Package org.restlet.security

Class SecretVerifier

  • All Implemented Interfaces:
    Verifier
    Direct Known Subclasses:
    LocalVerifier
    public abstract class SecretVerifier
extends java.lang.Object
implements Verifier
    Verifier of identifier/secret couples. By default, it extracts the identifier and the secret from the ChallengeResponse. If the verification is successful, it automatically adds a new User for the given identifier.
    Author:
    Jerome Louvel

    • Constructor Detail

      • SecretVerifier

        public SecretVerifier()

    • Method Detail

      • compare

        public static boolean compare​(char[] secret1,
                              char[] secret2)
        Compares that two secrets are equal and not null.
        Parameters:
        secret1 - The input secret.
        secret2 - The output secret.
        Returns:
        True if both are equal.

      • createUser

        protected User createUser​(java.lang.String identifier,
                          Request request,
                          Response response)
        Called back to create a new user when valid credentials are provided.
        Parameters:
        identifier - The user identifier.
        request - The request handled.
        response - The response handled.
        Returns:
        The User instance created.

      • getIdentifier

        protected java.lang.String getIdentifier​(Request request,
                                         Response response)
        Returns the user identifier.
        Parameters:
        request - The request to inspect.
        response - The response to inspect.
        Returns:
        The user identifier.

      • getSecret

        protected char[] getSecret​(Request request,
                           Response response)
        Returns the secret provided by the user.
        Parameters:
        request - The request to inspect.
        response - The response to inspect.
        Returns:
        The secret provided by the user.

      • verify

        public int verify​(Request request,
                  Response response)
        Verifies that the proposed secret is correct for the specified request. By default, it compares the inputSecret of the request's authentication response with the one obtain by the ChallengeResponse.getSecret() method and sets the User instance of the request's ClientInfo if successful.
        Specified by:
        verify in interface Verifier
        Parameters:
        request - The request to inspect.
        response - The response to inspect.
        Returns:
        Result of the verification based on the RESULT_* constants.

      • verify

        public abstract int verify​(java.lang.String identifier,
                           char[] secret)
        Verifies that the identifier/secret couple is valid. It throws an IllegalArgumentException in case the identifier is either null or does not identify a user.
        Parameters:
        identifier - The user identifier to match.
        secret - The provided secret to verify.
        Returns:
        Result of the verification based on the RESULT_* constants.