Public Member Functions | Public Attributes

nsIHttpAuthenticator Interface Reference

nsIHttpAuthenticator More...

import "nsIHttpAuthenticator.idl";

List of all members.

Public Member Functions

void challengeReceived (in nsIHttpChannel aChannel, in string aChallenge, in boolean aProxyAuth, inout nsISupports aSessionState, inout nsISupports aContinuationState, out boolean aInvalidatesIdentity)
 Upon receipt of a server challenge, this function is called to determine whether or not the current user identity has been rejected.
string generateCredentials (in nsIHttpChannel aChannel, in string aChallenge, in boolean aProxyAuth, in wstring aDomain, in wstring aUser, in wstring aPassword, inout nsISupports aSessionState, inout nsISupports aContinuationState)
 Called to generate the authentication credentials for a particular server/proxy challenge.

Public Attributes

readonly attribute unsigned long authFlags
 Flags defining various properties of the authenticator.
const unsigned long REQUEST_BASED = (1<<0)
 A request based authentication scheme only authenticates an individual request (or a set of requests under the same authentication domain as defined by RFC 2617).
const unsigned long CONNECTION_BASED = (1<<1)
 A connection based authentication scheme authenticates an individual connection.
const unsigned long REUSABLE_CREDENTIALS = (1<<2)
 The credentials returned from generateCredentials may be reused with any other URLs within "the protection space" as defined by RFC 2617 section 1.2.
const unsigned long REUSABLE_CHALLENGE = (1<<3)
 A challenge may be reused to later generate credentials in anticipation of a duplicate server challenge for URLs within "the protection space" as defined by RFC 2617 section 1.2.
const unsigned long IDENTITY_IGNORED = (1<<10)
 This flag indicates that the identity of the user is not required by this authentication scheme.
const unsigned long IDENTITY_INCLUDES_DOMAIN = (1<<11)
 This flag indicates that the identity of the user includes a domain attribute that the user must supply.
const unsigned long IDENTITY_ENCRYPTED = (1<<12)
 This flag indicates that the identity will be sent encrypted.

Detailed Description

nsIHttpAuthenticator

Interface designed to allow for pluggable HTTP authentication modules. Implementations are registered under the ContractID:

"@mozilla.org/network/http-authenticator;1?scheme=<auth-scheme>"

where <auth-scheme> is the lower-cased value of the authentication scheme found in the server challenge per the rules of RFC 2617.


Member Function Documentation

void nsIHttpAuthenticator::challengeReceived ( in nsIHttpChannel  aChannel,
in string  aChallenge,
in boolean  aProxyAuth,
inout nsISupports  aSessionState,
inout nsISupports  aContinuationState,
out boolean  aInvalidatesIdentity 
)

Upon receipt of a server challenge, this function is called to determine whether or not the current user identity has been rejected.

If true, then the user will be prompted by the channel to enter (or revise) their identity. Following this, generateCredentials will be called.

If the IDENTITY_IGNORED auth flag is set, then the aInvalidateIdentity return value will be ignored, and user prompting will be suppressed.

Parameters:
aChannel the http channel that received the challenge.
aChallenge the challenge from the WWW-Authenticate/Proxy-Authenticate server response header. (possibly from the auth cache.)
aProxyAuth flag indicating whether or not aChallenge is from a proxy.
aSessionState see description below for generateCredentials.
aContinuationState see description below for generateCredentials.
aInvalidateIdentity return value indicating whether or not to prompt the user for a revised identity.
string nsIHttpAuthenticator::generateCredentials ( in nsIHttpChannel  aChannel,
in string  aChallenge,
in boolean  aProxyAuth,
in wstring  aDomain,
in wstring  aUser,
in wstring  aPassword,
inout nsISupports  aSessionState,
inout nsISupports  aContinuationState 
)

Called to generate the authentication credentials for a particular server/proxy challenge.

This is the value that will be sent back to the server via an Authorization/Proxy-Authorization header.

This function may be called using a cached challenge provided the authenticator sets the REUSABLE_CHALLENGE flag.

Parameters:
aChannel the http channel requesting credentials
aChallenge the challenge from the WWW-Authenticate/Proxy-Authenticate server response header. (possibly from the auth cache.)
aProxyAuth flag indicating whether or not aChallenge is from a proxy.
aDomain string containing the domain name (if appropriate)
aUser string containing the user name
aPassword string containing the password
aSessionState state stored along side the user's identity in the auth cache for the lifetime of the browser session. if a new auth cache entry is created for this challenge, then this parameter will be null. on return, the result will be stored in the new auth cache entry. this parameter is non-null when an auth cache entry is being reused.
aContinuationState state held by the channel between consecutive calls to generateCredentials, assuming multiple calls are required to authenticate. this state is held for at most the lifetime of the channel.

Member Data Documentation

readonly attribute unsigned long nsIHttpAuthenticator::authFlags

Flags defining various properties of the authenticator.

const unsigned long nsIHttpAuthenticator::CONNECTION_BASED = (1<<1)

A connection based authentication scheme authenticates an individual connection.

Multiple requests may be issued over the connection without repeating the authentication steps. Connection based authentication schemes can associate state with the connection being authenticated via the aContinuationState parameter (see generateCredentials).

const unsigned long nsIHttpAuthenticator::IDENTITY_ENCRYPTED = (1<<12)

This flag indicates that the identity will be sent encrypted.

It does not make sense to combine this flag with IDENTITY_IGNORED.

const unsigned long nsIHttpAuthenticator::IDENTITY_IGNORED = (1<<10)

This flag indicates that the identity of the user is not required by this authentication scheme.

const unsigned long nsIHttpAuthenticator::IDENTITY_INCLUDES_DOMAIN = (1<<11)

This flag indicates that the identity of the user includes a domain attribute that the user must supply.

const unsigned long nsIHttpAuthenticator::REQUEST_BASED = (1<<0)

A request based authentication scheme only authenticates an individual request (or a set of requests under the same authentication domain as defined by RFC 2617).

BASIC and DIGEST are request based authentication schemes.

const unsigned long nsIHttpAuthenticator::REUSABLE_CHALLENGE = (1<<3)

A challenge may be reused to later generate credentials in anticipation of a duplicate server challenge for URLs within "the protection space" as defined by RFC 2617 section 1.2.

const unsigned long nsIHttpAuthenticator::REUSABLE_CREDENTIALS = (1<<2)

The credentials returned from generateCredentials may be reused with any other URLs within "the protection space" as defined by RFC 2617 section 1.2.

If this flag is not set, then generateCredentials must be called for each request within the protection space. REUSABLE_CREDENTIALS implies REUSABLE_CHALLENGE.


The documentation for this interface was generated from the following file: