View Javadoc
1 /* 2 * $Header: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/Authenticator.java,v 1.45 2003/04/19 22:29:31 mbecke Exp $ 3 * $Revision: 1.45 $ 4 * $Date: 2003/04/19 22:29:31 $ 5 * 6 * ==================================================================== 7 * 8 * The Apache Software License, Version 1.1 9 * 10 * Copyright (c) 1999-2003 The Apache Software Foundation. All rights 11 * reserved. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 20 * 2. Redistributions in binary form must reproduce the above copyright 21 * notice, this list of conditions and the following disclaimer in 22 * the documentation and/or other materials provided with the 23 * distribution. 24 * 25 * 3. The end-user documentation included with the redistribution, if 26 * any, must include the following acknowlegement: 27 * "This product includes software developed by the 28 * Apache Software Foundation (http://www.apache.org/)." 29 * Alternately, this acknowlegement may appear in the software itself, 30 * if and wherever such third-party acknowlegements normally appear. 31 * 32 * 4. The names "The Jakarta Project", "Commons", and "Apache Software 33 * Foundation" must not be used to endorse or promote products derived 34 * from this software without prior written permission. For written 35 * permission, please contact apache@apache.org. 36 * 37 * 5. Products derived from this software may not be called "Apache" 38 * nor may "Apache" appear in their names without prior written 39 * permission of the Apache Group. 40 * 41 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED 42 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 43 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 44 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR 45 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 46 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 47 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 48 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 49 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 50 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 51 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 52 * SUCH DAMAGE. 53 * ==================================================================== 54 * 55 * This software consists of voluntary contributions made by many 56 * individuals on behalf of the Apache Software Foundation. For more 57 * information on the Apache Software Foundation, please see 58 * <http://www.apache.org/>;. 59 * 60 * [Additional notices, if required by prior licensing conditions] 61 * 62 */ 63 64 package org.apache.commons.httpclient; 65 66 import java.util.ArrayList; 67 import org.apache.commons.httpclient.auth.HttpAuthenticator; 68 import org.apache.commons.httpclient.auth.AuthScheme; 69 import org.apache.commons.logging.Log; 70 import org.apache.commons.logging.LogFactory; 71 72 /*** 73 * Utility methods for HTTP authorization and authentication. This class 74 * provides utility methods for generating responses to HTTP www and proxy 75 * authentication challenges. 76 * 77 * <blockquote> 78 * A client SHOULD assume that all paths at or deeper than the depth of the 79 * last symbolic element in the path field of the Request-URI also are within 80 * the protection space specified by the BasicScheme realm value of the current 81 * challenge. A client MAY preemptively send the corresponding Authorization 82 * header with requests for resources in that space without receipt of another 83 * challenge from the server. Similarly, when a client sends a request to a 84 * proxy, it may reuse a userid and password in the Proxy-Authorization header 85 * field without receiving another challenge from the proxy server. 86 * </blockquote> 87 * </p> 88 * 89 * @deprecated use {@link org.apache.commons.httpclient.auth.HttpAuthenticator} 90 * 91 * @author <a href="mailto:remm@apache.org">Remy Maucherat</a> 92 * @author Rodney Waldhoff 93 * @author <a href="mailto:jsdever@apache.org">Jeff Dever</a> 94 * @author Ortwin Gl�ck 95 * @author Sean C. Sullivan 96 * @author <a href="mailto:adrian@ephox.com">Adrian Sutton</a> 97 * @author <a href="mailto:mbowler@GargoyleSoftware.com">Mike Bowler</a> 98 * @author <a href="mailto:oleg@ural.ru">Oleg Kalnichevski</a> 99 */ 100 public class Authenticator { 101 102 // -------------------------------------- Static variables and initializers 103 104 /*** 105 * <tt>org.apache.commons.httpclient.Authenticator</tt> LOG. 106 */ 107 private static final Log LOG = LogFactory.getLog(Authenticator.class); 108 109 /*** 110 * The www authenticate challange header. 111 */ 112 public static final String WWW_AUTH = "WWW-Authenticate"; 113 114 115 /*** 116 * The www authenticate response header. 117 */ 118 public static final String WWW_AUTH_RESP = "Authorization"; 119 120 121 /*** 122 * The proxy authenticate challange header. 123 */ 124 public static final String PROXY_AUTH = "Proxy-Authenticate"; 125 126 127 /*** 128 * The proxy authenticate response header. 129 */ 130 public static final String PROXY_AUTH_RESP = "Proxy-Authorization"; 131 132 133 // ---------------------------------------------------------------- Methods 134 135 /*** 136 * Add requisite authentication credentials to the given <i>method</i> in 137 * the given <i>state</i> if possible. 138 * 139 * @param method the HttpMethod which requires authentication 140 * @param state the HttpState object providing Credentials 141 * @return true if the Authenticate response header was added 142 * @throws HttpException when a parsing or other error occurs 143 * @throws UnsupportedOperationException when the challenge type is not 144 * supported 145 * @see HttpState#setCredentials(String,Credentials) 146 * 147 * @deprecated use {@link 148 * HttpAuthenticator#authenticate(AuthScheme, HttpMethod, HttpConnection, HttpState)} 149 */ 150 public static boolean authenticate(HttpMethod method, HttpState state) 151 throws HttpException, UnsupportedOperationException { 152 153 LOG.trace("enter Authenticator.authenticate(HttpMethod, HttpState)"); 154 155 return authenticate(method, state, false); 156 } 157 158 159 /*** 160 * Add requisite proxy authentication credentials to the given 161 * <i>method</i> in the given <i>state</i> if possible. 162 * 163 * @param method the HttpMethod which requires authentication 164 * @param state the HttpState object providing Credentials 165 * @return true if the Authenticate response header was added 166 * @throws HttpException when a parsing or other error occurs 167 * @throws UnsupportedOperationException when the given challenge type is 168 * not supported 169 * @see HttpState#setProxyCredentials(String,Credentials) 170 * 171 * @deprecated use {@link 172 * HttpAuthenticator#authenticateProxy(AuthScheme, HttpMethod, HttpConnection, HttpState)} 173 */ 174 public static boolean authenticateProxy(HttpMethod method, HttpState state) 175 throws HttpException, UnsupportedOperationException { 176 177 LOG.trace("enter Authenticator.authenticateProxy(HttpMethod, " 178 + "HttpState)"); 179 180 return authenticate(method, state, true); 181 } 182 183 184 /*** 185 * Add requisite authentication credentials to the given <i>method</i> 186 * using the given the <i>challengeHeader</i>. Currently <b>BasicScheme</b> and 187 * <b>DigestScheme</b> authentication are supported. If the challengeHeader is 188 * null, the default authentication credentials will be sent. 189 * 190 * @param method the http method to add the authentication header to 191 * @param state the http state object providing {@link Credentials} 192 * @param proxy a flag indicating if the authentication is against a proxy 193 * 194 * @return true if a response header was added 195 * 196 * @throws HttpException when an error occurs parsing the challenge 197 * @throws UnsupportedOperationException when the given challenge type is 198 * not supported 199 * @see #basic 200 * @see #digest 201 * @see HttpMethod#addRequestHeader 202 */ 203 private static boolean authenticate(HttpMethod method, HttpState state, 204 boolean proxy) 205 throws HttpException, UnsupportedOperationException { 206 207 LOG.trace("enter Authenticator.authenticate(HttpMethod, HttpState, " 208 + "Header, String)"); 209 return authenticate(method, null, state, proxy); 210 } 211 212 private static boolean authenticate(HttpMethod method, HttpConnection conn, 213 HttpState state, boolean proxy) 214 throws HttpException, UnsupportedOperationException { 215 String challengeheader = proxy ? PROXY_AUTH : WWW_AUTH; 216 217 // I REALLY hate doing this, but I need to avoid multiple autorization 218 // headers being condenced itno one. Currently HttpMethod interface 219 // does not provide this kind of functionality 220 Header[] headers = method.getResponseHeaders(); 221 ArrayList headerlist = new ArrayList(); 222 for (int i = 0; i < headers.length; i++) { 223 Header header = headers[i]; 224 if (header.getName().equalsIgnoreCase(challengeheader)) { 225 headerlist.add(header); 226 } 227 } 228 headers = (Header[]) headerlist.toArray(new Header[headerlist.size()]); 229 headerlist = null; 230 231 //if there is no challenge, attempt to use preemptive authorization 232 if (headers.length == 0) { 233 if (state.isAuthenticationPreemptive()) { 234 LOG.debug("Preemptively sending default basic credentials"); 235 if (proxy) { 236 return HttpAuthenticator.authenticateProxyDefault(method, conn, state); 237 } else { 238 return HttpAuthenticator.authenticateDefault(method, conn, state); 239 } 240 } 241 return false; 242 } 243 244 // parse the authenticate headers 245 AuthScheme authscheme = HttpAuthenticator.selectAuthScheme(headers); 246 if (LOG.isDebugEnabled()) { 247 LOG.debug("Using " + authscheme.getSchemeName() + " authentication scheme"); 248 } 249 if (proxy) { 250 return HttpAuthenticator.authenticateProxy(authscheme, method, conn, state); 251 } else { 252 return HttpAuthenticator.authenticate(authscheme, method, conn, state); 253 } 254 255 } 256 }

This page was automatically generated by Maven