eXept Software AG Logo

Smalltalk/X Webserver

Documentation of class 'Authentication::Authenticator':

Home

Documentation
www.exept.de
Everywhere
for:
 [back]

Class: Authenticator (in Authentication)

Inheritance:

   Object
   |
   +--Authentication::Authenticator
      |
      +--Authentication::BasicAuthenticator
      |
      +--Authentication::DigestAuthenticator
Package:
stx:goodies/authentication
Category:
Net-Authentication
Version:
rev: 1.8 date: 2021/01/20 12:56:01
user: cg
file: Authentication__Authenticator.st directory: goodies/authentication
module: stx stc-classLibrary: authentication

Description:


This is an abstract superclass.
Authenticators implement the protocol to authenticate a user.
They generate challenges and check the returned credentials.


[instance variables:]

[class variables:]


copyright
COPYRIGHT (c) 2006 by eXept Software AG
             All Rights Reserved

This software is furnished under a license and may be used
only in accordance with the terms of that license and with the
inclusion of the above copyright notice.   This software may not
be provided or otherwise made available to, or used by, any
other person.  No title to or ownership of the software is
hereby transferred.

Class protocol:

instance creation
o  authenticatorNamed: authenticatorName
get the authenticator name for 'Basic', 'Digest', ...
- if the authenticatorName is unknown, raise an error.

Usage example(s): 

      self authenticatorNamed:#Basic
      self authenticatorNamed:#Digest
      self authenticatorNamed:#blaFasel

protocol
o  authenticateForResponse: aResponseString resolveUserVia: aOneArgBlock
authenticate using aResponseString.
Resolve users via aOneArgBlock that gets the username as argument.
Raise an exception, it authentication fails.
Answer the authenticator containing the authentication parameters

Usage example(s): 

      self authenticateForResponse:'Basic abcdefgh==' resolveUserVia:[:userName ]

o  generateChallengeForRealm: aRealmString
generate a challenge for a client

** This method must be redefined in concrete classes (subclassResponsibility) **

o  initializeFromResponse: aResponseString
create and initialize an authenticator using aResponseString.
Answer the authenticator containing the authentication parameters

Usage example(s): 

      self initializeFromResponse:'Basic abcdefgh=='

o  newAuthenticationDataFor: user secret: aSecretString
answer the authentication data used by this authenticator

queries
o  authenticatorClassNamed: authenticatorName
get the authenticator class for a
mechanism name name like 'Basic', 'Digest', ...
or raise an error

Usage example(s): 

      self authenticatorClassNamed:#Basic
      self authenticatorClassNamed:#Digest
      self authenticatorClassNamed:#blaFasel

o  isAbstract
Return if this class is an abstract class.
True is returned here for myself only; false for subclasses.
Abstract subclasses must redefine this again.

o  knownAuthenticators
answer the authenticator classes, we know

o  mechanismName
answer the name of the mechanism as known in the protocols

** This method must be redefined in concrete classes (subclassResponsibility) **

Instance protocol:

protocol
o  authenticateWithUserResolver: aOneArgBlock
authenticate - resolve the username via aOneArgBlock

** This method must be redefined in concrete classes (subclassResponsibility) **

o  bodyData: aStringOrByteArary
pass the body data.
some authenticators need this (Digest with qop=auth-int)

o  generateStaleChallenge
generate a challenge for a client.
This is sent when the credentials are stale, i.e. the user has already
supplied valid username/password and will not be asked again.

Not all Authenticators support stale challenges

** This method must be redefined in concrete classes (subclassResponsibility) **

o  initializeWith: aString
inititialize the authentiaction parameters from aString

** This method must be redefined in concrete classes (subclassResponsibility) **

o  requestMethod: methodString
pass the request method (like 'GET', 'POST', ...).
some authenticators need this

queries
o  isValidUri: uriString
answer true if the authenticator is valid for the URI in uriString

o  mechanismName

testing
o  isBasic

o  isDigest

Examples:


    |authenticationData|

    authenticationData := Authentication::BasicAuthenticator 
                                newAuthenticationDataFor:nil secret:'passwort'.

    authenticationData storeOn:Transcript. Transcript cr.

    'exception is raised if wrong passwort'.    
    Authentication::BasicAuthenticator new
                        secret:'passwort';
                        authenticateWith:authenticationData

    |authenticationData|

    authenticationData := Authentication::DigestAuthenticator 
                                newAuthenticationDataFor:'testUser:testRealm' secret:'passwort'.
    authenticationData storeOn:Transcript. Transcript cr.

    authenticationData inspect.

ST/X 7.7.0.0; WebServer 1.702 at 20f6060372b9.unknown:8081; Mon, 18 Nov 2024 04:37:15 GMT