Authentication FAQ

From n² wiki

The platform uses HTTP Digest authentication for securing access to certain resources. This page provides some code samples for enabling digest authentication in client applications. See Capabilities for more discussion on the types of resources that may be secured and why.

Code examples will be available at: http://n2.talis.com/svn/tutorials/

1 Java
- 1.1 Using Java's own client
- 1.2 Using Apache HttpClient
2 PHP
- 2.1 Using mod_curl
3 Python
4 Command Line
- 4.1 Using cURL
- 4.2 Using wget
5 JavaScript
- 5.1 Using Jaxer (server side)
6 Perl

[edit] Java

[edit] Using Java's own client

uses a static call, independent of the client itself

Authenticator auth = new Authenticator() {
   protected PasswordAuthentication getPasswordAuthentication() {
      return new PasswordAuthentication("USER","PASS".toCharArray());
   }
};
Authenticator.setDefault(auth);

[edit] Using Apache HttpClient

is applied to an instance of HttpClient

httpClient.getState().setCredentials(
		            new UsernamePasswordCredentials(user, password)
		        );

One benefit of using HttpClient is that it supports pre-emptive authentication which means that your credentials are automatically included in any request. When using the default Java Authenticator code, the JVM always makes an initial attempt to access remote resources without the credentials and then, after it fails, it'll provide them. This means that there's always one extra redundant HTTP request.

Unfortunately it does not work with DIGEST authentication, see the test at Talk:Authentication_FAQ. --Laurian 17:59, 12 December 2007 (UTC)

[edit] PHP

[edit] Using mod_curl

$request = curl_init("http://api.talis.com/stores/mystore/items");
curl_setopt($request, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
curl_setopt($request, CURLOPT_USERPWD, "username:password");
$response = curl_exec($request);

[edit] Python

You'll need something like this:

 import urllib2

    def postWithDigestAuth(self,data):
        authhandler = urllib2.HTTPDigestAuthHandler()
        authhandler.add_password(self.talis_realm, self.talis_uri, self.talis_user, self.talis_password)
        opener = urllib2.build_opener(authhandler)
        urllib2.install_opener(opener)
        
        headers = {"User-Agent":"danja-todo-thing", "Content-Type":"application/rdf+xml"}
        request = urllib2.Request(self.talis_uri, data, headers)
        try:
        	response = urllib2.urlopen(request)
        except urllib2.HTTPError, arg:
        	return arg

see http://n2.talis.com/svn/playground/danja/python/talis_platform.py

[edit] Command Line

[edit] Using cURL

curl --digest -u"user:password" http://api.talis.com/stores/mystore/items

[edit] Using wget

Can't seem to get this to work. May be related to https://savannah.gnu.org/bugs/?20300

Note that urllib2 considers any status code other than 200 to be an error (the POSTing here should return a 204 if operating correctly).

[edit] JavaScript

[edit] Using Jaxer (server side)

For example accessing OAI service which requires authentication.

var url = "http://api.talis.com/stores/{store}/services/oai-pmh?verb=ListRecords&metadataPrefix=oai_dc";
var options = new Jaxer.XHR.SendOptions();
options.username = "user";
options.password = "pass";
var content = Jaxer.Web.get(url, options);

[edit] Perl

use LWP::UserAgent;
 
my $ua = LWP::UserAgent->new;
$ua->timeout(10);
$ua->credentials( "api.talis.com:80", "bigfoot", "user" => "password" );
 
my $response = $ua->get($uri);

Retrieved from "http://n2.talis.com/wiki/Authentication_FAQ"