Class: HTTPClient::WWWAuth
- Inherits:
-
AuthFilterBase
- Object
- AuthFilterBase
- HTTPClient::WWWAuth
- Defined in:
- lib/httpclient/auth.rb
Overview
Authentication filter for handling authentication negotiation between Web server. Parses ‘WWW-Authentication’ header in response and generates ‘Authorization’ header in request.
Authentication filter is implemented using request filter of HTTPClient. It traps HTTP response header and maintains authentication state, and traps HTTP request header for inserting necessary authentication header.
WWWAuth has sub filters (BasicAuth, DigestAuth, NegotiateAuth and SSPINegotiateAuth) and delegates some operations to it. NegotiateAuth requires ‘ruby/ntlm’ module (rubyntlm gem). SSPINegotiateAuth requires ‘win32/sspi’ module (rubysspi gem).
Instance Attribute Summary collapse
-
#basic_auth ⇒ Object
readonly
Returns the value of attribute basic_auth.
-
#digest_auth ⇒ Object
readonly
Returns the value of attribute digest_auth.
-
#negotiate_auth ⇒ Object
readonly
Returns the value of attribute negotiate_auth.
-
#oauth ⇒ Object
readonly
Returns the value of attribute oauth.
-
#sspi_negotiate_auth ⇒ Object
readonly
Returns the value of attribute sspi_negotiate_auth.
Instance Method Summary collapse
-
#filter_request(req) ⇒ Object
Filter API implementation.
-
#filter_response(req, res) ⇒ Object
Filter API implementation.
-
#initialize ⇒ WWWAuth
constructor
Creates new WWWAuth.
-
#reset_challenge ⇒ Object
Resets challenge state.
-
#set_auth(uri, user, passwd) ⇒ Object
Set authentication credential.
Constructor Details
#initialize ⇒ WWWAuth
Creates new WWWAuth.
66 67 68 69 70 71 72 73 74 75 |
# File 'lib/httpclient/auth.rb', line 66 def initialize @basic_auth = BasicAuth.new @digest_auth = DigestAuth.new @negotiate_auth = NegotiateAuth.new @ntlm_auth = NegotiateAuth.new('NTLM') @sspi_negotiate_auth = SSPINegotiateAuth.new @oauth = OAuth.new # sort authenticators by priority @authenticator = [@oauth, @negotiate_auth, @ntlm_auth, @sspi_negotiate_auth, @digest_auth, @basic_auth] end |
Instance Attribute Details
#basic_auth ⇒ Object (readonly)
Returns the value of attribute basic_auth.
59 60 61 |
# File 'lib/httpclient/auth.rb', line 59 def basic_auth @basic_auth end |
#digest_auth ⇒ Object (readonly)
Returns the value of attribute digest_auth.
60 61 62 |
# File 'lib/httpclient/auth.rb', line 60 def digest_auth @digest_auth end |
#negotiate_auth ⇒ Object (readonly)
Returns the value of attribute negotiate_auth.
61 62 63 |
# File 'lib/httpclient/auth.rb', line 61 def negotiate_auth @negotiate_auth end |
#oauth ⇒ Object (readonly)
Returns the value of attribute oauth.
63 64 65 |
# File 'lib/httpclient/auth.rb', line 63 def oauth @oauth end |
#sspi_negotiate_auth ⇒ Object (readonly)
Returns the value of attribute sspi_negotiate_auth.
62 63 64 |
# File 'lib/httpclient/auth.rb', line 62 def sspi_negotiate_auth @sspi_negotiate_auth end |
Instance Method Details
#filter_request(req) ⇒ Object
Filter API implementation. Traps HTTP request and insert ‘Authorization’ header if needed.
94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
# File 'lib/httpclient/auth.rb', line 94 def filter_request(req) @authenticator.each do |auth| next unless auth.set? # hasn't be set, don't use it if cred = auth.get(req) if cred == :skip # some authenticator (NTLM and Negotiate) does not # need to send extra header after authorization. In such case # it should block other authenticators to respond and :skip is # the marker for such case. return end req.header.set('Authorization', auth.scheme + " " + cred) return end end end |
#filter_response(req, res) ⇒ Object
Filter API implementation. Traps HTTP response and parses ‘WWW-Authenticate’ header.
This remembers the challenges for all authentication methods available to the client. On the subsequent retry of the request, filter_request will select the strongest method.
117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 |
# File 'lib/httpclient/auth.rb', line 117 def filter_response(req, res) command = nil if res.status == HTTP::Status::UNAUTHORIZED if challenge = parse_authentication_header(res, 'www-authenticate') uri = req.header.request_uri challenge.each do |scheme, param_str| @authenticator.each do |auth| next unless auth.set? # hasn't be set, don't use it if scheme.downcase == auth.scheme.downcase challengeable = auth.challenge(uri, param_str) command = :retry if challengeable end end end # ignore unknown authentication scheme end end command end |
#reset_challenge ⇒ Object
Resets challenge state. See sub filters for more details.
78 79 80 81 82 |
# File 'lib/httpclient/auth.rb', line 78 def reset_challenge @authenticator.each do |auth| auth.reset_challenge end end |
#set_auth(uri, user, passwd) ⇒ Object
Set authentication credential. See sub filters for more details.
85 86 87 88 89 90 |
# File 'lib/httpclient/auth.rb', line 85 def set_auth(uri, user, passwd) @authenticator.each do |auth| auth.set(uri, user, passwd) end reset_challenge end |