org.apache.hc.client5.http.impl.auth

Class DigestScheme

java.lang.Object

org.apache.hc.client5.http.impl.auth.DigestScheme

All Implemented Interfaces:

Serializable, AuthScheme

public class DigestScheme
extends Object
implements AuthScheme, Serializable

Digest authentication scheme. Both MD5 (default) and MD5-sess are supported. Currently only qop=auth or no qop is supported. qop=auth-int is unsupported. If auth and auth-int are provided, auth is used.

Since the digest username is included as clear text in the generated Authentication header, the charset of the username must be compatible with the HTTP element charset used by the connection.

Since:

4.0

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
DigestScheme()
DigestScheme(Charset charset) Deprecated. This constructor is deprecated to enforce the use of StandardCharsets.UTF_8 encoding in compliance with RFC 7616 for HTTP Digest Access Authentication. Use the default constructor DigestScheme() instead.

Method Summary

Modifier and Type	Method and Description
String	generateAuthResponse(org.apache.hc.core5.http.HttpHost host, org.apache.hc.core5.http.HttpRequest request, org.apache.hc.core5.http.protocol.HttpContext context) Generates an authorization response based on the current state.
String	getCnonce()
String	getName() Returns textual designation of the given authentication scheme.
String	getNonce()
long	getNounceCount()
Principal	getPrincipal() Returns Principal whose credentials are used to generate an authentication response.
String	getRealm() Returns authentication realm.
void	initPreemptive(Credentials credentials, String cnonce, String realm)
boolean	isChallengeComplete() Authentication process may involve a series of challenge-response exchanges.
boolean	isConnectionBased() Determines if the authentication scheme is expected to provide an authorization response on a per connection basis instead of the standard per request basis
boolean	isResponseReady(org.apache.hc.core5.http.HttpHost host, CredentialsProvider credentialsProvider, org.apache.hc.core5.http.protocol.HttpContext context) Determines whether or not an authorization response can be generated based on the actual authentication state.
void	processChallenge(AuthChallenge authChallenge, org.apache.hc.core5.http.protocol.HttpContext context) Processes the given auth challenge.
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

DigestScheme

public DigestScheme()

DigestScheme

@Deprecated
public DigestScheme(Charset charset)

Deprecated. This constructor is deprecated to enforce the use of StandardCharsets.UTF_8 encoding in compliance with RFC 7616 for HTTP Digest Access Authentication. Use the default constructor DigestScheme() instead.

Parameters:

charset - the Charset set to be used for encoding credentials. This parameter is ignored as UTF-8 is always used.

Method Detail

initPreemptive

public void initPreemptive(Credentials credentials,
                           String cnonce,
                           String realm)

getName

public String getName()

Description copied from interface: AuthScheme

Returns textual designation of the given authentication scheme.

Specified by:

getName in interface AuthScheme

Returns:

the name of the given authentication scheme

isConnectionBased

public boolean isConnectionBased()

Description copied from interface: AuthScheme

Determines if the authentication scheme is expected to provide an authorization response on a per connection basis instead of the standard per request basis

Specified by:

isConnectionBased in interface AuthScheme

Returns:

true if the scheme is connection based, false if the scheme is request based.

getRealm

public String getRealm()

Description copied from interface: AuthScheme

Returns authentication realm. If the concept of an authentication realm is not applicable to the given authentication scheme, returns null.

Specified by:

getRealm in interface AuthScheme

Returns:

the authentication realm

processChallenge

public void processChallenge(AuthChallenge authChallenge,
                             org.apache.hc.core5.http.protocol.HttpContext context)
                      throws MalformedChallengeException

Description copied from interface: AuthScheme

Processes the given auth challenge. Some authentication schemes may involve multiple challenge-response exchanges. Such schemes must be able to maintain internal state when dealing with sequential challenges

Specified by:

processChallenge in interface AuthScheme

Parameters:

authChallenge - the auth challenge

context - HTTP context

Throws:

MalformedChallengeException - in case the auth challenge is incomplete, malformed or otherwise invalid.

isChallengeComplete

public boolean isChallengeComplete()

Description copied from interface: AuthScheme

Authentication process may involve a series of challenge-response exchanges. This method tests if the authorization process has been fully completed (either successfully or unsuccessfully), that is, all the required authorization challenges have been processed in their entirety.

Specified by:

isChallengeComplete in interface AuthScheme

Returns:

true if the authentication process has been completed, false otherwise.

isResponseReady

public boolean isResponseReady(org.apache.hc.core5.http.HttpHost host,
                               CredentialsProvider credentialsProvider,
                               org.apache.hc.core5.http.protocol.HttpContext context)
                        throws AuthenticationException

Description copied from interface: AuthScheme

Determines whether or not an authorization response can be generated based on the actual authentication state. Generally the outcome of this method will depend upon availability of user credentials necessary to produce an authorization response.

Specified by:

isResponseReady in interface AuthScheme

credentialsProvider - The credentials to be used for authentication

context - HTTP context

Returns:

true if an authorization response can be generated and the authentication handshake can proceed, false otherwise.

Throws:

AuthenticationException - if authorization string cannot be generated due to an authentication failure

getPrincipal

public Principal getPrincipal()

Description copied from interface: AuthScheme

Returns Principal whose credentials are used to generate an authentication response. Connection based schemes are required to return a user Principal if authorization applies to for the entire life span of connection.

Specified by:

getPrincipal in interface AuthScheme

Returns:

user principal

See Also:

AuthScheme.isConnectionBased()

generateAuthResponse

public String generateAuthResponse(org.apache.hc.core5.http.HttpHost host,
                                   org.apache.hc.core5.http.HttpRequest request,
                                   org.apache.hc.core5.http.protocol.HttpContext context)
                            throws AuthenticationException

Description copied from interface: AuthScheme

Generates an authorization response based on the current state. Some authentication schemes may need to load user credentials required to generate an authorization response from a CredentialsProvider prior to this method call.

Specified by:

generateAuthResponse in interface AuthScheme

request - The request being authenticated

context - HTTP context

Returns:

authorization header

Throws:

AuthenticationException - if authorization string cannot be generated due to an authentication failure

See Also:

AuthScheme.isResponseReady(HttpHost, CredentialsProvider, HttpContext)

getNonce

@Internal
public String getNonce()

getNounceCount

@Internal
public long getNounceCount()

getCnonce

@Internal
public String getCnonce()

toString

public String toString()

Overrides:

toString in class Object