Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.idoox.security.httpdigest
Interface AuthorizationStructure

public interface AuthorizationStructure

Authorization structure contains all information in request's http headers that are related to Http Digest Authentication. For more details see http://www.ietf.org/rfc/rfc2617.txt.

Component:
Security-Core

Method Summary
 java.lang.String getAlgorithm()
          Gets digest algorithm.
 java.lang.String getCnonce()
          Gets client nonce.
 java.lang.String getCreated()
          Gets time of the digest creation.
 java.lang.String getMethod()
          Gets request method.
 java.lang.String getNc()
          Gets nonce count.
 java.lang.String getNonce()
          Gets server nonce.
 java.lang.String getOpaque()
          Gets opaque.
 java.lang.String getQop()
          Gets quality of protection string.
 java.lang.String getRealm()
          Gets server realm.
 java.lang.String getResponse()
          Gets digest response.
 java.lang.String getUri()
          Gets server uri.
 java.lang.String getUsername()
          Gets the name of the user.
 

Method Detail

getUsername

public java.lang.String getUsername()
Gets the name of the user. The user's name in the specified realm.

Returns:
name of the user

getRealm

public java.lang.String getRealm()
Gets server realm. A string to be displayed to users so they know which username and password to use.

Returns:
server realm

getNonce

public java.lang.String getNonce()
Gets server nonce. A server-specified data string which should be uniquely generated each time a 401 response is made. It is recommended that this string be base64 or hexadecimal data. Specifically, since the string is passed in the header lines as a quoted string, the double-quote character is not allowed.

Returns:
server nonce

getUri

public java.lang.String getUri()
Gets server uri. The URI from Request-URI of the Request-Line.

Returns:
server uri

getResponse

public java.lang.String getResponse()
Gets digest response. A string of 32 hex digits, which proves that the user knows a password.

Returns:
digest response

getAlgorithm

public java.lang.String getAlgorithm()
Gets digest algorithm. A string indicating a pair of algorithms used to produce the digest and a checksum. If this is not present it is assumed to be "MD5". If the algorithm is not understood, the challenge should be ignored (and a different one used, if there is more than one).

Returns:
digest algorithm

getCnonce

public java.lang.String getCnonce()
Gets client nonce. This MUST be specified if a qop directive is sent (see above), and MUST NOT be specified if the server did not send a qop directive in the WWW-Authenticate header field. The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, to provide mutual authentication, and to provide some message integrity protection. See the descriptions below of the calculation of the response- digest and request-digest values.

Returns:
client nonce

getOpaque

public java.lang.String getOpaque()
Gets opaque. A string of data, specified by the server, which should be returned by the client unchanged in the Authorization header of subsequent requests with URIs in the same protection space. It is recommended that this string be base64 or hexadecimal data.

Returns:
opaque

getQop

public java.lang.String getQop()
Gets quality of protection string. Indicates what "quality of protection" the client has applied to the message. If present, its value MUST be one of the alternatives the server indicated it supports in the WWW-Authenticate header. These values affect the computation of the request-digest. Note that this is a single token, not a quoted list of alternatives as in WWW- Authenticate. This directive is optional in order to preserve backward compatibility with a minimal implementation of RFC 2069 [6], but SHOULD be used if the server indicated that qop is supported by providing a qop directive in the WWW-Authenticate header field.

Returns:
quality of protection string

getNc

public java.lang.String getNc()
Gets nonce count. This MUST be specified if a qop directive is sent (see above), and MUST NOT be specified if the server did not send a qop directive in the WWW-Authenticate header field. The nc-value is the hexadecimal count of the number of requests (including the current request) that the client has sent with the nonce value in this request. For example, in the first request sent in response to a given nonce value, the client sends "nc=00000001". The purpose of this directive is to allow the server to detect request replays by maintaining its own copy of this count - if the same nc-value is seen twice, then the request is a replay. See the description below of the construction of the request-digest value.

Returns:
nonce count.

getMethod

public java.lang.String getMethod()
Gets request method. Http method, such "GET", "POST" etc.

Returns:
request method

getCreated

public java.lang.String getCreated()
Gets time of the digest creation. This field is not defined by RFC2617, but it is used as extensibility element for digest based authentication schemes.

Returns:
a timestamp value
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD