In Files
Parent
Methods
Included Modules
Class/Module Index
![[+]](../../images/find.png "show/hide quicksearch")
- WEBrick
- WEBrick::AccessLog
- WEBrick::AccessLog::AccessLogError
- WEBrick::BasicLog
- WEBrick::CGI
- WEBrick::CGI::Socket
- WEBrick::Config
- WEBrick::Cookie
- WEBrick::Daemon
- WEBrick::FakeProxyURI
- WEBrick::GenericServer
- WEBrick::HTMLUtils
- WEBrick::HTTPAuth
- WEBrick::HTTPAuth::Authenticator
- WEBrick::HTTPAuth::BasicAuth
- WEBrick::HTTPAuth::DigestAuth
- WEBrick::HTTPAuth::Htdigest
- WEBrick::HTTPAuth::Htgroup
- WEBrick::HTTPAuth::Htpasswd
- WEBrick::HTTPAuth::ProxyAuthenticator
- WEBrick::HTTPAuth::ProxyBasicAuth
- WEBrick::HTTPAuth::ProxyDigestAuth
- WEBrick::HTTPAuth::UserDB
- WEBrick::HTTPProxyServer
- WEBrick::HTTPRequest
- WEBrick::HTTPResponse
- WEBrick::HTTPServer
- WEBrick::HTTPServer::MountTable
- WEBrick::HTTPServerError
- WEBrick::HTTPServlet
- WEBrick::HTTPServlet::AbstractServlet
- WEBrick::HTTPServlet::CGIHandler
- WEBrick::HTTPServlet::DefaultFileHandler
- WEBrick::HTTPServlet::ERBHandler
- WEBrick::HTTPServlet::FileHandler
- WEBrick::HTTPServlet::HTTPServletError
- WEBrick::HTTPServlet::ProcHandler
- WEBrick::HTTPStatus
- WEBrick::HTTPStatus::ClientError
- WEBrick::HTTPStatus::EOFError
- WEBrick::HTTPStatus::Error
- WEBrick::HTTPStatus::Info
- WEBrick::HTTPStatus::Redirect
- WEBrick::HTTPStatus::ServerError
- WEBrick::HTTPStatus::Status
- WEBrick::HTTPStatus::Success
- WEBrick::HTTPUtils
- WEBrick::HTTPUtils::FormData
- WEBrick::HTTPVersion
- WEBrick::Log
- WEBrick::NullReader
- WEBrick::ServerError
- WEBrick::SimpleServer
- WEBrick::Utils
- WEBrick::Utils::TimeoutHandler
- Errno
- Errno::ECONNABORTED
- Errno::ECONNRESET
- Errno::EPROTO
- Object
WEBrick::HTTPAuth::DigestAuth
RFC 2617 Digest Access Authentication for WEBrick
Use this class to add digest authentication to a WEBrick servlet.
Here is an example of how to set up DigestAuth:
config = { :Realm => 'DigestAuth example realm' } htdigest = WEBrick::HTTPAuth::Htdigest.new 'my_password_file' htdigest.set_passwd config[:Realm], 'username', 'password' htdigest.flush config[:UserDB] = htdigest digest_auth = WEBrick::HTTPAuth::DigestAuth.new config
When using this as with a servlet be sure not to create a new DigestAuth object in the servlet’s initialize. By default WEBrick creates a new servlet instance for every request and the DigestAuth object must be used across requests.
Constants
Public Class Methods
Used by UserDB to create a digest password entry
# File webrick/httpauth/digestauth.rb, line 55
def self.make_passwd(realm, user, pass)
pass ||= ""
Digest::MD5::hexdigest([user, realm, pass].join(":"))
end
Creates a new DigestAuth instance. Be sure to use the same DigestAuth instance for multiple requests as it saves state between requests in order to perform authentication.
See WEBrick::Config::DigestAuth for default configuration entries
You must supply the following configuration entries:
- :Realm
-
The name of the realm being protected.
- :UserDB
-
A database of usernames and passwords. A WEBrick::HTTPAuth::Htdigest instance should be used.
# File webrick/httpauth/digestauth.rb, line 73
def initialize(config, default=Config::DigestAuth)
check_init(config)
@config = default.dup.update(config)
@algorithm = @config[:Algorithm]
@domain = @config[:Domain]
@qop = @config[:Qop]
@use_opaque = @config[:UseOpaque]
@use_next_nonce = @config[:UseNextNonce]
@check_nc = @config[:CheckNc]
@use_auth_info_header = @config[:UseAuthenticationInfoHeader]
@nonce_expire_period = @config[:NonceExpirePeriod]
@nonce_expire_delta = @config[:NonceExpireDelta]
@internet_explorer_hack = @config[:InternetExplorerHack]
case @algorithm
when 'MD5','MD5-sess'
@h = Digest::MD5
when 'SHA1','SHA1-sess' # it is a bonus feature :-)
@h = Digest::SHA1
else
msg = format('Algorithm "%s" is not supported.', @algorithm)
raise ArgumentError.new(msg)
end
@instance_key = hexdigest(self.__id__, Time.now.to_i, Process.pid)
@opaques = {}
@last_nonce_expire = Time.now
@mutex = Mutex.new
end
Public Instance Methods
Authenticates a req and returns a 401 Unauthorized using
res if the authentication was not correct.
# File webrick/httpauth/digestauth.rb, line 107
def authenticate(req, res)
unless result = @mutex.synchronize{ _authenticate(req, res) }
challenge(req, res)
end
if result == :nonce_is_stale
challenge(req, res, true)
end
return true
end
Returns a challenge response which asks for for authentication information
# File webrick/httpauth/digestauth.rb, line 121
def challenge(req, res, stale=false)
nonce = generate_next_nonce(req)
if @use_opaque
opaque = generate_opaque(req)
@opaques[opaque].nonce = nonce
end
param = Hash.new
param["realm"] = HTTPUtils::quote(@realm)
param["domain"] = HTTPUtils::quote(@domain.to_a.join(" ")) if @domain
param["nonce"] = HTTPUtils::quote(nonce)
param["opaque"] = HTTPUtils::quote(opaque) if opaque
param["stale"] = stale.to_s
param["algorithm"] = @algorithm
param["qop"] = HTTPUtils::quote(@qop.to_a.join(",")) if @qop
res[@response_field] =
"#{@auth_scheme} " + param.map{|k,v| "#{k}=#{v}" }.join(", ")
info("%s: %s", @response_field, res[@response_field]) if $DEBUG
raise @auth_exception
end
Commenting is here to help enhance the documentation. For example, sample code, or clarification of the documentation.
If you have questions about Ruby or the documentation, please post to one of the Ruby mailing lists. You will get better, faster, help that way.
If you wish to post a correction of the docs, please do so, but also file bug report so that it can be corrected for the next release. Thank you.