Package org.exoplatform.common.http.client

Class AuthorizationInfo

java.lang.Object
org.exoplatform.common.http.client.AuthorizationInfo
All Implemented Interfaces:
Cloneable
public class AuthorizationInfo extends Object implements Cloneable
Holds the information for an authorization response.

There are 7 fields which make up this class: host, port, scheme, realm, cookie, params, and extra_info. The host and port select which server the info will be sent to. The realm is server specified string which groups various URLs under a given server together and which is used to select the correct info when a server issues an auth challenge; for schemes which don't use a realm (such as "NTLM", "PEM", and "Kerberos") the realm must be the empty string (""). The scheme is the authorization scheme used (such as "Basic" or "Digest").

There are basically two formats used for the Authorization header, the one used by the "Basic" scheme and derivatives, and the one used by the "Digest" scheme and derivatives. The first form contains just the the scheme and a "cookie": 

     Authorization: Basic aGVsbG86d29ybGQ=
The second form contains the scheme followed by a number of parameters in the form of name=value pairs: 
     Authorization: Digest username="hello", realm="test", nonce="42", ...
The two fields "cookie" and "params" correspond to these two forms. toString() is used by the AuthorizationModule when generating the Authorization header and will format the info accordingly. Note that "cookie" and "params" are mutually exclusive: if the cookie field is non-null then toString() will generate the first form; otherwise it will generate the second form.

In some schemes "extra" information needs to be kept which doesn't appear directly in the Authorization header. An example of this are the A1 and A2 strings in the Digest scheme. Since all elements in the params field will appear in the Authorization header this field can't be used for storing such info. This is what the extra_info field is for. It is an arbitrary object which can be manipulated by the corresponding setExtraInfo() and getExtraInfo() methods, but which will not be printed by toString().

The addXXXAuthorization(), removeXXXAuthorization(), and getAuthorization() methods manipulate and query an internal list of AuthorizationInfo instances. There can be only one instance per host, port, scheme, and realm combination (see equals()).

Since:
V0.1
Version:
0.3-3 06/05/2001
Author:
Ronald Tschal�r

  • Constructor Details

    • AuthorizationInfo

      public AuthorizationInfo(String host, int port, String scheme, String realm, NVPair[] params, Object info)
      Creates a new info structure for the specified host and port with the specified scheme, realm, params. The cookie is set to null.
      Parameters:
      host - the host
      port - the port
      scheme - the scheme
      realm - the realm
      params - the parameters as an array of name/value pairs, or null
      info - arbitrary extra info, or null

    • AuthorizationInfo

      public AuthorizationInfo(String host, int port, String scheme, String realm, String cookie)
      Creates a new info structure for the specified host and port with the specified scheme, realm and cookie. The params is set to a zero-length array, and the extra_info is set to null.
      Parameters:
      host - the host
      port - the port
      scheme - the scheme
      realm - the realm
      cookie - for the "Basic" scheme this is the base64-encoded username/password; for the "NTLM" scheme this is the base64-encoded username/password message.

  • Method Details

    • setAuthHandler

      public static AuthorizationHandler setAuthHandler(AuthorizationHandler handler)
      Set's the authorization handler. This handler is called whenever the server requests authorization and no entry for the requested scheme and realm can be found in the list. The handler must implement the AuthorizationHandler interface.

      If no handler is set then a default handler is used. This handler currently only handles the "Basic" and "Digest" schemes and brings up a popup which prompts for the username and password.

      The default handler can be disabled by setting the auth handler to null.

      Parameters:
      handler - the new authorization handler
      Returns:
      the old authorization handler
      See Also:

    • getAuthHandler

      public static AuthorizationHandler getAuthHandler()
      Get's the current authorization handler.
      Returns:
      the current authorization handler, or null if none is set.
      See Also:

    • getAuthorization

      public static AuthorizationInfo getAuthorization(String host, int port, String scheme, String realm)
      Searches for the authorization info using the given host, port, scheme and realm. The context is the default context.
      Parameters:
      host - the host
      port - the port
      scheme - the scheme
      realm - the realm
      Returns:
      a pointer to the authorization data or null if not found

    • getAuthorization

      public static AuthorizationInfo getAuthorization(String host, int port, String scheme, String realm, Object context)
      Searches for the authorization info in the given context using the given host, port, scheme and realm.
      Parameters:
      host - the host
      port - the port
      scheme - the scheme
      realm - the realm
      context - the context this info is associated with
      Returns:
      a pointer to the authorization data or null if not found

    • addAuthorization

      public static void addAuthorization(AuthorizationInfo auth_info)
      Adds an authorization entry to the list using the default context. If an entry for the specified scheme and realm already exists then its cookie and params are replaced with the new data.
      Parameters:
      auth_info - the AuthorizationInfo to add

    • addAuthorization

      public static void addAuthorization(AuthorizationInfo auth_info, Object context)
      Adds an authorization entry to the list. If an entry for the specified scheme and realm already exists then its cookie and params are replaced with the new data.
      Parameters:
      auth_info - the AuthorizationInfo to add
      context - the context to associate this info with

    • addAuthorization

      public static void addAuthorization(String host, int port, String scheme, String realm, String cookie, NVPair[] params, Object info)
      Adds an authorization entry to the list using the default context. If an entry for the specified scheme and realm already exists then its cookie and params are replaced with the new data.
      Parameters:
      host - the host
      port - the port
      scheme - the scheme
      realm - the realm
      cookie - the cookie
      params - an array of name/value pairs of parameters
      info - arbitrary extra auth info

    • addAuthorization

      public static void addAuthorization(String host, int port, String scheme, String realm, String cookie, NVPair[] params, Object info, Object context)
      Adds an authorization entry to the list. If an entry for the specified scheme and realm already exists then its cookie and params are replaced with the new data.
      Parameters:
      host - the host
      port - the port
      scheme - the scheme
      realm - the realm
      cookie - the cookie
      params - an array of name/value pairs of parameters
      info - arbitrary extra auth info
      context - the context to associate this info with

    • addBasicAuthorization

      public static void addBasicAuthorization(String host, int port, String realm, String user, String passwd)
      Adds an authorization entry for the "Basic" authorization scheme to the list using the default context. If an entry already exists for the "Basic" scheme and the specified realm then it is overwritten.
      Parameters:
      host - the host
      port - the port
      realm - the realm
      user - the username
      passwd - the password

    • addBasicAuthorization

      public static void addBasicAuthorization(String host, int port, String realm, String user, String passwd, Object context)
      Adds an authorization entry for the "Basic" authorization scheme to the list. If an entry already exists for the "Basic" scheme and the specified realm then it is overwritten.
      Parameters:
      host - the host
      port - the port
      realm - the realm
      user - the username
      passwd - the password
      context - the context to associate this info with

    • addDigestAuthorization

      public static void addDigestAuthorization(String host, int port, String realm, String user, String passwd)
      Adds an authorization entry for the "Digest" authorization scheme to the list using the default context. If an entry already exists for the "Digest" scheme and the specified realm then it is overwritten.
      Parameters:
      host - the host
      port - the port
      realm - the realm
      user - the username
      passwd - the password

    • addDigestAuthorization

      public static void addDigestAuthorization(String host, int port, String realm, String user, String passwd, Object context)
      Adds an authorization entry for the "Digest" authorization scheme to the list. If an entry already exists for the "Digest" scheme and the specified realm then it is overwritten.
      Parameters:
      host - the host
      port - the port
      realm - the realm
      user - the username
      passwd - the password
      context - the context to associate this info with

    • removeAuthorization

      public static void removeAuthorization(AuthorizationInfo auth_info)
      Removes an authorization entry from the list using the default context. If no entry for the specified host, port, scheme and realm exists then this does nothing.
      Parameters:
      auth_info - the AuthorizationInfo to remove

    • removeAuthorization

      public static void removeAuthorization(AuthorizationInfo auth_info, Object context)
      Removes an authorization entry from the list. If no entry for the specified host, port, scheme and realm exists then this does nothing.
      Parameters:
      auth_info - the AuthorizationInfo to remove
      context - the context this info is associated with

    • removeAuthorization

      public static void removeAuthorization(String host, int port, String scheme, String realm)
      Removes an authorization entry from the list using the default context. If no entry for the specified host, port, scheme and realm exists then this does nothing.
      Parameters:
      host - the host
      port - the port
      scheme - the scheme
      realm - the realm

    • removeAuthorization

      public static void removeAuthorization(String host, int port, String scheme, String realm, Object context)
      Removes an authorization entry from the list. If no entry for the specified host, port, scheme and realm exists then this does nothing.
      Parameters:
      host - the host
      port - the port
      scheme - the scheme
      realm - the realm
      context - the context this info is associated with

    • addPath

      public void addPath(String resource)
      Adds the path from the given resource to our path list. The path list is used for deciding when to preemptively send auth info.
      Parameters:
      resource - the resource from which to extract the path

    • getHost

      public final String getHost()
      Get the host.
      Returns:
      a string containing the host name.

    • getPort

      public final int getPort()
      Get the port.
      Returns:
      an int containing the port number.

    • getScheme

      public final String getScheme()
      Get the scheme.
      Returns:
      a string containing the scheme.

    • getRealm

      public final String getRealm()
      Get the realm.
      Returns:
      a string containing the realm.

    • getCookie

      public final String getCookie()
      Get the cookie
      Returns:
      the cookie String
      Since:
      V0.3-1

    • setCookie

      public final void setCookie(String cookie)
      Set the cookie
      Parameters:
      cookie - the new cookie
      Since:
      V0.3-1

    • getParams

      public final NVPair[] getParams()
      Get the authentication parameters.
      Returns:
      an array of name/value pairs.

    • setParams

      public final void setParams(NVPair[] params)
      Set the authentication parameters.
      Parameters:
      params - array of name/value pairs.

    • getExtraInfo

      public final Object getExtraInfo()
      Get the extra info.
      Returns:
      the extra_info object

    • setExtraInfo

      public final void setExtraInfo(Object info)
      Set the extra info.
      Parameters:
      info - the extra info

    • toString

      public String toString()
      Constructs a string containing the authorization info. The format is that of the http Authorization header.
      Overrides:
      toString in class Object
      Returns:
      a String containing all info.

    • hashCode

      public int hashCode()
      Produces a hash code based on host, scheme and realm. Port is not included for simplicity (and because it probably won't make much difference). Used in the AuthorizationInfo.AuthList hash table.
      Overrides:
      hashCode in class Object
      Returns:
      the hash code

    • equals

      public boolean equals(Object obj)
      Two AuthorizationInfos are considered equal if their host, port, scheme and realm match. Used in the AuthorizationInfo.AuthList hash table.
      Overrides:
      equals in class Object
      Parameters:
      obj - another AuthorizationInfo against which this one is to be compared.
      Returns:
      true if they match in the above mentioned fields; false otherwise.

    • clone

      public Object clone()
      Overrides:
      clone in class Object
      Returns:
      a clone of this AuthorizationInfo using a deep copy