class HTTPClient::ProxyAuth

Authentication filter for handling authentication negotiation between Proxy server. Parses 'Proxy-Authentication' header in response and generates 'Proxy-Authorization' header in request.

Authentication filter is implemented using request filter of HTTPClient. It traps HTTP response header and maintains authentication state, and traps HTTP request header for inserting necessary authentication header.

ProxyAuth has sub filters (BasicAuth, NegotiateAuth, and SSPINegotiateAuth) and delegates some operations to it. NegotiateAuth requires 'ruby/ntlm' module. SSPINegotiateAuth requires 'win32/sspi' module.

Attributes

basic_auth[R]
digest_auth[R]
negotiate_auth[R]
sspi_negotiate_auth[R]

Public Class Methods

new() click to toggle source

Creates new ProxyAuth.

# File lib/httpclient/auth.rb, line 158
def initialize
  @basic_auth = ProxyBasicAuth.new
  @negotiate_auth = NegotiateAuth.new
  @ntlm_auth = NegotiateAuth.new('NTLM')
  @sspi_negotiate_auth = SSPINegotiateAuth.new
  @digest_auth = ProxyDigestAuth.new
  # sort authenticators by priority
  @authenticator = [@negotiate_auth, @ntlm_auth, @sspi_negotiate_auth, @digest_auth, @basic_auth]
end

Public Instance Methods

filter_request(req) click to toggle source

Filter API implementation. Traps HTTP request and insert 'Proxy-Authorization' header if needed.

# File lib/httpclient/auth.rb, line 185
def filter_request(req)
  @authenticator.each do |auth|
    next unless auth.set? # hasn't be set, don't use it
    if cred = auth.get(req)
      if cred == :skip
        # some authenticator (NTLM and Negotiate) does not
        # need to send extra header after authorization. In such case
        # it should block other authenticators to respond and :skip is
        # the marker for such case.
        return
      end
      req.header.set('Proxy-Authorization', auth.scheme + " " + cred)
      return
    end
  end
end
filter_response(req, res) click to toggle source

Filter API implementation. Traps HTTP response and parses 'Proxy-Authenticate' header.

# File lib/httpclient/auth.rb, line 204
def filter_response(req, res)
  command = nil
  if res.status == HTTP::Status::PROXY_AUTHENTICATE_REQUIRED
    if challenge = parse_authentication_header(res, 'proxy-authenticate')
      uri = req.header.request_uri
      challenge.each do |scheme, param_str|
        @authenticator.each do |auth|
          next unless auth.set? # hasn't be set, don't use it
          if scheme.downcase == auth.scheme.downcase
            challengeable = auth.challenge(uri, param_str)
            command = :retry if challengeable
          end
        end
      end
      # ignore unknown authentication scheme
    end
  end
  command
end
reset_challenge() click to toggle source

Resets challenge state. See sub filters for more details.

# File lib/httpclient/auth.rb, line 169
def reset_challenge
  @authenticator.each do |auth|
    auth.reset_challenge
  end
end
set_auth(user, passwd) click to toggle source

Set authentication credential. See sub filters for more details.

# File lib/httpclient/auth.rb, line 176
def set_auth(user, passwd)
  @authenticator.each do |auth|
    auth.set(nil, user, passwd)
  end
  reset_challenge
end