001// *************************************************************************************************************************** 002// * Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file * 003// * distributed with this work for additional information regarding copyright ownership. The ASF licenses this file * 004// * to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance * 005// * with the License. You may obtain a copy of the License at * 006// * * 007// * http://www.apache.org/licenses/LICENSE-2.0 * 008// * * 009// * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an * 010// * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the * 011// * specific language governing permissions and limitations under the License. * 012// *************************************************************************************************************************** 013package org.apache.juneau.http; 014 015import org.apache.juneau.http.annotation.*; 016 017/** 018 * Represents a parsed <l>Authorization</l> HTTP request header. 019 * 020 * <p> 021 * Authentication credentials for HTTP authentication. 022 * 023 * <h5 class='figure'>Example</h5> 024 * <p class='bcode w800'> 025 * Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== 026 * </p> 027 * 028 * <h5 class='topic'>RFC2616 Specification</h5> 029 * 030 * A user agent that wishes to authenticate itself with a server--usually, but not necessarily, after receiving a 401 031 * response--does so by including an Authorization request-header field with the request. 032 * 033 * <p> 034 * The Authorization field value consists of credentials containing the authentication information of the user agent for 035 * the realm of the resource being requested. 036 * 037 * <p class='bcode w800'> 038 * Authorization = "Authorization" ":" credentials 039 * </p> 040 * 041 * <p> 042 * HTTP access authentication is described in "HTTP Authentication: Basic and Digest Access Authentication". 043 * 044 * <p> 045 * If a request is authenticated and a realm specified, the same credentials SHOULD be valid for all other requests 046 * within this realm (assuming that the authentication scheme itself does not require otherwise, such as credentials 047 * that vary according to a challenge value or using synchronized clocks). 048 * 049 * <p> 050 * When a shared cache (see section 13.7) receives a request containing an Authorization field, it MUST NOT return the 051 * corresponding response as a reply to any other request, unless one of the following specific exceptions holds: 052 * <ol> 053 * <li>If the response includes the "s-maxage" cache-control directive, the cache MAY use that response in replying 054 * to a subsequent request. 055 * But (if the specified maximum age has passed) a proxy cache MUST first revalidate it with the origin 056 * server, using the request-headers from the new request to allow the origin server to authenticate the new 057 * request. 058 * (This is the defined behavior for s-maxage.) 059 * If the response includes "s-maxage=0", the proxy MUST always revalidate it before re-using it. 060 * <li>If the response includes the "must-revalidate" cache-control directive, the cache MAY use that response in 061 * replying to a subsequent request. 062 * But if the response is stale, all caches MUST first revalidate it with the origin server, using the 063 * request-headers from the new request to allow the origin server to authenticate the new request. 064 * <li>If the response includes the "public" cache-control directive, it MAY be returned in reply to any subsequent 065 * request. 066 * </ol> 067 * 068 * <h5 class='section'>See Also:</h5> 069 * <ul class='doctree'> 070 * <li class='extlink'>{@doc RFC2616} 071 * </ul> 072 */ 073@Header("Authorization") 074public final class Authorization extends HeaderString { 075 076 /** 077 * Returns a parsed <code>Authorization</code> header. 078 * 079 * @param value The <code>Authorization</code> header string. 080 * @return The parsed <code>Authorization</code> header, or <jk>null</jk> if the string was null. 081 */ 082 public static Authorization forString(String value) { 083 if (value == null) 084 return null; 085 return new Authorization(value); 086 } 087 088 private Authorization(String value) { 089 super(value); 090 } 091}