Package org.restlet.security

Class SecretVerifier

java.lang.Object

org.restlet.security.SecretVerifier

All Implemented Interfaces:

Verifier

Direct Known Subclasses:

LocalVerifier

public abstract class SecretVerifier
extends Object
implements Verifier

Verifier of identifier/secret couples. By default, it extracts the identifier and the secret from the ChallengeResponse. If the verification is successful, it automatically adds a new User for the given identifier.

Author:

Jerome Louvel

Field Summary

Fields inherited from interface org.restlet.security.Verifier

RESULT_INVALID, RESULT_MISSING, RESULT_STALE, RESULT_UNKNOWN, RESULT_UNSUPPORTED, RESULT_VALID

Constructor Summary

Constructors

Constructor	Description
SecretVerifier()

Method Summary

Modifier and Type	Method	Description
static boolean	compare(char[] secret1, char[] secret2)	Compares that two secrets are equal and not null.
protected User	createUser(String identifier, Request request, Response response)	Called back to create a new user when valid credentials are provided.
protected String	getIdentifier(Request request, Response response)	Returns the user identifier.
protected char[]	getSecret(Request request, Response response)	Returns the secret provided by the user.
abstract int	verify(String identifier, char[] secret)	Verifies that the identifier/secret couple is valid.
int	verify(Request request, Response response)	Verifies that the proposed secret is correct for the specified request.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SecretVerifier

public SecretVerifier()

Method Details

compare

public static boolean compare(char[] secret1,
 char[] secret2)

Compares that two secrets are equal and not null.

Parameters:

secret1 - The input secret.

secret2 - The output secret.

Returns:

True if both are equal.

createUser

protected User createUser(String identifier,
 Request request,
 Response response)

Called back to create a new user when valid credentials are provided.

Parameters:

identifier - The user identifier.

request - The request handled.

response - The response handled.

Returns:

The User instance created.

getIdentifier

protected String getIdentifier(Request request,
 Response response)

Returns the user identifier.

Parameters:

request - The request to inspect.

response - The response to inspect.

Returns:

The user identifier.

getSecret

protected char[] getSecret(Request request,
 Response response)

Returns the secret provided by the user.

Parameters:

request - The request to inspect.

response - The response to inspect.

Returns:

The secret provided by the user.

verify

public int verify(Request request,
 Response response)

Verifies that the proposed secret is correct for the specified request. By default, it compares the inputSecret of the request's authentication response with the one obtain by the ChallengeResponse.getSecret() method and sets the User instance of the request's ClientInfo if successful.

Specified by:

verify in interface Verifier

Parameters:

request - The request to inspect.

response - The response to inspect.

Returns:

Result of the verification based on the RESULT_* constants.

verify

public abstract int verify(String identifier,
 char[] secret)

Verifies that the identifier/secret couple is valid. It throws an IllegalArgumentException in case the identifier is either null or does not identify a user.

Parameters:

identifier - The user identifier to match.

secret - The provided secret to verify.

Returns:

Result of the verification based on the RESULT_* constants.