Package io.milton.resource

Interface DigestResource

All Superinterfaces:

Resource

public interface DigestResource
extends Resource

Interface to support digest HTTP authentication.

This provides an authentication method compatible with digest. The key difference between this and Basic authentication is that the password is not available in the request. What is sent is a one way hash of several factors. To check the validity of a message, you must calculate the same one way hash on the server

Milton never requires a plain text password so the complete digest is passed on to the resource implementation. You may choose to store the plain text password , or you might choose to store a one hash of a subset of the digest auth factors for greater security.

Either way you SHOULD use the DigestGenerator class to calculate the hash

Method Summary

Modifier and Type	Method	Description
Object	authenticate(io.milton.http.http11.auth.DigestResponse digestRequest)	Check the given credentials, and return a relevant object if accepted.
boolean	isDigestAllowed()

Methods inherited from interface io.milton.resource.Resource

authenticate, authorise, checkRedirect, getModifiedDate, getName, getRealm, getUniqueId

Method Details

authenticate

Object authenticate(io.milton.http.http11.auth.DigestResponse digestRequest)

Check the given credentials, and return a relevant object if accepted. Returning null indicates credentials were not accpeted You SHOULD use com.bradmcevoy.http.http11.auth.DigestGenerator to implement digest calculation, and then compare that to the given request digest.

Parameters:

digestRequest - - the digest authentication information provided by the client

Returns:

- if credentials are accepted, some object to attach to the Auth object. otherwise null

isDigestAllowed

boolean isDigestAllowed()

Returns:

- true if this resource actually allows digest authentication.