org.restlet.security
Class SecretVerifier

java.lang.Object
  extended by org.restlet.security.SecretVerifier
All Implemented Interfaces:
Verifier
Direct Known Subclasses:
LocalVerifier

public abstract class SecretVerifier
extends Object
implements Verifier

Verifier of identifier/secret couples. By default, it extracts the identifier and the secret from the ChallengeResponse. If the verification is successful, it automatically adds a new User for the given identifier.

Author:
Jerome Louvel

Field Summary
 
Fields inherited from interface org.restlet.security.Verifier
RESULT_INVALID, RESULT_MISSING, RESULT_STALE, RESULT_UNKNOWN, RESULT_UNSUPPORTED, RESULT_VALID
 
Constructor Summary
SecretVerifier()
           
 
Method Summary
static boolean compare(char[] secret1, char[] secret2)
          Compares that two secrets are equal and not null.
protected  User createUser(String identifier)
          Deprecated.  
protected  User createUser(String identifier, Request request, Response response)
          Called back to create a new user when valid credentials are provided.
protected  String getIdentifier(Request request, Response response)
          Returns the user identifier.
protected  char[] getSecret(Request request, Response response)
          Returns the secret provided by the user.
 int verify(Request request, Response response)
          Verifies that the proposed secret is correct for the specified request.
abstract  int verify(String identifier, char[] secret)
          Verifies that the identifier/secret couple is valid.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SecretVerifier

public SecretVerifier()
Method Detail

compare

public static boolean compare(char[] secret1,
                              char[] secret2)
Compares that two secrets are equal and not null.

Parameters:
secret1 - The input secret.
secret2 - The output secret.
Returns:
True if both are equal.

createUser

protected User createUser(String identifier,
                          Request request,
                          Response response)
Called back to create a new user when valid credentials are provided.

Parameters:
identifier - The user identifier.
request - The request handled.
response - The response handled.
Returns:
The User instance created.

createUser

@Deprecated
protected User createUser(String identifier)
Deprecated. 

Called back to create a new user when valid credentials are provided.

Parameters:
identifier - The user identifier.
Returns:
The User instance created.

getIdentifier

protected String getIdentifier(Request request,
                               Response response)
Returns the user identifier.

Parameters:
request - The request to inspect.
response - The response to inspect.
Returns:
The user identifier.

getSecret

protected char[] getSecret(Request request,
                           Response response)
Returns the secret provided by the user.

Parameters:
request - The request to inspect.
response - The response to inspect.
Returns:
The secret provided by the user.

verify

public int verify(Request request,
                  Response response)
Verifies that the proposed secret is correct for the specified request. By default, it compares the inputSecret of the request's authentication response with the one obtain by the ChallengeResponse.getSecret() method and sets the User instance of the request's ClientInfo if successful.

Specified by:
verify in interface Verifier
Parameters:
request - The request to inspect.
response - The response to inspect.
Returns:
Result of the verification based on the RESULT_* constants.

verify

public abstract int verify(String identifier,
                           char[] secret)
Verifies that the identifier/secret couple is valid. It throws an IllegalArgumentException in case the identifier is either null or does not identify a user.

Parameters:
identifier - The user identifier to match.
secret - The provided secret to verify.
Returns:
Result of the verification based on the RESULT_* constants.


Copyright © 2005-2013 Restlet.