Source code

001// ***************************************************************************************************************************
002// * Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements.  See the NOTICE file *
003// * distributed with this work for additional information regarding copyright ownership.  The ASF licenses this file        *
004// * to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance            *
005// * with the License.  You may obtain a copy of the License at                                                              *
006// *                                                                                                                         *
007// *  http://www.apache.org/licenses/LICENSE-2.0                                                                             *
008// *                                                                                                                         *
009// * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an  *
010// * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the License for the        *
011// * specific language governing permissions and limitations under the License.                                              *
012// ***************************************************************************************************************************
013package org.apache.juneau.http.header;
014
015import java.util.function.*;
016
017import org.apache.juneau.http.annotation.*;
018
019/**
020 * Represents a parsed <l>Authorization</l> HTTP request header.
021 *
022 * <p>
023 * Authentication credentials for HTTP authentication.
024 *
025 * <h5 class='figure'>Example</h5>
026 * <p class='bcode'>
027 *    Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
028 * </p>
029 *
030 * <h5 class='topic'>RFC2616 Specification</h5>
031 *
032 * A user agent that wishes to authenticate itself with a server--usually, but not necessarily, after receiving a 401
033 * response--does so by including an Authorization request-header field with the request.
034 *
035 * <p>
036 * The Authorization field value consists of credentials containing the authentication information of the user agent for
037 * the realm of the resource being requested.
038 *
039 * <p class='bcode'>
040 *    Authorization  = "Authorization" ":" credentials
041 * </p>
042 *
043 * <p>
044 * HTTP access authentication is described in "HTTP Authentication: Basic and Digest Access Authentication".
045 *
046 * <p>
047 * If a request is authenticated and a realm specified, the same credentials SHOULD be valid for all other requests
048 * within this realm (assuming that the authentication scheme itself does not require otherwise, such as credentials
049 * that vary according to a challenge value or using synchronized clocks).
050 *
051 * <p>
052 * When a shared cache (see section 13.7) receives a request containing an Authorization field, it MUST NOT return the
053 * corresponding response as a reply to any other request, unless one of the following specific exceptions holds:
054 * <ol>
055 *    <li>If the response includes the "s-maxage" cache-control directive, the cache MAY use that response in replying
056 *       to a subsequent request.
057 *       But (if the specified maximum age has passed) a proxy cache MUST first revalidate it with the origin
058 *       server, using the request-headers from the new request to allow the origin server to authenticate the new
059 *       request.
060 *       (This is the defined behavior for s-maxage.)
061 *       If the response includes "s-maxage=0", the proxy MUST always revalidate it before re-using it.
062 *    <li>If the response includes the "must-revalidate" cache-control directive, the cache MAY use that response in
063 *       replying to a subsequent request.
064 *       But if the response is stale, all caches MUST first revalidate it with the origin server, using the
065 *       request-headers from the new request to allow the origin server to authenticate the new request.
066 *    <li>If the response includes the "public" cache-control directive, it MAY be returned in reply to any subsequent
067 *       request.
068 * </ol>
069 *
070 * <h5 class='section'>See Also:</h5><ul>
071 *    <li class='link'><a class="doclink" href="../../../../../index.html#juneau-rest-common">juneau-rest-common</a>
072 *    <li class='extlink'><a class="doclink" href="https://www.w3.org/Protocols/rfc2616/rfc2616.html">Hypertext Transfer Protocol -- HTTP/1.1</a>
073 * </ul>
074 *
075 * @serial exclude
076 */
077@Header("Authorization")
078public class Authorization extends BasicStringHeader {
079
080   //-----------------------------------------------------------------------------------------------------------------
081   // Static
082   //-----------------------------------------------------------------------------------------------------------------
083
084   private static final long serialVersionUID = 1L;
085   private static final String NAME = "Authorization";
086
087   /**
088    * Static creator.
089    *
090    * @param value
091    *    The header value.
092    *    <br>Can be <jk>null</jk>.
093    * @return A new header bean, or <jk>null</jk> if the value is <jk>null</jk>.
094    */
095   public static Authorization of(String value) {
096      return value == null ? null : new Authorization(value);
097   }
098
099   /**
100    * Static creator with delayed value.
101    *
102    * <p>
103    * Header value is re-evaluated on each call to {@link #getValue()}.
104    *
105    * @param value
106    *    The supplier of the header value.
107    *    <br>Can be <jk>null</jk>.
108    * @return A new header bean, or <jk>null</jk> if the value is <jk>null</jk>.
109    */
110   public static Authorization of(Supplier<String> value) {
111      return value == null ? null : new Authorization(value);
112   }
113
114   //-----------------------------------------------------------------------------------------------------------------
115   // Instance
116   //-----------------------------------------------------------------------------------------------------------------
117
118   /**
119    * Constructor.
120    *
121    * @param value
122    *    The header value.
123    *    <br>Can be <jk>null</jk>.
124    */
125   public Authorization(String value) {
126      super(NAME, value);
127   }
128
129   /**
130    * Constructor with delayed value.
131    *
132    * <p>
133    * Header value is re-evaluated on each call to {@link #getValue()}.
134    *
135    * @param value
136    *    The supplier of the header value.
137    *    <br>Can be <jk>null</jk>.
138    */
139   public Authorization(Supplier<String> value) {
140      super(NAME, value);
141   }
142}