nsIHttpAuthenticator

IID:0f331436-8bc8-4c68-a124-d0253a19d06f
Inherits From:nsISupports

Interface designed to allow for pluggable HTTP authentication modules. Implementations are registered under the ContractID:

"@mozilla.org/network/http-authenticator;1?scheme="

Where is the lower-cased value of the authentication scheme found in the server challenge per the rules of RFC 2617.

This interface is implemented by the following components:


Constants

A request based authentication scheme only authenticates an individual request (or a set of requests under the same authentication domain as defined by RFC 2617). BASIC and DIGEST are request based authentication schemes.
PRUint32 REQUEST_BASED = 1
A connection based authentication scheme authenticates an individual connection. Multiple requests may be issued over the connection without repeating the authentication steps. Connection based authentication schemes can associate state with the connection being authenticated via the aContinuationState parameter (see generateCredentials).
PRUint32 CONNECTION_BASED = 2
The credentials returned from generateCredentials may be reused with any other URLs within "the protection space" as defined by RFC 2617 section 1.2. If this flag is not set, then generateCredentials must be called for each request within the protection space. REUSABLE_CREDENTIALS implies REUSABLE_CHALLENGE.
PRUint32 REUSABLE_CREDENTIALS = 4
A challenge may be reused to later generate credentials in anticipation of a duplicate server challenge for URLs within "the protection space" as defined by RFC 2617 section 1.2.
PRUint32 REUSABLE_CHALLENGE = 8
This flag indicates that the identity of the user is not required by this authentication scheme.
PRUint32 IDENTITY_IGNORED = 1024
This flag indicates that the identity of the user includes a domain attribute that the user must supply.
PRUint32 IDENTITY_INCLUDES_DOMAIN = 2048

Properties

readonly PRUint32 authFlags

Flags defining various properties of the authenticator.


Methods

void challengeReceived ( nsIHttpChannel channel , char* challenge , PRBool proxyAuth , inout nsISupports sessionState , inout nsISupports continuationState , out PRBool invalidatesIdentity ) char* generateCredentials ( nsIHttpChannel channel , char* challenge , PRBool proxyAuth , PRUnichar* domain , PRUnichar* user , PRUnichar* password , inout nsISupports sessionState , inout nsISupports continuationState )

void challengeReceived ( nsIHttpChannel channel , char* challenge , PRBool proxyAuth , inout nsISupports sessionState , inout nsISupports continuationState , out PRBool invalidatesIdentity )

Upon receipt of a server challenge, this function is called to determine whether or not the current user identity has been rejected. If true, then the user will be prompted by the channel to enter (or revise) their identity. Following this, generateCredentials will be called.

If the IDENTITY_IGNORED auth flag is set, then the invalidateIdentity return value will be ignored, and user prompting will be suppressed.

Arguments:
channel: the http channel that received the challenge.
challenge: the challenge from the WWW-Authenticate/Proxy-Authenticate server response header. (possibly from the auth cache.)
proxyAuth: flag indicating whether or not challenge is from a proxy.
sessionState: see description below for generateCredentials.
continuationState: see description below for generateCredentials.
invalidatesIdentity

char* generateCredentials ( nsIHttpChannel channel , char* challenge , PRBool proxyAuth , PRUnichar* domain , PRUnichar* user , PRUnichar* password , inout nsISupports sessionState , inout nsISupports continuationState )

Called to generate the authentication credentials for a particular server/proxy challenge. This is the value that will be sent back to the server via an Authorization/Proxy-Authorization header.

This function may be called using a cached challenge provided the authenticator sets the REUSABLE_CHALLENGE flag.

Arguments:
channel: the http channel requesting credentials
challenge: the challenge from the WWW-Authenticate/Proxy-Authenticate server response header. (possibly from the auth cache.)
proxyAuth: flag indicating whether or not challenge is from a proxy.
domain: string containing the domain name (if appropriate)
user: string containing the user name
password: string containing the password
sessionState: state stored along side the user's identity in the auth cache for the lifetime of the browser session. if a new auth cache entry is created for this challenge, then this parameter will be null. on return, the result will be stored in the new auth cache entry. this parameter is non-null when an auth cache entry is being reused.
continuationState: state held by the channel between consecutive calls to generateCredentials, assuming multiple calls are required to authenticate. this state is held for at most the lifetime of the channel.

Reference documentation is generated from Mozilla's source.

Add a note User Contributed Notes
No comments available

Copyright © 1999 - 2005 XULPlanet.com