Class BasicAuthenticator

java.lang.Object
com.sun.net.httpserver.Authenticator
com.sun.net.httpserver.BasicAuthenticator

public abstract class BasicAuthenticator extends Authenticator
BasicAuthenticator provides an implementation of HTTP Basic authentication. It is an abstract class and must be extended to provide an implementation of checkCredentials(String,String) which is called to verify each incoming request.
Since:
1.6
  • Nested Class Summary

    Nested classes/interfaces declared in class Authenticator

    Authenticator.Failure, Authenticator.Result, Authenticator.Retry, Authenticator.Success
    Modifier and Type
    Class
    Description
    static class 
    Indicates an authentication failure.
    static class 
    Base class for return type from Authenticator.authenticate(HttpExchange) method.
    static class 
    Indicates an authentication must be retried.
    static class 
    Indicates an authentication has succeeded and the authenticated user principal can be acquired by calling Authenticator.Success.getPrincipal().
  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected final String
    The HTTP Basic authentication realm.
  • Constructor Summary

    Constructors
    Constructor
    Description
    Creates a BasicAuthenticator for the given HTTP realm.
    Creates a BasicAuthenticator for the given HTTP realm and using the given Charset to decode the Basic authentication credentials (username and password).
  • Method Summary

    Modifier and Type
    Method
    Description
    Called to authenticate each incoming request.
    abstract boolean
    checkCredentials(String username, String password)
    Called for each incoming request to verify the given name and password in the context of this authenticator's realm.
    Returns the realm this BasicAuthenticator was created with.

    Methods declared in class Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    Modifier and Type
    Method
    Description
    protected Object
    Creates and returns a copy of this object.
    boolean
    Indicates whether some other object is "equal to" this one.
    protected void
    Deprecated, for removal: This API element is subject to removal in a future version.
    Finalization is deprecated and subject to removal in a future release.
    final Class<?>
    Returns the runtime class of this Object.
    int
    Returns a hash code value for this object.
    final void
    Wakes up a single thread that is waiting on this object's monitor.
    final void
    Wakes up all threads that are waiting on this object's monitor.
    Returns a string representation of the object.
    final void
    Causes the current thread to wait until it is awakened, typically by being notified or interrupted.
    final void
    wait(long timeoutMillis)
    Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
    final void
    wait(long timeoutMillis, int nanos)
    Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
  • Field Details

    • realm

      protected final String realm
      The HTTP Basic authentication realm.
  • Constructor Details

    • BasicAuthenticator

      public BasicAuthenticator(String realm)
      Creates a BasicAuthenticator for the given HTTP realm. The Basic authentication credentials (username and password) are decoded using the platform's default character set.
      API Note:
      The value of the realm parameter will be embedded in a quoted string.
      Parameters:
      realm - the HTTP Basic authentication realm
      Throws:
      NullPointerException - if realm is null
      IllegalArgumentException - if realm is an empty string or is not correctly quoted, as specified in RFC 7230 section-3.2. Note, any \ character used for quoting must itself be quoted in source code.
    • BasicAuthenticator

      public BasicAuthenticator(String realm, Charset charset)
      Creates a BasicAuthenticator for the given HTTP realm and using the given Charset to decode the Basic authentication credentials (username and password).
      API Note:
      UTF-8 is the recommended charset because its usage is communicated to the client, and therefore more likely to be used also by the client.

      The value of the realm parameter will be embedded in a quoted string.

      Parameters:
      realm - the HTTP Basic authentication realm
      charset - the Charset to decode incoming credentials from the client
      Throws:
      NullPointerException - if realm or charset are null
      IllegalArgumentException - if realm is an empty string or is not correctly quoted, as specified in RFC 7230 section-3.2. Note, any \ character used for quoting must itself be quoted in source code.
      Since:
      14
  • Method Details

    • getRealm

      public String getRealm()
      Returns the realm this BasicAuthenticator was created with.
      Returns:
      the authenticator's realm string
    • authenticate

      public Authenticator.Result authenticate(HttpExchange t)
      Description copied from class: Authenticator
      Called to authenticate each incoming request. The implementation must return a Authenticator.Failure, Authenticator.Success or Authenticator.Retry object as appropriate:
      • Failure means the authentication has completed, but has failed due to invalid credentials.
      • Success means that the authentication has succeeded, and a Principal object representing the user can be retrieved by calling Authenticator.Success.getPrincipal().
      • Retry means that another HTTP exchange is required. Any response headers needing to be sent back to the client are set in the given HttpExchange. The response code to be returned must be provided in the Retry object. Retry may occur multiple times.
      Specified by:
      authenticate in class Authenticator
      Parameters:
      t - the HttpExchange upon which authenticate is called
      Returns:
      the result
    • checkCredentials

      public abstract boolean checkCredentials(String username, String password)
      Called for each incoming request to verify the given name and password in the context of this authenticator's realm. Any caching of credentials must be done by the implementation of this method.
      Parameters:
      username - the username from the request
      password - the password from the request
      Returns:
      true if the credentials are valid, false otherwise