/*
* Copyright (c) 2006, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.net.httpserver;
Authenticator represents an implementation of an HTTP authentication
mechanism. Sub-classes provide implementations of specific mechanisms
such as Digest or Basic auth. Instances are invoked to provide verification
of the authentication information provided in all incoming requests.
Note. This implies that any caching of credentials or other authentication
information must be done outside of this class.
/**
* Authenticator represents an implementation of an HTTP authentication
* mechanism. Sub-classes provide implementations of specific mechanisms
* such as Digest or Basic auth. Instances are invoked to provide verification
* of the authentication information provided in all incoming requests.
* Note. This implies that any caching of credentials or other authentication
* information must be done outside of this class.
*/
public abstract class Authenticator {
Constructor for subclasses to call.
/**
* Constructor for subclasses to call.
*/
protected Authenticator () { }
Base class for return type from Authenticator.authenticate(HttpExchange)
method. /**
* Base class for return type from {@link #authenticate(HttpExchange)} method.
*/
public abstract static class Result {
Constructor for subclasses to call.
/**
* Constructor for subclasses to call.
*/
protected Result () {}
}
Indicates an authentication failure. The authentication
attempt has completed.
/**
* Indicates an authentication failure. The authentication
* attempt has completed.
*/
public static class Failure extends Result {
private int responseCode;
Creates a Failure
instance with given response code. Params: - responseCode – the response code to associate with this
Failure
instance
/**
* Creates a {@code Failure} instance with given response code.
*
* @param responseCode the response code to associate with this
* {@code Failure} instance
*/
public Failure (int responseCode) {
this.responseCode = responseCode;
}
Returns the response code to send to the client.
Returns: the response code associated with this Failure
instance
/**
* Returns the response code to send to the client.
*
* @return the response code associated with this {@code Failure} instance
*/
public int getResponseCode() {
return responseCode;
}
}
Indicates an authentication has succeeded and the authenticated user principal can be acquired by calling getPrincipal()
. /**
* Indicates an authentication has succeeded and the
* authenticated user {@linkplain HttpPrincipal principal} can be acquired by calling
* {@link #getPrincipal()}.
*/
public static class Success extends Result {
private HttpPrincipal principal;
Creates a Success
instance with given Principal
. Params: - p – the authenticated user you wish to set as
Principal
/**
* Creates a {@code Success} instance with given {@code Principal}.
*
* @param p the authenticated user you wish to set as {@code Principal}
*/
public Success (HttpPrincipal p) {
principal = p;
}
Returns the authenticated user Principal
. Returns: the Principal
instance associated with the authenticated user
/**
* Returns the authenticated user {@code Principal}.
*
* @return the {@code Principal} instance associated with the authenticated user
*
*/
public HttpPrincipal getPrincipal() {
return principal;
}
}
Indicates an authentication must be retried. The response code to be sent back is as returned from getResponseCode()
. The Authenticator
must also have set any necessary response headers in the given HttpExchange
before returning this Retry
object. /**
* Indicates an authentication must be retried. The
* response code to be sent back is as returned from
* {@link #getResponseCode()}. The {@code Authenticator} must also have
* set any necessary response headers in the given {@link HttpExchange}
* before returning this {@code Retry} object.
*/
public static class Retry extends Result {
private int responseCode;
Creates a Retry
instance with given response code. Params: - responseCode – the response code to associate with this
Retry
instance
/**
* Creates a {@code Retry} instance with given response code.
*
* @param responseCode the response code to associate with this
* {@code Retry} instance
*/
public Retry (int responseCode) {
this.responseCode = responseCode;
}
Returns the response code to send to the client.
Returns: the response code associated with this Retry
instance
/**
* Returns the response code to send to the client.
*
* @return the response code associated with this {@code Retry} instance
*/
public int getResponseCode() {
return responseCode;
}
}
Called to authenticate each incoming request. The implementation must return a Failure
, Success
or Retry
object as appropriate:
-
Failure
means the authentication has completed, but has failed due to invalid credentials. -
Success
means that the authentication has succeeded, and a Principal
object representing the user can be retrieved by calling Success.getPrincipal()
. -
Retry
means that another HTTP exchange is required. Any response headers needing to be sent back to the client are set in the given HttpExchange
. The response code to be returned must be provided in the Retry
object. Retry
may occur multiple times.
Params: - exch – the
HttpExchange
upon which authenticate is called
Returns: the result
/**
* Called to authenticate each incoming request. The implementation
* must return a {@link Failure}, {@link Success} or {@link Retry} object as appropriate:
* <ul>
* <li> {@code Failure} means the authentication has completed, but has
* failed due to invalid credentials.
* <li> {@code Success} means that the authentication has succeeded,
* and a {@code Principal} object representing the user can be retrieved
* by calling {@link Success#getPrincipal()}.
* <li> {@code Retry} means that another HTTP {@linkplain HttpExchange exchange}
* is required. Any response headers needing to be sent back to the client are set
* in the given {@code HttpExchange}. The response code to be returned must be
* provided in the {@code Retry} object. {@code Retry} may occur multiple times.
* </ul>
*
* @param exch the {@code HttpExchange} upon which authenticate is called
* @return the result
*/
public abstract Result authenticate (HttpExchange exch);
}