Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpcomponents Wiki" for change notification.
The following page has been changed by OlegKalnichevski: http://wiki.apache.org/HttpComponents/HttpClientTutorial ------------------------------------------------------------------------------ = HTTP authentication = + HttpClient provides full support for authentication schemes defined by the HTTP standard specification. HttpClient's authentication framework can also be extended to support non-standard authentication schemes such as NTLM and SPNEGO. + == User credentials == - Basic username / password. NTLM credentials. Credentials providers. Credentials store. + Any process sof user authentication requires a set of credentials that can be used to establish user identity. In the simplest form user crednetials can be just a user name / password pair. UsernamePasswordCredentials represents a set of credentials consisting of a security principal and a password in clear text. This implementation is sufficient for standard authentication schemes defined by the HTTP standard specification. + {{{ + UsernamePasswordCredentials creds = new UsernamePasswordCredentials("user", "pwd"); + System.out.println(creds.getUserPrincipal().getName()); + System.out.println(creds.getPassword()); + }}} + + stdout> + {{{ + user + pwd + }}} + + NTCredentials is a Microsoft Windows specific implementation that includes in addition to the user name / password pair a set of additional Windows specific attributes such as the name of the user domain, as in Microsoft Windows network the same user can belong to multiple domains with a different set of authorizations. + + {{{ + NTCredentials creds = new NTCredentials("user", "pwd", "workstation", "domain"); + System.out.println(creds.getUserPrincipal().getName()); + System.out.println(creds.getPassword()); + }}} + + stdout> + {{{ + DOMAIN/user + pwd + }}} + == Authentication schemes == + The AuthScheme interface represents an abstract challenge-response oriented authentication scheme. An authentication scheme is expected to support the following functions: - === Basic === - - Well, basic authetication. Suits best TLS/SSL encrypted communication. + * Parse and process the challenge sent by the target server in response to request for a protected resource. + + * Provide properties of the processed challenge: the authentication scheme type and its parameters, such the realm this authentication scheme is applicable to, if avaialble - === Digest === - - Digest authetication. More secure than Basic. - - === NTLM authentication === - - Windows platform specific. Believed to be more secure than Digest. Supported only partially - through an external engine (JCIFS). - + + * Generate authorization string for the given set of credentials and the HTTP request in response to the actual authorization challenge. + + Please note authentication schemes may be stateful involving a series of challenge-response exchanges. + + HttpClient ships with several AuthScheme implementations: + + * '''Basic''': Basic authentication scheme as defined in RFC 2617. This authentication scheme is insecure, as the credentials are transmitted in clear text. Despite its insecurity Basic authentication scheme is perfectly adequate if used in combination with the TLS/SSL encryption. + + * '''Digest''': Digest authentication scheme as defined in RFC 2617. Digest authentication scheme is considered more secure than Basic and can be a good choice for those applications that do not want the overhead of full transport security through TLS/SSL encryption. + + * '''NTLM authentication''': NTLM is a proprietary authentication scheme developed by Microsoft and optimized for Windows platforms. NTLM is believed to be more secure than Digest. This scheme is supported only partially and requires an external NTLM engine. For details please refer to the NTLM_SUPPORT.txt document included with HttpClient distributions. + + == HTTP authentication parameters == + + These are parameters that be used to customize HTTP authentication process and behaviour of individual authentication schemes: + + * '''http.auth.credential-charset''': Defines the charset to be used when encoding user credentials. This parameter expects a value of type java.lang.String. + + == Authentication scheme registry == + + HttpClient maintains a registry of available authentication scheme using AuthSchemeRegistry class. The following schemes are registered per default: + + * '''Basic''': Basic authentication scheme. + + * '''Digest''': Digest authentication scheme. + + NTLM scheme is not registered per default. + == Choosing authetication policy == HTTP client level authetication policy can be overriden on the HTTP request level if required. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
