1. /*

  2.  * @(#)Authenticator.java	1.27 03/01/23

  3.  *

  4.  * Copyright 2003 Sun Microsystems, Inc. All rights reserved.

  5.  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.

  6.  */

  7. 

  8. package java.net;

  9. 

  10. /**

  11.  * The class Authenticator represents an object that knows how to obtain

  12.  * authentication for a network connection.  Usually, it will do this

  13.  * by prompting the user for information.

  14.  * <p>

  15.  * Applications use this class by creating a subclass, and registering

  16.  * an instance of that subclass with the system with setDefault().

  17.  * When authentication is required, the system will invoke a method

  18.  * on the subclass (like getPasswordAuthentication).  The subclass's

  19.  * method can query about the authentication being requested with a

  20.  * number of inherited methods (getRequestingXXX()), and form an

  21.  * appropriate message for the user.

  22.  * <p>

  23.  * All methods that request authentication have a default implementation

  24.  * that fails.

  25.  *

  26.  * @see java.net.Authenticator#setDefault(java.net.Authenticator)

  27.  * @see java.net.Authenticator#getPasswordAuthentication()

  28.  *

  29.  * @author  Bill Foote

  30.  * @version 1.27, 01/23/03

  31.  * @since   1.2

  32.  */

  33. 

  34. // There are no abstract methods, but to be useful the user must

  35. // subclass.

  36. public abstract 

  37. class Authenticator {

  38. 

  39.     // The system-wide authenticator object.  See setDefault().

  40.     private static Authenticator theAuthenticator;

  41. 

  42.     private String requestingHost;

  43.     private InetAddress requestingSite;

  44.     private int requestingPort;

  45.     private String requestingProtocol;

  46.     private String requestingPrompt;

  47.     private String requestingScheme;

  48. 

  49.     private void reset() {

  50. 	requestingHost = null;

  51. 	requestingSite = null;

  52. 	requestingPort = -1;

  53. 	requestingProtocol = null;

  54. 	requestingPrompt = null;

  55. 	requestingScheme = null;

  56.     }

  57. 

  58. 

  59.     /**

  60.      * Sets the authenticator that will be used by the networking code

  61.      * when a proxy or an HTTP server asks for authentication.

  62.      * <p>

  63.      * First, if there is a security manager, its <code>checkPermission</code> 

  64.      * method is called with a 

  65.      * <code>NetPermission("setDefaultAuthenticator")</code> permission.

  66.      * This may result in a java.lang.SecurityException. 

  67.      *

  68.      * @param	a	The authenticator to be set. If a is <code>null</code> then

  69.      *			any previously set authenticator is removed.

  70.      *

  71.      * @throws SecurityException

  72.      *        if a security manager exists and its 

  73.      *        <code>checkPermission</code> method doesn't allow 

  74.      *        setting the default authenticator.

  75.      *

  76.      * @see SecurityManager#checkPermission

  77.      * @see java.net.NetPermission

  78.      */

  79.     public synchronized static void setDefault(Authenticator a) {

  80. 	SecurityManager sm = System.getSecurityManager();

  81. 	if (sm != null) {

  82. 	    NetPermission setDefaultPermission

  83. 		= new NetPermission("setDefaultAuthenticator");

  84. 	    sm.checkPermission(setDefaultPermission);

  85. 	}

  86. 

  87. 	theAuthenticator = a;

  88.     }

  89. 

  90.     /**

  91.      * Ask the authenticator that has been registered with the system

  92.      * for a password.

  93.      * <p>

  94.      * First, if there is a security manager, its <code>checkPermission</code> 

  95.      * method is called with a 

  96.      * <code>NetPermission("requestPasswordAuthentication")</code> permission.

  97.      * This may result in a java.lang.SecurityException. 

  98.      *

  99.      * @param addr The InetAddress of the site requesting authorization,

  100.      *             or null if not known.

  101.      * @param port the port for the requested connection

  102.      * @param protocol The protocol that's requesting the connection

  103.      *          ({@link java.net.Authenticator#getRequestingProtocol()})

  104.      * @param prompt A prompt string for the user

  105.      * @param scheme The authentication scheme

  106.      *

  107.      * @return The username/password, or null if one can't be gotten.

  108.      *

  109.      * @throws SecurityException

  110.      *        if a security manager exists and its 

  111.      *        <code>checkPermission</code> method doesn't allow 

  112.      *        the password authentication request.

  113.      *

  114.      * @see SecurityManager#checkPermission

  115.      * @see java.net.NetPermission

  116.      */

  117.     public static PasswordAuthentication requestPasswordAuthentication(

  118. 					    InetAddress addr,

  119. 					    int port,

  120. 					    String protocol,

  121. 					    String prompt,

  122. 					    String scheme) {

  123. 

  124. 	SecurityManager sm = System.getSecurityManager();

  125. 	if (sm != null) {

  126. 	    NetPermission requestPermission

  127. 		= new NetPermission("requestPasswordAuthentication");

  128. 	    sm.checkPermission(requestPermission);

  129. 	}

  130. 

  131. 	Authenticator a = theAuthenticator;

  132. 	if (a == null) {

  133. 	    return null;

  134. 	} else {

  135. 	    synchronized(a) {

  136. 		a.reset();

  137. 		a.requestingSite = addr;

  138. 		a.requestingPort = port;

  139. 		a.requestingProtocol = protocol;

  140. 		a.requestingPrompt = prompt;

  141. 		a.requestingScheme = scheme;

  142. 		return a.getPasswordAuthentication();

  143. 	    }

  144. 	}

  145.     }

  146. 

  147.     /**

  148.      * Ask the authenticator that has been registered with the system

  149.      * for a password. This is the preferred method for requesting a password

  150.      * because the hostname can be provided in cases where the InetAddress

  151.      * is not available.

  152.      * <p>

  153.      * First, if there is a security manager, its <code>checkPermission</code> 

  154.      * method is called with a 

  155.      * <code>NetPermission("requestPasswordAuthentication")</code> permission.

  156.      * This may result in a java.lang.SecurityException. 

  157.      *

  158.      * @param host The hostname of the site requesting authentication.

  159.      * @param addr The InetAddress of the site requesting authentication,

  160.      *             or null if not known. 

  161.      * @param port the port for the requested connection.

  162.      * @param protocol The protocol that's requesting the connection

  163.      *          ({@link java.net.Authenticator#getRequestingProtocol()})

  164.      * @param prompt A prompt string for the user which identifies the authentication realm.

  165.      * @param scheme The authentication scheme

  166.      *

  167.      * @return The username/password, or null if one can't be gotten.

  168.      *

  169.      * @throws SecurityException

  170.      *        if a security manager exists and its 

  171.      *        <code>checkPermission</code> method doesn't allow 

  172.      *        the password authentication request.

  173.      *

  174.      * @see SecurityManager#checkPermission

  175.      * @see java.net.NetPermission

  176.      * @since 1.4

  177.      */

  178.     public static PasswordAuthentication requestPasswordAuthentication(

  179. 					    String host,

  180. 					    InetAddress addr,

  181. 					    int port,

  182. 					    String protocol,

  183. 					    String prompt,

  184. 					    String scheme) {

  185. 

  186. 	SecurityManager sm = System.getSecurityManager();

  187. 	if (sm != null) {

  188. 	    NetPermission requestPermission

  189. 		= new NetPermission("requestPasswordAuthentication");

  190. 	    sm.checkPermission(requestPermission);

  191. 	}

  192. 

  193. 	Authenticator a = theAuthenticator;

  194. 	if (a == null) {

  195. 	    return null;

  196. 	} else {

  197. 	    synchronized(a) {

  198. 		a.reset();

  199. 		a.requestingHost = host;

  200. 		a.requestingSite = addr;

  201. 		a.requestingPort = port;

  202. 		a.requestingProtocol = protocol;

  203. 		a.requestingPrompt = prompt;

  204. 		a.requestingScheme = scheme;

  205. 		return a.getPasswordAuthentication();

  206. 	    }

  207. 	}

  208.     }

  209. 

  210.     /**

  211.      * Gets the <code>hostname</code> of the

  212.      * site or proxy requesting authentication, or <code>null</code>

  213.      * if not available.

  214.      * 

  215.      * @return the hostname of the connection requiring authentication, or null

  216.      *		if it's not available.

  217.      * @since 1.4

  218.      */

  219.     protected final String getRequestingHost() {

  220. 	return requestingHost;

  221.     }

  222. 

  223.     /**

  224.      * Gets the <code>InetAddress</code> of the

  225.      * site requesting authorization, or <code>null</code>

  226.      * if not available.

  227.      * 

  228.      * @return the InetAddress of the site requesting authorization, or null

  229.      *		if it's not available.

  230.      */

  231.     protected final InetAddress getRequestingSite() {

  232. 	return requestingSite;

  233.     }

  234. 

  235.     /**

  236.      * Gets the port number for the requested connection.

  237.      * @return an <code>int</code> indicating the 

  238.      * port for the requested connection.

  239.      */

  240.     protected final int getRequestingPort() {

  241. 	return requestingPort;

  242.     }

  243. 

  244.     /**

  245.      * Give the protocol that's requesting the connection.  Often this

  246.      * will be based on a URL, but in a future SDK it could be, for

  247.      * example, "SOCKS" for a password-protected SOCKS5 firewall.

  248.      *

  249.      * @return the protcol, optionally followed by "/version", where

  250.      *		version is a version number.

  251.      *

  252.      * @see java.net.URL#getProtocol()

  253.      */

  254.     protected final String getRequestingProtocol() {

  255. 	return requestingProtocol;

  256.     }

  257. 

  258.     /**

  259.      * Gets the prompt string given by the requestor.

  260.      *

  261.      * @return the prompt string given by the requestor (realm for

  262.      *		http requests)

  263.      */

  264.     protected final String getRequestingPrompt() {

  265. 	return requestingPrompt;

  266.     }

  267. 

  268.     /**

  269.      * Gets the scheme of the requestor (the HTTP scheme

  270.      * for an HTTP firewall, for example).

  271.      *

  272.      * @return the scheme of the requestor

  273.      *	      

  274.      */

  275.     protected final String getRequestingScheme() {

  276. 	return requestingScheme;

  277.     }

  278. 

  279.     /**

  280.      * Called when password authorization is needed.  Subclasses should

  281.      * override the default implementation, which returns null.

  282.      * @return The PasswordAuthentication collected from the

  283.      *		user, or null if none is provided.

  284.      */

  285.     protected PasswordAuthentication getPasswordAuthentication() {

  286. 	return null;

  287.     }

  288. 

  289. }

  290. 

  291. 

  292. 

  293. 

  294. 

  295.