sun.net.www.protocol.http
public Class AuthenticationHeader
extends Object
- Class Inheritance
-
- Imports
- java.util.Collections, .Iterator, .Locale, .HashMap, .Set, sun.net.www.*, sun.security.action.GetPropertyAction
This class is used to parse the information in WWW-Authenticate: and Proxy-Authenticate:
headers. It searches among multiple header lines and within each header line
for the best currently supported scheme. It can also return a HeaderParser
containing the challenge data for that particular scheme.
Some examples:
WWW-Authenticate: Basic realm="foo" Digest realm="bar" NTLM
Note the realm parameter must be associated with the particular scheme.
or
WWW-Authenticate: Basic realm="foo"
WWW-Authenticate: Digest realm="foo",qop="auth",nonce="thisisanunlikelynonce"
WWW-Authenticate: NTLM
or
WWW-Authenticate: Basic realm="foo"
WWW-Authenticate: NTLM ASKAJK9893289889QWQIOIONMNMN
The last example shows how NTLM breaks the rules of rfc2617 for the structure of
the authentication header. This is the reason why the raw header field is used for ntlm.
At present, the class chooses schemes in following order :
1. Negotiate (if supported)
2. Kerberos (if supported)
3. Digest
4. NTLM (if supported)
5. Basic
This choice can be modified by setting a system property:
-Dhttp.auth.preference="scheme"
which in this case, specifies that "scheme" should be used as the auth scheme when offered
disregarding the default prioritisation. If scheme is not offered, or explicitly
disabled, by disabledSchemes
, then the default priority is used.
Attention: when http.auth.preference is set as SPNEGO or Kerberos, it's actually "Negotiate
with SPNEGO" or "Negotiate with Kerberos", which means the user will prefer the Negotiate
scheme with GSS/SPNEGO or GSS/Kerberos mechanism.
This also means that the real "Kerberos" scheme can never be set as a preference.
Nested and Inner Type Summary
Modifier and Type | Class and Description
|
---|
pack-priv static class |
|
Constructor Summary
Access | Constructor and Description
|
---|
Constructor Detail
Method Detail
isPresent | back to summary
|
---|
public boolean isPresent() returns true is the header exists and contains a recognised scheme
|
sun.net.www.protocol.http
back to summary
pack-priv Class AuthenticationHeader.SchemeMapValue
extends Object
- Class Inheritance
-