Java Reference
In-Depth Information
The
address
argument is the host for which authentication is required. The
port
ar‐
gument is the port on that host, and the
protocol
argument is the application layer
protocol by which the site is being accessed. The HTTP server provides the
prompt
. It's
typically the name of the realm for which authentication is required. (Some large web
servers such as
www.ibiblio.org
have multiple realms, each of which requires different
usernames and passwords.) The
scheme
is the authentication scheme being used. (Here
the word
scheme
is not being used as a synonym for
protocol
. Rather, it is an HTTP
authentication scheme, typically basic.)
Untrusted applets are not allowed to ask the user for a name and password. Trusted
applets can do so, but only if they possess the
requestPasswordAuthentication
Net
Permission
. Otherwise,
Authenticator.requestPasswordAuthentication()
throws
a
SecurityException
.
The
Authenticator
subclass must override the
getPasswordAuthentication()
meth‐
od. Inside this method, you collect the username and password from the user or some
other source and return it as an instance of the
java.net.PasswordAuthentication
class:
protected
PasswordAuthentication
getPasswordAuthentication
()
If you don't want to authenticate this request, return
null
, and Java will tell the server
it doesn't know how to authenticate the connection. If you submit an incorrect username
or password, Java will call
getPasswordAuthentication()
again to give you another
chance to provide the right data. You normally have five tries to get the username and
password correct; after that,
openStream()
throws a
ProtocolException
.
Usernames and passwords are cached within the same virtual machine session. Once
you set the correct password for a realm, you shouldn't be asked for it again unless you've
explicitly deleted the password by zeroing out the
char
array that contains it.
You can get more details about the request by invoking any of these methods inherited
from the
Authenticator
superclass:
protected
final
InetAddress
getRequestingSite
()
protected
final
int
getRequestingPort
()
protected
final
String
getRequestingProtocol
()
protected
final
String
getRequestingPrompt
()
protected
final
String
getRequestingScheme
()
protected
final
String
getRequestingHost
()
protected
final
String
getRequestingURL
()
protected
Authenticator
.
RequestorType
getRequestorType
()
These methods either return the information as given in the last call to
requestPass
wordAuthentication()
or return
null
if that information is not available. (If the port
isn't available,
getRequestingPort()
returns -1.)