KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > commons > httpclient > Authenticator


1 /*
2  * $Header: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/Attic/Authenticator.java,v 1.46.2.1 2004/02/22 18:21:12 olegk Exp $
3  * $Revision: 1.46.2.1 $
4  * $Date: 2004/02/22 18:21:12 $
5  *
6  * ====================================================================
7  *
8  * Copyright 1999-2004 The Apache Software Foundation
9  *
10  * Licensed under the Apache License, Version 2.0 (the "License");
11  * you may not use this file except in compliance with the License.
12  * You may obtain a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing, software
17  * distributed under the License is distributed on an "AS IS" BASIS,
18  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19  * See the License for the specific language governing permissions and
20  * limitations under the License.
21  * ====================================================================
22  *
23  * This software consists of voluntary contributions made by many
24  * individuals on behalf of the Apache Software Foundation. For more
25  * information on the Apache Software Foundation, please see
26  * <http://www.apache.org/>.
27  *
28  * [Additional notices, if required by prior licensing conditions]
29  *
30  */

31
32 package org.apache.commons.httpclient;
33
34 import java.util.ArrayList JavaDoc;
35 import org.apache.commons.httpclient.auth.HttpAuthenticator;
36 import org.apache.commons.httpclient.auth.AuthScheme;
37 import org.apache.commons.logging.Log;
38 import org.apache.commons.logging.LogFactory;
39
40 /**
41  * Utility methods for HTTP authorization and authentication. This class
42  * provides utility methods for generating responses to HTTP www and proxy
43  * authentication challenges.
44  *
45  * <blockquote>
46  * A client SHOULD assume that all paths at or deeper than the depth of the
47  * last symbolic element in the path field of the Request-URI also are within
48  * the protection space specified by the BasicScheme realm value of the current
49  * challenge. A client MAY preemptively send the corresponding Authorization
50  * header with requests for resources in that space without receipt of another
51  * challenge from the server. Similarly, when a client sends a request to a
52  * proxy, it may reuse a userid and password in the Proxy-Authorization header
53  * field without receiving another challenge from the proxy server.
54  * </blockquote>
55  * </p>
56  *
57  * @deprecated use {@link org.apache.commons.httpclient.auth.HttpAuthenticator}
58  *
59  * @author <a HREF="mailto:remm@apache.org">Remy Maucherat</a>
60  * @author Rodney Waldhoff
61  * @author <a HREF="mailto:jsdever@apache.org">Jeff Dever</a>
62  * @author Ortwin Glück
63  * @author Sean C. Sullivan
64  * @author <a HREF="mailto:adrian@ephox.com">Adrian Sutton</a>
65  * @author <a HREF="mailto:mbowler@GargoyleSoftware.com">Mike Bowler</a>
66  * @author <a HREF="mailto:oleg@ural.ru">Oleg Kalnichevski</a>
67  */

68 public class Authenticator {
69
70     // -------------------------------------- Static variables and initializers
71

72     /**
73      * <tt>org.apache.commons.httpclient.Authenticator</tt> LOG.
74      */

75     private static final Log LOG = LogFactory.getLog(Authenticator.class);
76
77     /**
78      * The www authenticate challange header.
79      */

80     public static final String JavaDoc WWW_AUTH = "WWW-Authenticate";
81
82
83     /**
84      * The www authenticate response header.
85      */

86     public static final String JavaDoc WWW_AUTH_RESP = "Authorization";
87
88
89     /**
90      * The proxy authenticate challange header.
91      */

92     public static final String JavaDoc PROXY_AUTH = "Proxy-Authenticate";
93
94
95     /**
96      * The proxy authenticate response header.
97      */

98     public static final String JavaDoc PROXY_AUTH_RESP = "Proxy-Authorization";
99
100
101     // ---------------------------------------------------------------- Methods
102

103     /**
104      * Add requisite authentication credentials to the given <i>method</i> in
105      * the given <i>state</i> if possible.
106      *
107      * @param method the HttpMethod which requires authentication
108      * @param state the HttpState object providing Credentials
109      * @return true if the Authenticate response header was added
110      * @throws HttpException when a parsing or other error occurs
111      * @throws UnsupportedOperationException when the challenge type is not
112      * supported
113      * @see HttpState#setCredentials(String,Credentials)
114      *
115      * @deprecated use {@link
116      * HttpAuthenticator#authenticate(AuthScheme, HttpMethod, HttpConnection, HttpState)}
117      */

118     public static boolean authenticate(HttpMethod method, HttpState state)
119         throws HttpException, UnsupportedOperationException JavaDoc {
120
121         LOG.trace("enter Authenticator.authenticate(HttpMethod, HttpState)");
122
123         return authenticate(method, state, false);
124     }
125
126
127     /**
128      * Add requisite proxy authentication credentials to the given
129      * <i>method</i> in the given <i>state</i> if possible.
130      *
131      * @param method the HttpMethod which requires authentication
132      * @param state the HttpState object providing Credentials
133      * @return true if the Authenticate response header was added
134      * @throws HttpException when a parsing or other error occurs
135      * @throws UnsupportedOperationException when the given challenge type is
136      * not supported
137      * @see HttpState#setProxyCredentials(String,Credentials)
138      *
139      * @deprecated use {@link
140      * HttpAuthenticator#authenticateProxy(AuthScheme, HttpMethod, HttpConnection, HttpState)}
141      */

142     public static boolean authenticateProxy(HttpMethod method, HttpState state)
143         throws HttpException, UnsupportedOperationException JavaDoc {
144
145         LOG.trace("enter Authenticator.authenticateProxy(HttpMethod, "
146                   + "HttpState)");
147
148         return authenticate(method, state, true);
149     }
150
151
152     /**
153      * Add requisite authentication credentials to the given <i>method</i>
154      * using the given the <i>challengeHeader</i>. Currently <b>BasicScheme</b> and
155      * <b>DigestScheme</b> authentication are supported. If the challengeHeader is
156      * null, the default authentication credentials will be sent.
157      *
158      * @param method the http method to add the authentication header to
159      * @param state the http state object providing {@link Credentials}
160      * @param proxy a flag indicating if the authentication is against a proxy
161      *
162      * @return true if a response header was added
163      *
164      * @throws HttpException when an error occurs parsing the challenge
165      * @throws UnsupportedOperationException when the given challenge type is
166      * not supported
167      * @see #basic
168      * @see #digest
169      * @see HttpMethod#addRequestHeader
170      */

171     private static boolean authenticate(HttpMethod method, HttpState state,
172         boolean proxy)
173         throws HttpException, UnsupportedOperationException JavaDoc {
174
175         LOG.trace("enter Authenticator.authenticate(HttpMethod, HttpState, "
176                   + "Header, String)");
177         return authenticate(method, null, state, proxy);
178    }
179
180     private static boolean authenticate(HttpMethod method, HttpConnection conn,
181             HttpState state, boolean proxy)
182             throws HttpException, UnsupportedOperationException JavaDoc {
183         String JavaDoc challengeheader = proxy ? PROXY_AUTH : WWW_AUTH;
184
185         // I REALLY hate doing this, but I need to avoid multiple autorization
186
// headers being condenced itno one. Currently HttpMethod interface
187
// does not provide this kind of functionality
188
Header[] headers = method.getResponseHeaders();
189         ArrayList JavaDoc headerlist = new ArrayList JavaDoc();
190         for (int i = 0; i < headers.length; i++) {
191             Header header = headers[i];
192             if (header.getName().equalsIgnoreCase(challengeheader)) {
193                 headerlist.add(header);
194             }
195         }
196         headers = (Header[]) headerlist.toArray(new Header[headerlist.size()]);
197         headerlist = null;
198
199         //if there is no challenge, attempt to use preemptive authorization
200
if (headers.length == 0) {
201             if (state.isAuthenticationPreemptive()) {
202                 LOG.debug("Preemptively sending default basic credentials");
203                 if (proxy) {
204                     return HttpAuthenticator.authenticateProxyDefault(method, conn, state);
205                 } else {
206                     return HttpAuthenticator.authenticateDefault(method, conn, state);
207                 }
208             }
209             return false;
210         }
211
212         // parse the authenticate headers
213
AuthScheme authscheme = HttpAuthenticator.selectAuthScheme(headers);
214         if (LOG.isDebugEnabled()) {
215             LOG.debug("Using " + authscheme.getSchemeName() + " authentication scheme");
216         }
217         if (proxy) {
218             return HttpAuthenticator.authenticateProxy(authscheme, method, conn, state);
219         } else {
220             return HttpAuthenticator.authenticate(authscheme, method, conn, state);
221         }
222
223     }
224 }
225
Popular Tags