Class DigestAuthExtractor
java.lang.Object
org.pac4j.http.credentials.extractor.DigestAuthExtractor
- All Implemented Interfaces:
org.pac4j.core.credentials.extractor.CredentialsExtractor
public class DigestAuthExtractor
extends Object
implements org.pac4j.core.credentials.extractor.CredentialsExtractor
To extract digest auth header.
- Since:
- 1.9.0
- Author:
- Mircea Carasel
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionOptional<org.pac4j.core.credentials.Credentials>
extract
(org.pac4j.core.context.WebContext context, org.pac4j.core.context.session.SessionStore sessionStore, org.pac4j.core.profile.factory.ProfileManagerFactory profileManagerFactory) Extracts digest Authorization header components.
-
Constructor Details
-
DigestAuthExtractor
public DigestAuthExtractor() -
DigestAuthExtractor
-
-
Method Details
-
extract
public Optional<org.pac4j.core.credentials.Credentials> extract(org.pac4j.core.context.WebContext context, org.pac4j.core.context.session.SessionStore sessionStore, org.pac4j.core.profile.factory.ProfileManagerFactory profileManagerFactory) Extracts digest Authorization header components. As per RFC 2617 : username is the user's name in the specified realm qop is quality of protection uri is the request uri response is the client response nonce is a server-specified data string which should be uniquely generated each time a 401 response is made cnonce is the client nonce nc is the nonce count If in the Authorization header it is not specified a username and response, we throw CredentialsException because the client uses an username and a password to authenticate. response is just a MD5 encoded value based on user provided password and RFC 2617 digest authentication encoding rules- Specified by:
extract
in interfaceorg.pac4j.core.credentials.extractor.CredentialsExtractor
- Parameters:
context
- the current web context- Returns:
- the Digest credentials
-