Package se.conciliate.extensions.net
Interface Authenticator
public interface Authenticator
Registered into OSGi to enable java.net.Authenticator-like capabilities. Multiple
authenticators will be polled in (undefined) sequence until one is found that
does not return empty.
- Author:
- Per-Erik
-
Method Summary
Modifier and TypeMethodDescriptionauthenticate(URL url, boolean isProxy, InetAddress site) Returns empty if this authenticator cannot authenticate with the given parameters.isTrustedSite(URL url) Decides if the given URL can be "single signed-on" with respect to NTLM.
-
Method Details
-
isTrustedSite
Decides if the given URL can be "single signed-on" with respect to NTLM.
Returns true to let NTLM challenges be handled transparently by the JVM (no user intervention, meaning the JVM will use the currently logged in user to authenticate IF the JVM is running on Windows).
Returns false to indicate that the URL is NOT a trusted site and should therefore NOT be handled transparently by the JVM. This means that (potentially) ALL Authenticator's authenticate method will be called to get a PasswordAuthentication for the given URL until ONE is found that does not return empty. That means that one Authenticator can deem a URL as untrusted (no single sign-on) and another Authenticator gets to handle the user interaction to get a PasswordAuthentication to use to authenticate throught NTLM.
Returns empty to indicate that this authenticator doesn't handle NTLM authentication requests (or doesn't handle NTLM to the given url).
NOTE: This method is only called if the JVM deems the the site trusted. If not, (potentially) all authenticators will be called in the same manner as described in the "false path" above.- Parameters:
url- The url to check.- Returns:
- See method description.
-
authenticate
Returns empty if this authenticator cannot authenticate with the given parameters. Otherwise a username/password pair is returned.
Note that this method has nothing to do with NTLM (contrary to what one may believe given the #isTrustedSite) per se. It is simply a way to show a UI to let a user input credentials and then return those credentials as a PasswordAuthentication object. The credentials MAY be used for NTLM challenges if that is how the site at "site" wants to authenticate AND #isTrustedSite has returned false for the given URL by at least ONE authenticator (or the system authenticator). In general, if you don't recognize the URL, return empty. Otherwise, you should know if the request to the given URL is concerning NTLM or not.- Parameters:
url- The URL that resulted in this request for authentication.isProxy- true if the requestor is a proxy, false otherwise.site- The InetAddress of the site requesting authorization, or null if not available.- Returns:
- See method description.
-