Class Authorization
- All Implemented Interfaces:
Serializable,Cloneable,Header,NameValuePair
Authentication credentials for HTTP authentication.
Example
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
RFC2616 Specification
A user agent that wishes to authenticate itself with a server--usually, but not necessarily, after receiving a 401 response--does so by including an Authorization request-header field with the request.The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.
Authorization = "Authorization" ":" credentials
HTTP access authentication is described in "HTTP Authentication: Basic and Digest Access Authentication".
If a request is authenticated and a realm specified, the same credentials SHOULD be valid for all other requests within this realm (assuming that the authentication scheme itself does not require otherwise, such as credentials that vary according to a challenge value or using synchronized clocks).
When a shared cache (see section 13.7) receives a request containing an Authorization field, it MUST NOT return the corresponding response as a reply to any other request, unless one of the following specific exceptions holds:
- If the response includes the "s-maxage" cache-control directive, the cache MAY use that response in replying to a subsequent request. But (if the specified maximum age has passed) a proxy cache MUST first revalidate it with the origin server, using the request-headers from the new request to allow the origin server to authenticate the new request. (This is the defined behavior for s-maxage.) If the response includes "s-maxage=0", the proxy MUST always revalidate it before re-using it.
- If the response includes the "must-revalidate" cache-control directive, the cache MAY use that response in replying to a subsequent request. But if the response is stale, all caches MUST first revalidate it with the origin server, using the request-headers from the new request to allow the origin server to authenticate the new request.
- If the response includes the "public" cache-control directive, it MAY be returned in reply to any subsequent request.
See Also:
-
Constructor Summary
ConstructorsConstructorDescriptionAuthorization(String value) Constructor.Authorization(Supplier<String> value) Constructor with delayed value. -
Method Summary
Modifier and TypeMethodDescriptionstatic AuthorizationStatic creator.static AuthorizationStatic creator with delayed value.Methods inherited from class org.apache.juneau.http.header.BasicStringHeader
assertString, asString, getValue, of, of, ofPair, orElseMethods inherited from class org.apache.juneau.http.header.BasicHeader
assertName, assertStringValue, equals, equalsIgnoreCase, get, getElements, getName, hashCode, isNotEmpty, isPresent, of, of, toString
-
Constructor Details
-
Authorization
Constructor.- Parameters:
value- The header value.
Can benull .
-
Authorization
Constructor with delayed value.Header value is re-evaluated on each call to
BasicStringHeader.getValue().- Parameters:
value- The supplier of the header value.
Can benull .
-
-
Method Details
-
of
Static creator.- Parameters:
value- The header value.
Can benull .- Returns:
- A new header bean, or
null if the value isnull .
-
of
Static creator with delayed value.Header value is re-evaluated on each call to
BasicStringHeader.getValue().- Parameters:
value- The supplier of the header value.
Can benull .- Returns:
- A new header bean, or
null if the value isnull .
-