Class: HTTPClient::SSPINegotiateAuth
- Inherits:
-
Object
- Object
- HTTPClient::SSPINegotiateAuth
- Includes:
- Mutex_m
- Defined in:
- lib/httpclient/auth.rb
Overview
Authentication filter for handling Negotiate/NTLM negotiation. Used in ProxyAuth.
SSPINegotiateAuth depends on ‘win32/sspi’ module.
Instance Attribute Summary collapse
-
#scheme ⇒ Object
readonly
Authentication scheme.
Instance Method Summary collapse
-
#challenge(uri, param_str) ⇒ Object
Challenge handler: remember URL and challenge token for response.
-
#get(req) ⇒ Object
Response handler: returns credential.
-
#initialize ⇒ SSPINegotiateAuth
constructor
Creates new SSPINegotiateAuth filter.
-
#reset_challenge ⇒ Object
Resets challenge state.
-
#set(*args) ⇒ Object
Set authentication credential.
-
#set? ⇒ Boolean
Check always (not effective but it works).
Constructor Details
#initialize ⇒ SSPINegotiateAuth
Creates new SSPINegotiateAuth filter.
606 607 608 609 610 |
# File 'lib/httpclient/auth.rb', line 606 def initialize super @challenge = {} @scheme = "Negotiate" end |
Instance Attribute Details
#scheme ⇒ Object (readonly)
Authentication scheme.
603 604 605 |
# File 'lib/httpclient/auth.rb', line 603 def scheme @scheme end |
Instance Method Details
#challenge(uri, param_str) ⇒ Object
Challenge handler: remember URL and challenge token for response.
668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 |
# File 'lib/httpclient/auth.rb', line 668 def challenge(uri, param_str) synchronize { if param_str.nil? or @challenge[uri].nil? c = @challenge[uri] = {} c[:state] = :init c[:authenticator] = nil c[:authphrase] = "" else c = @challenge[uri] c[:state] = :response c[:authphrase] = param_str end true } end |
#get(req) ⇒ Object
Response handler: returns credential. See win32/sspi for negotiation state transition.
634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 |
# File 'lib/httpclient/auth.rb', line 634 def get(req) target_uri = req.header.request_uri synchronize { domain_uri, param = @challenge.find { |uri, v| Util.uri_part_of(target_uri, uri) } return nil unless param Util.try_require('win32/sspi') || Util.try_require('gssapi') || return state = param[:state] authenticator = param[:authenticator] authphrase = param[:authphrase] case state when :init if defined?(Win32::SSPI) authenticator = param[:authenticator] = Win32::SSPI::NegotiateAuth.new return authenticator.get_initial_token(@scheme) else # use GSSAPI authenticator = param[:authenticator] = GSSAPI::Simple.new(domain_uri.host, 'HTTP') # Base64 encode the context token return [authenticator.init_context].pack('m').gsub(/\n/,'') end when :response @challenge.delete(domain_uri) if defined?(Win32::SSPI) return authenticator.complete_authentication(authphrase) else # use GSSAPI return authenticator.init_context(authphrase.unpack('m').pop) end end nil } end |
#reset_challenge ⇒ Object
Resets challenge state. Do not send ‘*Authorization’ header until the server sends ‘*Authentication’ again.
614 615 616 617 618 |
# File 'lib/httpclient/auth.rb', line 614 def reset_challenge synchronize do @challenge.clear end end |
#set(*args) ⇒ Object
Set authentication credential. NOT SUPPORTED: username and necessary data is retrieved by win32/sspi. See win32/sspi for more details.
623 624 625 |
# File 'lib/httpclient/auth.rb', line 623 def set(*args) # not supported end |
#set? ⇒ Boolean
Check always (not effective but it works)
628 629 630 |
# File 'lib/httpclient/auth.rb', line 628 def set? !@challenge.empty? end |