Package org.bluezoo.gumdrop.http

Class DefaultHTTPAuthenticationProvider

java.lang.Object
org.bluezoo.gumdrop.http.HTTPAuthenticationProvider
org.bluezoo.gumdrop.http.DefaultHTTPAuthenticationProvider
public class DefaultHTTPAuthenticationProvider extends HTTPAuthenticationProvider
An HTTPAuthenticationProvider that delegates to a Realm for credential verification.

This bridges the SASL/mail-protocol Realm abstraction to HTTP authentication, allowing the same realm configuration to be shared across SMTP, IMAP, POP3, FTP, and HTTP services.

The authentication method is chosen automatically based on what the realm supports:

Author:
Chris Burdess
See Also:

  • Constructor Details

    • DefaultHTTPAuthenticationProvider

      public DefaultHTTPAuthenticationProvider(Realm realm, String realmName)
      Creates a provider backed by the given realm.
      Parameters:
      realm - the authentication realm
      realmName - the realm name to include in HTTP challenges

    • DefaultHTTPAuthenticationProvider

      public DefaultHTTPAuthenticationProvider(Realm realm)
      Creates a provider backed by the given realm, using "gumdrop" as the default realm name.
      Parameters:
      realm - the authentication realm

  • Method Details

    • getAuthMethod

      protected String getAuthMethod()
      Description copied from class: HTTPAuthenticationProvider
      Gets the authentication method configured for this provider.

      The return value should be one of the standard authentication method constants from HttpServletRequest or HTTPAuthenticationMethods.

      Specified by:
      getAuthMethod in class HTTPAuthenticationProvider
      Returns:
      the authentication method (e.g., "BASIC", "DIGEST"), or null if none configured

    • getRealmName

      protected String getRealmName()
      Description copied from class: HTTPAuthenticationProvider
      Gets the realm name for this provider.

      The realm name is included in authentication challenges and is used to partition authentication spaces.

      Specified by:
      getRealmName in class HTTPAuthenticationProvider
      Returns:
      the realm name, or null if none configured

    • passwordMatch

      protected boolean passwordMatch(String realm, String username, String password)
      Description copied from class: HTTPAuthenticationProvider
      Verifies username and password credentials against the authentication realm.

      This method is called for Basic authentication and may also be used by other authentication mechanisms that require password verification.

      Specified by:
      passwordMatch in class HTTPAuthenticationProvider
      Parameters:
      realm - the realm name for credential lookup
      username - the username to verify
      password - the password to verify
      Returns:
      true if the credentials are valid, false otherwise

    • getDigestHA1

      protected String getDigestHA1(String realm, String username)
      Description copied from class: HTTPAuthenticationProvider
      Gets the precomputed H(A1) hash for Digest authentication.

      For Digest authentication, H(A1) = MD5(username:realm:password). Implementations may store this precomputed hash for security, avoiding the need to store plaintext passwords.

      Specified by:
      getDigestHA1 in class HTTPAuthenticationProvider
      Parameters:
      realm - the realm name
      username - the username
      Returns:
      the H(A1) hash as a lowercase hexadecimal string, or null if the user doesn't exist

    • validateBearerToken

      protected Realm.TokenValidationResult validateBearerToken(String token)
      Description copied from class: HTTPAuthenticationProvider
      Validates a Bearer token for token-based authentication.

      Called for Bearer authentication (RFC 6750). Implementations should verify the token's signature, expiration, and associated claims.

      Specified by:
      validateBearerToken in class HTTPAuthenticationProvider
      Parameters:
      token - the bearer token to validate
      Returns:
      a Realm.TokenValidationResult with validation outcome, or null if Bearer authentication is not supported

    • validateOAuthToken

      protected Realm.TokenValidationResult validateOAuthToken(String accessToken)
      Description copied from class: HTTPAuthenticationProvider
      Validates an OAuth 2.0 access token.

      Called for OAuth authentication (RFC 6749). Implementations should verify the token against the authorization server or introspection endpoint.

      Specified by:
      validateOAuthToken in class HTTPAuthenticationProvider
      Parameters:
      accessToken - the OAuth access token to validate
      Returns:
      a Realm.TokenValidationResult with validation outcome, or null if OAuth authentication is not supported

    • supportsDigestAuth

      protected boolean supportsDigestAuth()
      Description copied from class: HTTPAuthenticationProvider
      Checks if the underlying Realm supports HTTP Digest authentication.

      HTTP Digest authentication requires the Realm to provide the H(A1) hash via HTTPAuthenticationProvider.getDigestHA1(String, String). Some Realm implementations (e.g., LDAP with hashed passwords) cannot support this.

      The default implementation returns true, assuming Digest is supported. Subclasses should override this if they can determine whether the Realm actually supports Digest authentication.

      Overrides:
      supportsDigestAuth in class HTTPAuthenticationProvider
      Returns:
      true if Digest authentication is supported, false otherwise