
Returns the secret resolver. |
java.util.concurrent.ConcurrentMap<java.lang.String,char[]> |
getSecrets()
Returns the modifiable map of identifiers and secrets. |
java.lang.String |
getServerKey()
Returns the secret key known only by server. |
boolean |
isRechallengeEnabled()
Indicates if a new challenge should be sent when invalid credentials are received (true by default to conform to HTTP recommendations). |
void |
setDomainUris(java.util.Collection<java.lang.String> domainUris)
Sets the URIs that define the HTTP DIGEST authentication protection domains. |
void |
setNonceLifespan(long lifespan)
Sets the number of milliseconds between each mandatory nonce refresh. |
void |
setRealm(java.lang.String realm)
Sets the authentication realm. |
void |
setRechallengeEnabled(boolean rechallengeEnabled)
Indicates if a new challenge should be sent when invalid credentials are received. |
void |
setScheme(ChallengeScheme scheme)
Sets the authentication challenge scheme. |
void |
setSecretResolver(Resolver<char[]> secretResolver)
Sets the secret resolver. |
void |
setServerKey(java.lang.String serverKey)
Sets the secret key known only by server. |
Methods inherited from class org.restlet.Filter |
---|
afterHandle, beforeHandle, getNext, handle, hasNext, setNext, setNext |
Methods inherited from class org.restlet.Restlet |
---|
getApplication, getContext, getLogger, init, isStarted, isStopped, setContext, start, stop |
Methods inherited from class org.restlet.Uniform |
---|
delete, delete, get, get, handle, head, head, options, options, post, post, put, put |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final int AUTHENTICATION_INVALID
public static final int AUTHENTICATION_MISSING
public static final int AUTHENTICATION_STALE
public static final int AUTHENTICATION_VALID
public static final long DEFAULT_NONCE_LIFESPAN_MILLIS
Constructor Detail |
---|
public Guard(Context context, ChallengeScheme scheme, java.lang.String realm) throws java.lang.IllegalArgumentException
context
- The context.scheme
- The authentication scheme to use.realm
- The authentication realm.
java.lang.IllegalArgumentException
- if the scheme is nullpublic Guard(Context context, java.lang.String realm, java.util.Collection<java.lang.String> baseUris, java.lang.String serverKey)
context
- contextrealm
- authentication realmbaseUris
- protection domain as a collection of base URIsserverKey
- secret key known only to serverMethod Detail |
---|
public void accept(Request request, Response response)
request
- The request to accept.response
- The response to accept.public int authenticate(Request request)
ChallengeResponse.setAuthenticated(boolean)
method is always
called after authentication.
request
- The request to authenticate.
checkSecret(String, char[])
public boolean authorize(Request request)
request
- The request to authorize.
@Deprecated public void challenge(Response response)
challenge(Response, boolean)
method instead.
response
- The response to update.public void challenge(Response response, boolean stale)
response
- The response to update.stale
- Indicates if the new challenge is due to a stale response.public boolean checkSecret(Request request, java.lang.String identifier, char[] secret)
request
- The Requestidentifier
- the identifiersecret
- the identifier's secret
@Deprecated protected boolean checkSecret(java.lang.String identifier, char[] secret)
checkSecret(Request, String, char[])
method
instead.
identifier
- the identifiersecret
- the identifier's secret
public int doHandle(Request request, Response response)
doHandle
in class Filter
request
- The request to handle.response
- The response to update.
public char[] findSecret(java.lang.String identifier)
setSecretResolver(Resolver)
method.
identifier
- The identifier to lookup.
public void forbid(Response response)
response
- The reject response.public java.util.Collection<java.lang.String> getDomainUris()
public long getNonceLifespan()
public java.lang.String getRealm()
public ChallengeScheme getScheme()
public Resolver<char[]> getSecretResolver()
public java.util.concurrent.ConcurrentMap<java.lang.String,char[]> getSecrets()
public java.lang.String getServerKey()
public boolean isRechallengeEnabled()
Status.CLIENT_ERROR_FORBIDDEN
).
public void setDomainUris(java.util.Collection<java.lang.String> domainUris)
domainUris
- The URIs of protection domains.public void setNonceLifespan(long lifespan)
lifespan
- The nonce lifespan in ms.public void setRealm(java.lang.String realm)
realm
- The authentication realm.public void setRechallengeEnabled(boolean rechallengeEnabled)
rechallengeEnabled
- True if invalid credentials result in a new challenge.isRechallengeEnabled()
public void setScheme(ChallengeScheme scheme)
scheme
- The authentication challenge scheme.public void setSecretResolver(Resolver<char[]> secretResolver)
secretResolver
- The secret resolver.public void setServerKey(java.lang.String serverKey)
serverKey
- The server secret key.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |