/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* AuthenticationInfo: Encapsulate the information needed to
* authenticate a user to a server.
*
* @author Jon Payne
* @author Herb Jellinek
* @author Bill Foote
*/
// REMIND: It would be nice if this class understood about partial matching.
// If you're authorized for foo.com, chances are high you're also
// authorized for baz.foo.com.
// NB: When this gets implemented, be careful about the uncaching
// policy in HttpURLConnection. A failure on baz.foo.com shouldn't
// uncache foo.com!
// Constants saying what kind of authroization this is. This determines
// the namespace in the hash table lookup.
/**
* repeatedly, via the Authenticator. Default is false, which means that this
* behavior is switched off.
*/
static boolean serializeAuth;
static {
"http.auth.serializeRequests")).booleanValue();
}
/* AuthCacheValue: */
return pw;
}
return type == SERVER_AUTHENTICATION ?
}
return authScheme;
}
return host;
}
public int getPort() {
return port;
}
return realm;
}
return path;
}
return protocol;
}
/**
* requests is used to ensure that interaction with the
* Authenticator for a particular realm is single threaded.
* ie. if multiple threads need to get credentials from the user
* at the same time, then all but the first will block until
* the first completes its authentication.
*/
/* check if a request for this destination is in progress
* return false immediately if not. Otherwise block until
* request is finished and return true
*/
if (!serializeAuth) {
/* behavior is disabled. Revert to concurrent requests */
return false;
}
synchronized (requests) {
Thread t, c;
c = Thread.currentThread();
return false;
}
if (t == c) {
return false;
}
try {
} catch (InterruptedException e) {}
}
}
/* entry may be in cache now. */
return true;
}
/* signal completion of an authentication (whether it succeeded or not)
* so that other threads can continue.
*/
synchronized (requests) {
assert waspresent;
}
}
}
//public String toString () {
//return ("{"+type+":"+authScheme+":"+protocol+":"+host+":"+port+":"+realm+":"+path+"}");
//}
// REMIND: This cache just grows forever. We should put in a bounded
// cache, or maybe something using WeakRef's.
char type;
* logically separate for the two protocols. This field is only used
* when constructed with a URL (the normal case for server authentication)
* For proxy authentication the protocol is not relevant.
*/
/** The host we're authenticating against. */
/** The port on the host we're authenticating against. */
int port;
/** The realm we're authenticating against. */
/** The shortest path from the URL we authenticated against. */
/** Use this constructor only for proxy entries */
this.authScheme = authScheme;
this.protocol = "";
}
try {
return super.clone ();
} catch (CloneNotSupportedException e) {
// Cannot happen because Cloneable implemented by AuthenticationInfo
return null;
}
}
/*
* Constructor used to limit the authorization to the path within
* the URL. Use this constructor for origin server entries.
*/
this.authScheme = authScheme;
if (this.port == -1) {
}
else {
}
}
/*
* reduce the path to the root of where we think the
* authorization begins. This could get shorter as
* the url is traversed up following a successful challenge.
*/
if (sepIndex != -1)
if (sepIndex < targetSuffixIndex)
else
return urlPath;
else
return urlPath;
}
/**
* Returns info for the URL, for an HTTP server auth. Used when we
* don't yet know the realm
* (i.e. when we're preemptively setting the auth).
*/
if (port == -1) {
}
}
/**
* Returns info for the URL, for an HTTP server auth. Used when we
* do know the realm (i.e. when we're responding to a challenge).
* In this case we do not use the path because the protection space
* is identified by the host:port:realm only
*/
if (port == -1) {
}
return key;
}
/* check the cache again, it might contain an entry */
}
return cached;
}
/**
* Return the AuthenticationInfo object from the cache if it's path is
* a substring of the supplied URLs path.
*/
} else {
}
}
/**
* for preemptive header-setting. Note, the protocol field is always
* blank for proxies.
*/
return result;
}
/**
* Used in response to a challenge. Note, the protocol field is always
* blank for proxies.
*/
return key;
}
/* check the cache again, it might contain an entry */
}
return cached;
}
/**
* Add this authentication to the cache
*/
void addToCache() {
if (supportsPreemptiveAuthorization()) {
}
}
if (!serializeAuth) {
return;
}
synchronized (requests) {
}
}
/**
* Remove this authentication from the cache
*/
void removeFromCache() {
if (supportsPreemptiveAuthorization()) {
}
}
/**
* @return true if this authentication supports preemptive authorization
*/
public abstract boolean supportsPreemptiveAuthorization();
/**
* @return the name of the HTTP header this authentication wants set.
* This is used for preemptive authorization.
*/
if (type == SERVER_AUTHENTICATION) {
return "Authorization";
} else {
return "Proxy-authorization";
}
}
/**
* Calculates and returns the authentication header value based
* on the stored authentication parameters. If the calculation does not depend
* on the URL or the request method then these parameters are ignored.
* @param url The URL
* @param method The request method
* @return the value of the HTTP header this authentication wants set.
* Used for preemptive authorization.
*/
/**
* Set header(s) on the given connection. Subclasses must override
* This will only be called for
* definitive (i.e. non-preemptive) authorization.
* @param conn The connection to apply the header(s) to
* @param p A source of header values for this connection, if needed.
* @param raw The raw header field (if needed)
* @return true if all goes well, false if no headers were set.
*/
/**
* Check if the header indicates that the current auth. parameters are stale.
* If so, then replace the relevant field with the new value
* and return true. Otherwise return false.
* returning false means we have to go back to the user to ask for a new
* username password.
*/
/**
* Give a key for hash table lookups.
* @param includeRealm if you want the realm considered. Preemptively
* setting an authorization is done before the realm is known.
*/
// This must be kept in sync with the getXXXAuth() methods in this
// class.
if (includeRealm) {
} else {
}
}
throws IOException, ClassNotFoundException
{
s.defaultReadObject ();
}
throws IOException
{
s.defaultWriteObject ();
}
}