Class: HTTPClient::ProxyAuth

Inherits:
AuthFilterBase show all
Defined in:
lib/httpclient/auth.rb

Overview

Authentication filter for handling authentication negotiation between Proxy server. Parses ‘Proxy-Authentication’ header in response and generates ‘Proxy-Authorization’ header in request.

Authentication filter is implemented using request filter of HTTPClient. It traps HTTP response header and maintains authentication state, and traps HTTP request header for inserting necessary authentication header.

ProxyAuth has sub filters (BasicAuth, NegotiateAuth, and SSPINegotiateAuth) and delegates some operations to it. NegotiateAuth requires ‘ruby/ntlm’ module. SSPINegotiateAuth requires ‘win32/sspi’ module.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeProxyAuth

Creates new ProxyAuth.



169
170
171
172
173
174
175
176
177
 
# File 'lib/httpclient/auth.rb', line 169

def initialize
  @basic_auth = ProxyBasicAuth.new
  @negotiate_auth = NegotiateAuth.new
  @ntlm_auth = NegotiateAuth.new('NTLM')
  @sspi_negotiate_auth = SSPINegotiateAuth.new
  @digest_auth = ProxyDigestAuth.new
  # sort authenticators by priority
  @authenticator = [@negotiate_auth, @ntlm_auth, @sspi_negotiate_auth, @digest_auth, @basic_auth]
end

Instance Attribute Details

#basic_authObject (readonly)

Returns the value of attribute basic_auth.



163
164
165
 
# File 'lib/httpclient/auth.rb', line 163

def basic_auth
  @basic_auth
end

#digest_authObject (readonly)

Returns the value of attribute digest_auth.



164
165
166
 
# File 'lib/httpclient/auth.rb', line 164

def digest_auth
  @digest_auth
end

#negotiate_authObject (readonly)

Returns the value of attribute negotiate_auth.



165
166
167
 
# File 'lib/httpclient/auth.rb', line 165

def negotiate_auth
  @negotiate_auth
end

#sspi_negotiate_authObject (readonly)

Returns the value of attribute sspi_negotiate_auth.



166
167
168
 
# File 'lib/httpclient/auth.rb', line 166

def sspi_negotiate_auth
  @sspi_negotiate_auth
end

Instance Method Details

#filter_request(req) ⇒ Object

Filter API implementation. Traps HTTP request and insert ‘Proxy-Authorization’ header if needed.



196
197
198
199
200
201
202
203
204
 
# File 'lib/httpclient/auth.rb', line 196

def filter_request(req)
  @authenticator.each do |auth|
    next unless auth.set? # hasn't be set, don't use it
    if cred = auth.get(req)
      req.header.set('Proxy-Authorization', auth.scheme + " " + cred)
      return
    end
  end
end

#filter_response(req, res) ⇒ Object

Filter API implementation. Traps HTTP response and parses ‘Proxy-Authenticate’ header.



208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
 
# File 'lib/httpclient/auth.rb', line 208

def filter_response(req, res)
  command = nil
  if res.status == HTTP::Status::PROXY_AUTHENTICATE_REQUIRED
    if challenge = parse_authentication_header(res, 'proxy-authenticate')
      uri = req.header.request_uri
      challenge.each do |scheme, param_str|
        @authenticator.each do |auth|
          next unless auth.set? # hasn't be set, don't use it
          if scheme.downcase == auth.scheme.downcase
            challengeable = auth.challenge(uri, param_str)
            command = :retry if challengeable
          end
        end
      end
      # ignore unknown authentication scheme
    end
  end
  command
end

#reset_challengeObject

Resets challenge state. See sub filters for more details.



180
181
182
183
184
 
# File 'lib/httpclient/auth.rb', line 180

def reset_challenge
  @authenticator.each do |auth|
    auth.reset_challenge
  end
end

#set_auth(user, passwd) ⇒ Object

Set authentication credential. See sub filters for more details.



187
188
189
190
191
192
 
# File 'lib/httpclient/auth.rb', line 187

def set_auth(user, passwd)
  @authenticator.each do |auth|
    auth.set(nil, user, passwd)
  end
  reset_challenge
end