AuthenticationHeader

Class Overview

This class is used to parse the information in WWW-Authenticate: and Proxy-Authenticate: headers. It searches among multiple header lines and within each header line for the best currently supported scheme. It can also return a HeaderParser containing the challenge data for that particular scheme. Some examples: WWW-Authenticate: Basic realm="foo" Digest realm="bar" NTLM Note the realm parameter must be associated with the particular scheme. or WWW-Authenticate: Basic realm="foo" WWW-Authenticate: Digest realm="foo",qop="auth",nonce="thisisanunlikelynonce" WWW-Authenticate: NTLM or WWW-Authenticate: Basic realm="foo" WWW-Authenticate: NTLM ASKAJK9893289889QWQIOIONMNMN The last example shows how NTLM breaks the rules of rfc2617 for the structure of the authentication header. This is the reason why the raw header field is used for ntlm. At present, the class chooses schemes in following order : 1. Negotiate (if supported) 2. Kerberos (if supported) 3. Digest 4. NTLM (if supported) 5. Basic This choice can be modified by setting a system property: -Dhttp.auth.preference="scheme" which in this case, specifies that "scheme" should be used as the auth scheme when offered disregarding the default prioritisation. If scheme is not offered then the default priority is used. Attention: when http.auth.preference is set as SPNEGO or Kerberos, it's actually "Negotiate with SPNEGO" or "Negotiate with Kerberos", which means the user will prefer the Negotiate scheme with GSS/SPNEGO or GSS/Kerberos mechanism. This also means that the real "Kerberos" scheme can never be set as a preference.

Summary

[Expand] Inherited Methods

From class java.lang.Object Object clone() Creates and returns a copy of this object. boolean equals(Object obj) Indicates whether some other object is "equal to" this one. void finalize() Called by the garbage collector on an object when garbage collection determines that there are no more references to the object. final Class<?> getClass() Returns the runtime class of this Object. int hashCode() Returns a hash code value for the object. final void notify() Wakes up a single thread that is waiting on this object's monitor. final void notifyAll() Wakes up all threads that are waiting on this object's monitor. String toString() Returns a string representation of the object. final void wait() Causes the current thread to wait until another thread invokes the notify() method or the notifyAll() method for this object. final void wait(long timeout, int nanos) Causes the current thread to wait until another thread invokes the notify() method or the notifyAll() method for this object, or some other thread interrupts the current thread, or a certain amount of real time has elapsed. final void wait(long timeout) Causes the current thread to wait until either another thread invokes the notify() method or the notifyAll() method for this object, or a specified amount of time has elapsed.