|
Oracle Application Server HTTPClient Java API Reference 10g Release 3 (10.1.3.1.0) B32117-01 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object
HTTPClient.AuthenticationSchemeBase
HTTPClient.ntlm.NtlmAuthenticationScheme
The NtlmAuthenticationScheme class implements the AuthenticationScheme interface, supporting NTLM authentication within HTTPClient.
NTLM employs a challenge-response mechanism for authentication, in which clients are able to prove their identities without sending a password to the server. It consists of three messages, commonly referred to as Type 1 (negotiation), Type 2 (challenge) and Type 3 (authentication). It works like this:
The responses in the Type 3 message are the most critical piece, as they prove to the server that the client user has knowledge of the account password.
NTLM is a connection-oriented protocol. Once the connection is authenticated, no further credentials are required as long as the connection remains open.
Proxy servers may also use NTLM for client authentication. However, unlike request-oriented authentication like Basic and Digest, an NTLM client may only authenticate the connection with the proxy, not the resource server.
Nested Class Summary | |
static interface |
NtlmAuthenticationScheme.AuthInfoParams AuthorizationInfo parameters, used for caching credentials. |
Field Summary | |
static java.lang.String |
DEFAULT_SCHEME_NAME The default scheme name. |
static java.lang.String |
NTLM_REALM The no-name realm. |
Fields inherited from interface HTTPClient.AuthenticationScheme |
IS_CONNECTION_ORIENTED |
Constructor Summary | |
NtlmAuthenticationScheme() No-argument constructor, assumes scheme name "NTLM" and assumes the scheme is connection oriented. |
|
NtlmAuthenticationScheme(java.lang.String schemeName) Constructor, assumes the scheme is connection oriented. |
Method Summary | |
AuthorizationInfo |
createAuthorizationInfo(java.lang.String host, int port, java.lang.String realm, java.lang.String username, java.lang.String password) Creates an AuthorizationInfo object, appropriately populated for use by this AuthenticationScheme. |
AuthorizationInfo |
getAuthorization(AuthorizationInfo credentials, RoRequest request, AuthorizationInfo challenge, RoResponse response) Determines an AuthorizationInfo object for populating either the Authorization header or the Proxy-Authorization header, appropriately for the scheme. |
Methods inherited from class HTTPClient.AuthenticationSchemeBase |
getSchemeName, isConnectionOriented, setSchemeName |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static final java.lang.String DEFAULT_SCHEME_NAME
public static final java.lang.String NTLM_REALM
Constructor Detail |
public NtlmAuthenticationScheme() throws java.lang.IllegalArgumentException
AuthenticationSchemeBase.AuthenticationSchemeBase( String, boolean )
public NtlmAuthenticationScheme(java.lang.String schemeName) throws java.lang.IllegalArgumentException
AuthenticationSchemeBase.AuthenticationSchemeBase( String, boolean )
Method Detail |
public AuthorizationInfo createAuthorizationInfo(java.lang.String host, int port, java.lang.String realm, java.lang.String username, java.lang.String password) throws java.lang.IllegalArgumentException
AuthenticationScheme
AuthorizationInfo
object, appropriately populated for use by this AuthenticationScheme. The resulting object will be passed back to AuthenticationScheme.getAuthorization(HTTPClient.AuthorizationInfo, HTTPClient.RoRequest, HTTPClient.AuthorizationInfo, HTTPClient.RoResponse)
when we are challenged by the server using this scheme.host
- Connecting to this hostport
- Connecting on this portrealm
- Applicable security realmusername
- Account usernamepassword
- Account passwordjava.lang.IllegalArgumentException
- Invalid arguments given.AuthenticationScheme.createAuthorizationInfo( String host, int port, String realm, String username, String password )
public AuthorizationInfo getAuthorization(AuthorizationInfo credentials, RoRequest request, AuthorizationInfo challenge, RoResponse response)
AuthenticationScheme
AuthorizationInfo
object for populating either the Authorization
header or the Proxy-Authorization
header, appropriately for the scheme.credentials
- Contains credentials populated as required by this AuthenticationScheme, usually by AuthenticationScheme.createAuthorizationInfo(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String)
.request
- The original requestchallenge
- The server challenge, parsed from the response, or null
if attempting to pre-emptively send auth info.response
- The response received, which contains the challenge, or null
if attempting to pre-emptively send auth info.Authorization
header or the Proxy-Authorization
header, or null
if header values could not be determined.AuthenticationScheme.getAuthorization( AuthorizationInfo, RoRequest, AuthorizationInfo, RoResponse)
|
Oracle Application Server HTTPClient Java API Reference 10g Release 3 (10.1.3.1.0) B32117-01 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |