commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From adr...@apache.org
Subject cvs commit: jakarta-commons/httpclient/xdocs authentication.xml
Date Sat, 16 Aug 2003 00:09:38 GMT
adrian      2003/08/15 17:09:37

  Modified:    httpclient/src/java/org/apache/commons/httpclient Tag:
                        HTTPCLIENT_2_0_BRANCH NTLM.java NTCredentials.java
               httpclient/src/java/org/apache/commons/httpclient/auth Tag:
                        HTTPCLIENT_2_0_BRANCH NTLMScheme.java
               httpclient/xdocs Tag: HTTPCLIENT_2_0_BRANCH
                        authentication.xml
  Log:
  Removed auto-configuration of JCE and updated documentation relating to NTLM.
  
  PR: Bug 22073 and Bug 22424
  Reviewed by:	Oleg Kalnichevski and Michael Becke
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.12.2.1  +24 -39    jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/Attic/NTLM.java
  
  Index: NTLM.java
  ===================================================================
  RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/Attic/NTLM.java,v
  retrieving revision 1.12
  retrieving revision 1.12.2.1
  diff -u -r1.12 -r1.12.2.1
  --- NTLM.java	11 Feb 2003 03:41:14 -0000	1.12
  +++ NTLM.java	16 Aug 2003 00:09:37 -0000	1.12.2.1
  @@ -66,7 +66,6 @@
   import java.io.UnsupportedEncodingException;
   import java.security.InvalidKeyException;
   import java.security.NoSuchAlgorithmException;
  -import java.security.Security;
   
   import javax.crypto.BadPaddingException;
   import javax.crypto.Cipher;
  @@ -86,6 +85,12 @@
    * protocol is a proprietary Microsoft protocol and as such no RFC
    * exists for it.  This class is based upon the reverse engineering
    * efforts of a wide range of people.</p>
  + * 
  + * <p>Please note that an implementation of JCE must be correctly installed and configured
when
  + * using NTLM support.</p>
  + * 
  + * <p>This class should not be used externally to HttpClient as it's API is specifically
  + * designed to work with HttpClient's use case, in particular it's connection management.</p>
    *
    * @deprecated this class will be made package access for 2.0beta2
    *
  @@ -110,31 +115,6 @@
       /** Character encoding */
       public static final String DEFAULT_CHARSET = "ASCII";
   
  -    //Initialize the security provider
  -    static {
  -        //TODO: do not use System properties
  -        final String secProviderName 
  -            = System.getProperty("httpclient.security.provider",
  -                "com.sun.crypto.provider.SunJCE");
  -        try {
  -            java.security.Provider secProvider = (java.security.Provider)
  -                Class.forName(secProviderName).newInstance();
  -            Security.addProvider(secProvider);
  -        } catch (ClassNotFoundException e) {
  -            LOG.error("Specified security provider " + secProviderName 
  -                + " could not be found by the class loader", e);
  -        } catch (ClassCastException e) {
  -            LOG.error("Specified security provider " + secProviderName 
  -                + " is not of type java.security.Provider", e);
  -        } catch (InstantiationException e) {
  -            LOG.error("Specified security provider " + secProviderName 
  -                + " could not be instantiated", e);
  -        } catch (IllegalAccessException e) {
  -            LOG.error("Specified security provider " + secProviderName 
  -                + " does not allow access to the constructor", e);
  -        }
  -    }
  -
       /**
        * Returns the response for the given message.
        *
  @@ -280,10 +260,12 @@
       }
       
       /**
  -     * TODO: Figure out what this method really does.
  -     * @param host The host
  -     * @param domain The domain
  -     * @return String
  +     * Creates the first message (type 1 message) in the NTLM authentication sequence.
  +     * This message includes the user name, domain and host for the authentication session.
  +     * 
  +     * @param host the computer name of the host requesting authentication.
  +     * @param domain The domain to authenticate with.
  +     * @return String the message to add to the HTTP request header.
        */
       private String getType1Message(String host, String domain) {
           host = host.toUpperCase();
  @@ -372,11 +354,14 @@
       }
   
       /** 
  -     * Creates the type 3 message using the given server nonce.
  -     * @param user The user.
  +     * Creates the type 3 message using the given server nonce.  The type 3 message includes
all the
  +     * information for authentication, host, domain, username and the result of encrypting
the
  +     * nonce sent by the server using the user's password as the key.
  +     * 
  +     * @param user The user name.  This should not include the domain name.
        * @param password The password.
  -     * @param host The host.
  -     * @param domain The domain.
  +     * @param host The host that is originating the authentication request.
  +     * @param domain The domain to authenticate within.
        * @param nonce the 8 byte array the server sent.
        * @return The type 3 message.
        * @throws HttpException If {@encrypt(byte[],byte[])} fails.
  @@ -585,7 +570,7 @@
       /** 
        * Converts a given number to a two byte array in little endian order.
        * @param num the number to convert.
  -     * @return The new array.
  +     * @return The byte representation of <i>num</i> in little endian order.
        */
       private byte[] convertShort(int num) {
           byte[] val = new byte[2];
  
  
  
  1.6.2.1   +19 -18    jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/NTCredentials.java
  
  Index: NTCredentials.java
  ===================================================================
  RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/NTCredentials.java,v
  retrieving revision 1.6
  retrieving revision 1.6.2.1
  diff -u -r1.6 -r1.6.2.1
  --- NTCredentials.java	30 Jan 2003 05:01:54 -0000	1.6
  +++ NTCredentials.java	16 Aug 2003 00:09:37 -0000	1.6.2.1
  @@ -63,8 +63,8 @@
   
   package org.apache.commons.httpclient;
   
  -/**
  - * <p>Username and password {@link Credentials}.</p>
  +/** {@link Credentials} for use with the NTLM authentication scheme which requires additional
  + * information.
    *
    * @author <a href="mailto:adrian@ephox.com">Adrian Sutton</a>
    * @author <a href="mailto:mbowler@GargoyleSoftware.com">Mike Bowler</a>
  @@ -77,10 +77,10 @@
   
       // ----------------------------------------------------- Instance Variables
   
  -    /** The Domain.  */
  +    /** The Domain to authenticate with.  */
       private String domain;
   
  -    /** The Host.  */
  +    /** The host the authentication request is originating from.  */
       private String host;
   
   
  @@ -95,10 +95,12 @@
   
       /**
        * Constructor.
  -     * @param userName The user name.
  +     * @param userName The user name.  This should not include the domain to authenticate
with.
  +     * For example: "user" is correct whereas "DOMAIN\\user" is not.
        * @param password The password.
  -     * @param host The host.
  -     * @param domain The domain.
  +     * @param host The host the authentication request is originating from.  Essentially,
the
  +     * computer name for this machine.
  +     * @param domain The domain to authenticate within.
        */
       public NTCredentials(String userName, String password, String host,
               String domain) {
  @@ -110,7 +112,7 @@
   
   
       /**
  -     * Domain property setter.
  +     * Sets the domain to authenticate with.
        *
        * @param domain the NT domain to authenticate in.
        * 
  @@ -122,9 +124,9 @@
       }
   
       /**
  -     * Domain property getter.
  +     * Retrieves the name to authenticate with.
        *
  -     * @return String domain
  +     * @return String the domain these credentials are intended to authenticate with.
        * 
        * @see #setDomain(String)
        * 
  @@ -133,8 +135,7 @@
           return domain;
       }
   
  -    /**
  -     * Host property setter.
  +    /** Sets the host name of the computer originating the request.
        *
        * @param host the Host the user is logged into.
        */
  @@ -143,9 +144,9 @@
       }
   
       /**
  -     * Host property getter.
  +     * Retrieves the host name of the computer originating the request.
        *
  -     * @return String host.
  +     * @return String the host the user is logged into.
        */
       public String getHost() {
           return this.host;
  
  
  
  No                   revision
  No                   revision
  1.6.2.2   +10 -8     jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/NTLMScheme.java
  
  Index: NTLMScheme.java
  ===================================================================
  RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/NTLMScheme.java,v
  retrieving revision 1.6.2.1
  retrieving revision 1.6.2.2
  diff -u -r1.6.2.1 -r1.6.2.2
  --- NTLMScheme.java	13 Aug 2003 19:58:14 -0000	1.6.2.1
  +++ NTLMScheme.java	16 Aug 2003 00:09:37 -0000	1.6.2.2
  @@ -70,10 +70,9 @@
   import org.apache.commons.logging.Log;
   import org.apache.commons.logging.LogFactory;
   
  -/**
  - * <p>
  - * Microsoft proprietary NTLM authentication scheme.
  - * </p>
  +/** An implementation of the Microsoft proprietary NTLM authentication scheme.  For a detailed
  + * explanation of the NTLM scheme please see <a href="http://davenport.sourceforge.net/ntlm.html">
  + * http://davenport.sourceforge.net/ntlm.html</a>.
    * 
    * @author <a href="mailto:remm@apache.org">Remy Maucherat</a>
    * @author Rodney Waldhoff
  @@ -156,7 +155,10 @@
       
   
       /**
  -     * Returns authentication parameter with the given name, if available.
  +     * Returns the authentication parameter with the given name, if available.
  +     * 
  +     * <p>There are no valid parameters for NTLM authentication so this method always
returns
  +     * <tt>null</tt>.</p>
        * 
        * @param name The name of the parameter to be returned
        * 
  
  
  
  No                   revision
  No                   revision
  1.5.2.2   +12 -3     jakarta-commons/httpclient/xdocs/authentication.xml
  
  Index: authentication.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-commons/httpclient/xdocs/authentication.xml,v
  retrieving revision 1.5.2.1
  retrieving revision 1.5.2.2
  diff -u -r1.5.2.1 -r1.5.2.2
  --- authentication.xml	14 Aug 2003 09:08:50 -0000	1.5.2.1
  +++ authentication.xml	16 Aug 2003 00:09:37 -0000	1.5.2.2
  @@ -159,9 +159,18 @@
     <section name="Troubleshooting">
         <p>Some authentication schemes may use cryptographic algorithms. It is recommended
to include the
            <a href="http://java.sun.com/products/jce/" target="_blank">Java Cryptography
Extension</a> in
  -         your runtime environment prior to JDK 1.4.
  -        
  +         your runtime environment prior to JDK 1.4.  Also note that you must register the
JCE
  +         implementation manually as HttpClient will not do so automatically.  For instance
to
  +         register the Sun JCE implementation, you should execute the following code before
attempting
  +         to use HttpClient.
         </p>
  +
  +	  <source>
  +String secProviderName = "com.sun.crypto.provider.SunJCE");
  +java.security.Provider secProvider = 
  +    (java.security.Provider)Class.forName(secProviderName).newInstance();
  +Security.addProvider(secProvider);
  +	  </source>
     </section>
     </body>
   
  
  
  

Mime
View raw message