Source code

001// ***************************************************************************************************************************
002// * Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements.  See the NOTICE file *
003// * distributed with this work for additional information regarding copyright ownership.  The ASF licenses this file        *
004// * to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance            *
005// * with the License.  You may obtain a copy of the License at                                                              *
006// *                                                                                                                         *
007// *  http://www.apache.org/licenses/LICENSE-2.0                                                                             *
008// *                                                                                                                         *
009// * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an  *
010// * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the License for the        *
011// * specific language governing permissions and limitations under the License.                                              *
012// ***************************************************************************************************************************
013package org.apache.juneau.http;
014
015import org.apache.juneau.http.annotation.*;
016
017/**
018 * Represents a parsed <l>Authorization</l> HTTP request header.
019 *
020 * <p>
021 * Authentication credentials for HTTP authentication.
022 *
023 * <h5 class='figure'>Example</h5>
024 * <p class='bcode w800'>
025 *    Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
026 * </p>
027 *
028 * <h5 class='topic'>RFC2616 Specification</h5>
029 *
030 * A user agent that wishes to authenticate itself with a server--usually, but not necessarily, after receiving a 401
031 * response--does so by including an Authorization request-header field with the request.
032 *
033 * <p>
034 * The Authorization field value consists of credentials containing the authentication information of the user agent for
035 * the realm of the resource being requested.
036 *
037 * <p class='bcode w800'>
038 *    Authorization  = "Authorization" ":" credentials
039 * </p>
040 *
041 * <p>
042 * HTTP access authentication is described in "HTTP Authentication: Basic and Digest Access Authentication".
043 *
044 * <p>
045 * If a request is authenticated and a realm specified, the same credentials SHOULD be valid for all other requests
046 * within this realm (assuming that the authentication scheme itself does not require otherwise, such as credentials
047 * that vary according to a challenge value or using synchronized clocks).
048 *
049 * <p>
050 * When a shared cache (see section 13.7) receives a request containing an Authorization field, it MUST NOT return the
051 * corresponding response as a reply to any other request, unless one of the following specific exceptions holds:
052 * <ol>
053 *    <li>If the response includes the "s-maxage" cache-control directive, the cache MAY use that response in replying
054 *       to a subsequent request.
055 *       But (if the specified maximum age has passed) a proxy cache MUST first revalidate it with the origin
056 *       server, using the request-headers from the new request to allow the origin server to authenticate the new
057 *       request.
058 *       (This is the defined behavior for s-maxage.)
059 *       If the response includes "s-maxage=0", the proxy MUST always revalidate it before re-using it.
060 *    <li>If the response includes the "must-revalidate" cache-control directive, the cache MAY use that response in
061 *       replying to a subsequent request.
062 *       But if the response is stale, all caches MUST first revalidate it with the origin server, using the
063 *       request-headers from the new request to allow the origin server to authenticate the new request.
064 *    <li>If the response includes the "public" cache-control directive, it MAY be returned in reply to any subsequent
065 *       request.
066 * </ol>
067 *
068 * <h5 class='section'>See Also:</h5>
069 * <ul class='doctree'>
070 *    <li class='extlink'>{@doc RFC2616}
071 * </ul>
072 */
073@Header("Authorization")
074public final class Authorization extends HeaderString {
075
076   /**
077    * Returns a parsed <code>Authorization</code> header.
078    *
079    * @param value The <code>Authorization</code> header string.
080    * @return The parsed <code>Authorization</code> header, or <jk>null</jk> if the string was null.
081    */
082   public static Authorization forString(String value) {
083      if (value == null)
084         return null;
085      return new Authorization(value);
086   }
087
088   private Authorization(String value) {
089      super(value);
090   }
091}