org.apache.commons.httpclient.auth
Class DigestScheme

java.lang.Object
  extended by org.apache.commons.httpclient.auth.RFC2617Scheme
      extended by org.apache.commons.httpclient.auth.DigestScheme
All Implemented Interfaces:
AuthScheme

public class DigestScheme
extends RFC2617Scheme

Digest authentication scheme as defined in RFC 2617. Both MD5 (default) and MD5-sess are supported. Currently only qop=auth or no qop is supported. qop=auth-int is unsupported. If auth and auth-int are provided, auth is used.

Credential charset is configured via the credential charset parameter. Since the digest username is included as clear text in the generated Authentication header, the charset of the username must be compatible with the http element charset.

TODO: make class more stateful regarding repeated authentication requests

Author:
Remy Maucherat, Rodney Waldhoff, Jeff Dever, Ortwin Gl?ck, Sean C. Sullivan, Adrian Sutton, Mike Bowler, Oleg Kalnichevski

Constructor Summary
DigestScheme()
          Default constructor for the digest authetication scheme.
DigestScheme(String challenge)
          Deprecated. Use parameterless constructor and AuthScheme.processChallenge(String) method
 
Method Summary
 String authenticate(Credentials credentials, HttpMethod method)
          Produces a digest authorization string for the given set of Credentials, method name and URI.
 String authenticate(Credentials credentials, String method, String uri)
          Deprecated. Use authenticate(Credentials, HttpMethod)
static String createCnonce()
          Creates a random cnonce value based on the current time.
 String getID()
          Deprecated. no longer used
 String getSchemeName()
          Returns textual designation of the digest authentication scheme.
 boolean isComplete()
          Tests if the Digest authentication process has been completed.
 boolean isConnectionBased()
          Returns false.
 void processChallenge(String challenge)
          Processes the Digest challenge.
 
Methods inherited from class org.apache.commons.httpclient.auth.RFC2617Scheme
getParameter, getParameters, getRealm
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

DigestScheme

public DigestScheme()
Default constructor for the digest authetication scheme.

Since:
3.0

DigestScheme

public DigestScheme(String challenge)
             throws MalformedChallengeException
Deprecated. Use parameterless constructor and AuthScheme.processChallenge(String) method

Constructor for the digest authetication scheme.

Parameters:
challenge - authentication challenge
Throws:
MalformedChallengeException - is thrown if the authentication challenge is malformed
Method Detail

getID

public String getID()
Deprecated. no longer used

Gets an ID based upon the realm and the nonce value. This ensures that requests to the same realm with different nonce values will succeed. This differentiation allows servers to request re-authentication using a fresh nonce value.

Specified by:
getID in interface AuthScheme
Overrides:
getID in class RFC2617Scheme
Returns:
String a String identifying the authentication challenge. The returned value may be null.

processChallenge

public void processChallenge(String challenge)
                      throws MalformedChallengeException
Processes the Digest challenge.

Specified by:
processChallenge in interface AuthScheme
Overrides:
processChallenge in class RFC2617Scheme
Parameters:
challenge - the challenge string
Throws:
MalformedChallengeException - is thrown if the authentication challenge is malformed
Since:
3.0

isComplete

public boolean isComplete()
Tests if the Digest authentication process has been completed.

Returns:
true if Digest authorization has been processed, false otherwise.
Since:
3.0

getSchemeName

public String getSchemeName()
Returns textual designation of the digest authentication scheme.

Returns:
digest

isConnectionBased

public boolean isConnectionBased()
Returns false. Digest authentication scheme is request based.

Returns:
false.
Since:
3.0

authenticate

public String authenticate(Credentials credentials,
                           String method,
                           String uri)
                    throws AuthenticationException
Deprecated. Use authenticate(Credentials, HttpMethod)

Produces a digest authorization string for the given set of Credentials, method name and URI.

Parameters:
credentials - A set of credentials to be used for athentication
method - the name of the method that requires authorization.
uri - The URI for which authorization is needed.
Returns:
a digest authorization string
Throws:
InvalidCredentialsException - if authentication credentials are not valid or not applicable for this authentication scheme
AuthenticationException - if authorization string cannot be generated due to an authentication failure
See Also:
HttpMethod.getName(), HttpMethod.getPath()

authenticate

public String authenticate(Credentials credentials,
                           HttpMethod method)
                    throws AuthenticationException
Produces a digest authorization string for the given set of Credentials, method name and URI.

Parameters:
credentials - A set of credentials to be used for athentication
method - The method being authenticated
Returns:
a digest authorization string
Throws:
InvalidCredentialsException - if authentication credentials are not valid or not applicable for this authentication scheme
AuthenticationException - if authorization string cannot be generated due to an authentication failure
Since:
3.0

createCnonce

public static String createCnonce()
Creates a random cnonce value based on the current time.

Returns:
The cnonce value as String.
Throws:
HttpClientError - if MD5 algorithm is not supported.


Copyright © 2001-2008 Apache Software Foundation. All Rights Reserved.