class HTTPClient::WWWAuth
Authentication filter for handling authentication negotiation between Web server. Parses 'WWW-Authentication' header in response and generates 'Authorization' header in request.
Authentication filter is implemented using request filter of HTTPClient. It traps HTTP response header and maintains authentication state, and traps HTTP request header for inserting necessary authentication header.
WWWAuth has sub filters (BasicAuth, DigestAuth, NegotiateAuth and SSPINegotiateAuth) and delegates some operations to it. NegotiateAuth requires 'ruby/ntlm' module (rubyntlm gem). SSPINegotiateAuth requires 'win32/sspi' module (rubysspi gem).
Attributes
Public Class Methods
Creates new WWWAuth.
# File lib/httpclient/auth.rb, line 66 def initialize @basic_auth = BasicAuth.new @digest_auth = DigestAuth.new @negotiate_auth = NegotiateAuth.new @ntlm_auth = NegotiateAuth.new('NTLM') @sspi_negotiate_auth = SSPINegotiateAuth.new @oauth = OAuth.new # sort authenticators by priority @authenticator = [@oauth, @negotiate_auth, @ntlm_auth, @sspi_negotiate_auth, @digest_auth, @basic_auth] end
Public Instance Methods
Filter API implementation. Traps HTTP request and insert 'Authorization' header if needed.
# File lib/httpclient/auth.rb, line 94 def filter_request(req) @authenticator.each do |auth| next unless auth.set? # hasn't be set, don't use it if cred = auth.get(req) if cred == :skip # some authenticator (NTLM and Negotiate) does not # need to send extra header after authorization. In such case # it should block other authenticators to respond and :skip is # the marker for such case. return end req.header.set('Authorization', auth.scheme + " " + cred) return end end end
Filter API implementation. Traps HTTP response and parses 'WWW-Authenticate' header.
This remembers the challenges for all authentication methods available to the client. On the subsequent retry of the request, #filter_request will select the strongest method.
# File lib/httpclient/auth.rb, line 117 def filter_response(req, res) command = nil if res.status == HTTP::Status::UNAUTHORIZED if challenge = parse_authentication_header(res, 'www-authenticate') uri = req.header.request_uri challenge.each do |scheme, param_str| @authenticator.each do |auth| next unless auth.set? # hasn't be set, don't use it if scheme.downcase == auth.scheme.downcase challengeable = auth.challenge(uri, param_str) command = :retry if challengeable end end end # ignore unknown authentication scheme end end command end
Resets challenge state. See sub filters for more details.
# File lib/httpclient/auth.rb, line 78 def reset_challenge @authenticator.each do |auth| auth.reset_challenge end end
Set authentication credential. See sub filters for more details.
# File lib/httpclient/auth.rb, line 85 def set_auth(uri, user, passwd) @authenticator.each do |auth| auth.set(uri, user, passwd) end reset_challenge end