org.apache.commons.httpclient.auth

Class HttpAuthenticator


public final class HttpAuthenticator
extends java.lang.Object

Utility methods for HTTP authorization and authentication. This class provides utility methods for generating responses to HTTP www and proxy authentication challenges.
A client SHOULD assume that all paths at or deeper than the depth of the last symbolic element in the path field of the Request-URI also are within the protection space specified by the basic realm value of the current challenge. A client MAY preemptively send the corresponding Authorization header with requests for resources in that space without receipt of another challenge from the server. Similarly, when a client sends a request to a proxy, it may reuse a userid and password in the Proxy-Authorization header field without receiving another challenge from the proxy server.
Authors:
Remy Maucherat
Rodney Waldhoff
Jeff Dever
Ortwin Gl???ck
Sean C. Sullivan
Adrian Sutton
Mike Bowler
Oleg Kalnichevski

Field Summary

static String
PROXY_AUTH
The proxy authenticate challange header.
static String
PROXY_AUTH_RESP
The proxy authenticate response header.
static String
WWW_AUTH
The www authenticate challange header.
static String
WWW_AUTH_RESP
The www authenticate response header.

Method Summary

static boolean
authenticate(AuthScheme authscheme, HttpMethod method, HttpConnection conn, HttpState state)
Deprecated. use AuthScheme
static boolean
authenticateDefault(HttpMethod method, HttpConnection conn, HttpState state)
Deprecated. use AuthScheme
static boolean
authenticateProxy(AuthScheme authscheme, HttpMethod method, HttpConnection conn, HttpState state)
Deprecated. use AuthScheme
static boolean
authenticateProxyDefault(HttpMethod method, HttpConnection conn, HttpState state)
Deprecated. use AuthScheme
static AuthScheme
selectAuthScheme(Header[] challenges)
Deprecated. Use AuthChallengeParser.parseChallenges(Header[]) and AuthPolicy.getAuthScheme(String)

Field Details

PROXY_AUTH

public static final String PROXY_AUTH
The proxy authenticate challange header.

PROXY_AUTH_RESP

public static final String PROXY_AUTH_RESP
The proxy authenticate response header.

WWW_AUTH

public static final String WWW_AUTH
The www authenticate challange header.

WWW_AUTH_RESP

public static final String WWW_AUTH_RESP
The www authenticate response header.

Method Details

authenticate

public static boolean authenticate(AuthScheme authscheme,
                                   HttpMethod method,
                                   HttpConnection conn,
                                   HttpState state)
            throws AuthenticationException

Deprecated. use AuthScheme

Attempt to provide requisite authentication credentials to the given method in the given context using the given authentication scheme.
Parameters:
authscheme - The authentication scheme to be used
method - The HttpMethod which requires authentication
conn - the connection to a specific host. This parameter may be null if default credentials (not specific to any particular host) are to be used
state - The HttpState object providing Credentials
Returns:
true if the Authenticate response header was added
Throws:
AuthenticationException - when a parsing or other error occurs

authenticateDefault

public static boolean authenticateDefault(HttpMethod method,
                                          HttpConnection conn,
                                          HttpState state)
            throws AuthenticationException

Deprecated. use AuthScheme

Attempt to provide default authentication credentials to the given method in the given context using basic authentication scheme.
Parameters:
method - the HttpMethod which requires authentication
conn - the connection to a specific host. This parameter may be null if default credentials (not specific to any particular host) are to be used
state - the HttpState object providing Credentials
Returns:
true if the Authenticate response header was added
Throws:
AuthenticationException - when a parsing or other error occurs

authenticateProxy

public static boolean authenticateProxy(AuthScheme authscheme,
                                        HttpMethod method,
                                        HttpConnection conn,
                                        HttpState state)
            throws AuthenticationException

Deprecated. use AuthScheme

Attempt to provide requisite proxy authentication credentials to the given method in the given context using the given authentication scheme.
Parameters:
authscheme - The authentication scheme to be used
method - the HttpMethod which requires authentication
conn - the connection to a specific host. This parameter may be null if default credentials (not specific to any particular host) are to be used
state - the HttpState object providing Credentials
Returns:
true if the Proxy-Authenticate response header was added
Throws:
AuthenticationException - when a parsing or other error occurs

authenticateProxyDefault

public static boolean authenticateProxyDefault(HttpMethod method,
                                               HttpConnection conn,
                                               HttpState state)
            throws AuthenticationException

Deprecated. use AuthScheme

Attempt to provide default proxy authentication credentials to the given method in the given context using basic authentication scheme.
Parameters:
method - the HttpMethod which requires authentication
conn - the connection to a specific host. This parameter may be null if default credentials (not specific to any particular host) are to be used
state - the HttpState object providing Credentials
Returns:
true if the Proxy-Authenticate response header was added
Throws:
AuthenticationException - when a parsing or other error occurs

selectAuthScheme

public static AuthScheme selectAuthScheme(Header[] challenges)
            throws MalformedChallengeException

Deprecated. Use AuthChallengeParser.parseChallenges(Header[]) and AuthPolicy.getAuthScheme(String)

Chooses the strongest authentication scheme supported from the array of authentication challenges. Currently only NTLM, Digest, Basic schemes are recognized. The NTLM scheme is considered the strongest and is preferred to all others. The Digest scheme is preferred to the Basic one which provides no encryption for credentials. The Basic scheme is used only if it is the only one supported.
Parameters:
challenges - The array of authentication challenges
Returns:
The strongest authentication scheme supported
Throws:
MalformedChallengeException - is thrown if an authentication challenge is malformed

Copyright (c) 1999-2005 - Apache Software Foundation