org.tmatesoft.svn.core.auth
Interface ISVNAuthenticationManager
- BasicAuthenticationManager
public interface ISVNAuthenticationManager
The
ISVNAuthenticationManager is implemented by manager
classes used by
SVNRepository drivers for user authentication purposes.
When an
SVNRepository driver is created, you should provide an
authentication manager via a call to:
import org.tmatesoft.svn.core.io.SVNRepository;
import org.tmatesoft.svn.core.auth.ISVNAuthenticationManager;
...
SVNRepository repository;
ISVNAuthenticationManager authManger;
...
repository.setAuthenticationManager(authManager);
...
SVNKit provides a default authentication manager implementation -
org.tmatesoft.svn.core.internal.wc.DefaultSVNAuthenticationManager.
This manager has got the following features:
- uses the auth storage from the default Subversion runtime configuration area;
- may use the auth storage in the directory you specify;
- uses the ssh, ssl & proxy options from the standard config and servers files;
- stores credentials in the in-memory cache during runtime;
You may also specify your own auth provider (
ISVNAuthenticationProvider) to this default manager, it
will be used along with those default ones, that implement the features listed above.
If using the https:// protocol and if no user's authentication provider implementation is set to the
default manager, server certificates are accepted temporarily and therefore are not cached on the disk.
To enable server CAs caching, a user should set an authentication provider implementation which
acceptServerAuthentication()
method must return
ISVNAuthenticationProvider.ACCEPTED. That will switch on certificate on-the-disk caching.
How to get a default auth manager instance see
SVNWCUtil.
static String | PASSWORD- A simple password credential kind ("svn.simple")
|
static String | SSH- An ssh credential kind ("svn.ssh")
|
static String | SSL- An ssl credential kind ("svn.ssl")
|
static String | USERNAME- A simple username credential kind ("svn.username").
|
PASSWORD
public static final String PASSWORD
A simple password credential kind ("svn.simple")
SSH
public static final String SSH
An ssh credential kind ("svn.ssh")
SSL
public static final String SSL
An ssl credential kind ("svn.ssl")
USERNAME
public static final String USERNAME
A simple username credential kind ("svn.username").
Only usernames are cached/provided matched against an appropriate
realms (which are repository UUIDs in this case). In particular this kind is
used in file:/// and svn+ssh:// access schemes.
acknowledgeAuthentication
public void acknowledgeAuthentication(boolean accepted,
String kind,
String realm,
SVNErrorMessage errorMessage,
SVNAuthentication authentication)
throws SVNException Accepts the given authentication if it was successfully accepted by a
repository server, or not if authentication failed. As a result the
provided credential may be cached (authentication succeeded) or deleted
from the cache (authentication failed).
accepted - true if
the credential was accepted by the server,
otherwise falsekind - a credential kind (PASSWORD or SSH or USERNAME)realm - a repository authentication realmerrorMessage - the reason of the authentication failureauthentication - a user credential to accept/drop
getFirstAuthentication
public SVNAuthentication getFirstAuthentication(String kind,
String realm,
SVNURL url)
throws SVNException Retrieves the first user credential.
The scheme of retrieving credentials:
- For the first try to authenticate a user to a repository (using the
specifed realm) an SVNRepository driver calls
getFirstAuthentication() and sends the retrieved credential.
- If the credential is accepted, it may be stored. If not, the driver
calls
getNextAuthentication()
and sends the next credential.
- If the last credential was not accepted, the driver still tries to get the next
credential for the same realm.
For each credential
kind an implementor should return a kind-specific
credential. The following table matches kinds to proper credential classes:
kind - a credential kindrealm - a repository authentication realmurl - a repository location that is to be accessed
- the first try user credential
getHTTPTimeout
public long getHTTPTimeout(SVNRepository repository)
Returns a connection timeout value.
repository - a repository access driver
getNextAuthentication
public SVNAuthentication getNextAuthentication(String kind,
String realm,
SVNURL url)
throws SVNException Retrieves the next user credential if the first try failed.
The scheme of retrieving credentials:
- For the first try to authenticate a user to a repository (using the
specifed realm) an SVNRepository driver calls
getFirstAuthentication() and
sends the retrieved credential.
- If the credential is accepted, it may be stored. If not, the driver
calls getNextAuthentication() and sends the next credential.
- If the last credential was not accepted, the driver still tries to get the next
credential for the same realm.
For each credential
kind an implementor should return a kind-specific
credential. The following table matches kinds to proper credential classes:
kind - a credential kindrealm - a repository authentication realmurl - a repository location that is to be accessed
- the next try user credential
getProxyManager
public ISVNProxyManager getProxyManager(SVNURL url)
throws SVNException Returns a proxy manager that keeps settings for that proxy
server over which HTTP requests are send to a repository server.
A default auth manager uses proxy settings from the standard
servers
file.
url - a repository location that will be accessed
over the proxy server for which a manager is needed
getSSLManager
public ISVNSSLManager getSSLManager(SVNURL url)
throws SVNException Returns the SSL manager for secure interracting with a
repository.
A default implementation of
ISVNAuthenticationManager returns an
SSL manager that uses CA and user certificate files specified in the
standard
servers file.
Even if the default manager's
getSSLManager() method returns
null for the given
url, a secure
context will be created anymore, but, of course no user certificate files are provided
to a server as well as server's certificates are not checked.
url - a repository location to access
- an appropriate SSL manager
isAuthenticationForced
public boolean isAuthenticationForced()
Checks whether client should send authentication credentials to
a repository server not waiting for the server's challenge.
In some cases it may be necessary to send credentials beforehand,
not waiting until the server asks to do it itself. To achieve
such behaviour an implementor should return
true
from this routine.
- true if authentication
credentials are forced to be sent;false
when credentials are to be sent only in response to a server challenge
setAuthenticationForced
public void setAuthenticationForced(boolean forced)
Specifies the way how credentials are to be supplied to a
repository server.
forced - true to force
credentials sending; false
to put off sending credentials till a server challenge
setAuthenticationProvider
public void setAuthenticationProvider(ISVNAuthenticationProvider provider)
Sets a custom authentication provider that will provide user
credentials for authentication.
provider - an authentication provider
setRuntimeStorage
public void setRuntimeStorage(ISVNAuthenticationStorage storage)
Sets a specific runtime authentication storage manager. This storage
manager will be asked by this auth manager for cached credentials as
well as used to cache new ones accepted recently.
storage - a custom auth storage manager
Copyright © 2004-2006 TMate Software Ltd. All Rights Reserved.