\Zend_Auth_Adapter_Http
HTTP Authentication Adapter
Implements a pretty good chunk of RFC 2617.
- Copyright: Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
- License: http://framework.zend.com/license/new-bsd New BSD License
Synopsis
class Zend_Auth_Adapter_Http
implements
Zend_Auth_Adapter_Interface
{
- // members
- protected Zend_Controller_Request_Http $_request;
- protected Zend_Controller_Response_Http $_response;
- protected Zend_Auth_Adapter_Http_Resolver_Interface $_basicResolver;
- protected Zend_Auth_Adapter_Http_Resolver_Interface $_digestResolver;
- protected array $_supportedSchemes = ;
- protected $_acceptSchemes;
- protected $_domains;
- protected $_realm;
- protected $_nonceTimeout;
- protected $_useOpaque;
- protected array $_supportedAlgos = ;
- protected $_algo;
- protected array $_supportedQops = ;
- protected $_imaProxy;
- protected $_ieNoOpaque;
- // methods
- public void __construct()
- public Zend_Auth_Adapter_Http setBasicResolver()
- public Zend_Auth_Adapter_Http_Resolver_Interface getBasicResolver()
- public Zend_Auth_Adapter_Http setDigestResolver()
- public Zend_Auth_Adapter_Http_Resolver_Interface getDigestResolver()
- public Zend_Auth_Adapter_Http setRequest()
- public Zend_Controller_Request_Http getRequest()
- public Zend_Auth_Adapter_Http setResponse()
- public Zend_Controller_Response_Http getResponse()
- public Zend_Auth_Result authenticate()
- protected Zend_Auth_Result _challengeClient()
- protected string _basicHeader()
- protected string _digestHeader()
- protected Zend_Auth_Result _basicAuth()
- protected Zend_Auth_Result _digestAuth()
- protected string _calcNonce()
- protected string _calcOpaque()
- protected array|false _parseDigestAuth()
- protected bool _secureStringCompare()
Hierarchy
Implements
Tasks
Line | Task |
---|---|
44+ | Support auth-int |
44+ | Track nonces, nonce-count, opaque for replay protection and stale support |
44+ | Support Authentication-Info header |
Members
protected
- $_acceptSchemes
—
array
List of schemes this class will accept from the client - $_algo
—
string
The actual algorithm to use. Defaults to MD5 - $_basicResolver
—
Zend_Auth_Adapter_Http_Resolver_Interface
Object that looks up user credentials for the Basic scheme - $_digestResolver
—
Zend_Auth_Adapter_Http_Resolver_Interface
Object that looks up user credentials for the Digest scheme - $_domains
—
string
Space-delimited list of protected domains for Digest Auth - $_ieNoOpaque
—
boolean
Flag indicating the client is IE and didn't bother to return the opaque string - $_imaProxy
—
boolean
Whether or not to do Proxy Authentication instead of origin server authentication (send 407's instead of 401's). Off by default. - $_nonceTimeout
—
integer
Nonce timeout period - $_realm
—
string
The protection realm to use - $_request
—
Zend_Controller_Request_Http
Reference to the HTTP Request object - $_response
—
Zend_Controller_Response_Http
Reference to the HTTP Response object - $_supportedAlgos
—
array
List of the supported digest algorithms. I want to support both MD5 and MD5-sess, but MD5-sess won't make it into the first version. - $_supportedQops
—
array
List of supported qop options. My intetion is to support both 'auth' and 'auth-int', but 'auth-int' won't make it into the first version. - $_supportedSchemes
—
array
List of authentication schemes supported by this class - $_useOpaque
—
boolean
Whether to send the opaque value in the header. True by default
Methods
protected
- _basicAuth() — Basic Authentication
- _basicHeader() — Basic Header
- _calcNonce() — Calculate Nonce
- _calcOpaque() — Calculate Opaque
- _challengeClient() — Challenge Client
- _digestAuth() — Digest Authentication
- _digestHeader() — Digest Header
- _parseDigestAuth() — Parse Digest Authorization header
- _secureStringCompare() — Securely compare two strings for equality while avoided C level memcmp() optimisations capable of leaking timing information useful to an attacker attempting to iteratively guess the unknown string (e.g. password) being compared against.
public
- __construct() — Constructor
- authenticate() — Authenticate
- getBasicResolver() — Getter for the _basicResolver property
- getDigestResolver() — Getter for the _digestResolver property
- getRequest() — Getter for the Request object
- getResponse() — Getter for the Response object
- setBasicResolver() — Setter for the _basicResolver property
- setDigestResolver() — Setter for the _digestResolver property
- setRequest() — Setter for the Request object
- setResponse() — Setter for the Response object