You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jena.apache.org by rv...@apache.org on 2013/07/03 18:08:26 UTC

svn commit: r1499455 - /jena/site/trunk/content/documentation/query/http-auth.mdtext

Author: rvesse
Date: Wed Jul  3 16:08:26 2013
New Revision: 1499455

URL: http://svn.apache.org/r1499455
Log:
Finish HTTP Auth in ARQ document first draft

Modified:
    jena/site/trunk/content/documentation/query/http-auth.mdtext

Modified: jena/site/trunk/content/documentation/query/http-auth.mdtext
URL: http://svn.apache.org/viewvc/jena/site/trunk/content/documentation/query/http-auth.mdtext?rev=1499455&r1=1499454&r2=1499455&view=diff
==============================================================================
--- jena/site/trunk/content/documentation/query/http-auth.mdtext (original)
+++ jena/site/trunk/content/documentation/query/http-auth.mdtext Wed Jul  3 16:08:26 2013
@@ -37,7 +37,7 @@ credentials will not actually be submitt
 #### ScopedAuthenticator
 
 The [scoped authenticator][3] is an authenticator which maps credentials to different service URIs.  This allows you to specify different credentials for different services 
-as appropriate.  Similarly to the simple authenticator this is not preemptive authentication so credentials are not set unless the service requests them.
+as appropriate.  Similarly to the simple authenticator this is not preemptive authentication so credentials are not sent unless the service requests them.
 
 Scoping of credentials is not based on exact mapping of the request URI to credentials but rather on a longest match approach.  For example if you define credentials
 for `http://example.org` then these are used for any request that requires authentication under that URI e.g. `http://example.org/some/path`.  However if you
@@ -46,7 +46,7 @@ had defined credentials for `http://exam
 #### ServiceAuthenticator
 
 The [service authenticator][4] is an authenticator which uses information encoded in the ARQ context and basically provides access to the existing credential provision
-mechanisms provided for the `SERVICE` clause, see [Basic Federated Query][5] for more information on this.
+mechanisms provided for the `SERVICE` clause, see [Basic Federated Query][5] for more information on configuration for this.
 
 #### FormsAuthenticator
 
@@ -58,6 +58,10 @@ services that don't support HTTP's built
 This [authenticator][8] is a decorator over another authenticator that enables preemptive basic authentication.  This is not enabled by default because it reduces security as it can
  result in sending credentials to servers that don't actually require them.
 
+#### DelegatingAuthenticator
+
+The [delegating authenticator][12] allows for mapping different authenticators to different services, this is useful when you need to mix and match the types of authentication needed.
+
 ## Applying Authentication
 
 APIs that support authentication typically provide two methods for providing authenticators, a `setAuthentication(String username, char[] password)` method
@@ -73,6 +77,21 @@ Authenticators applied this way will onl
 From 2.10.2 onwards the relevant factory methods include overloads that allow providing a `HttpAuthenticator` at creation time which
 avoids the needs to cast and manually set the authenticator afterwards.
 
+## The Default Authenticator
+
+Since it may not always be possible/practical to configure authenticators on a per-request basis the API includes a means to specify a default authenticator
+that is used when no authenticator is explicitly specified.  This may be configured via the `setDefaultAuthenticator(HttpAuthenticator authenticator)`
+method of the [HttpOp][13] class.
+
+By default there is already a default authenticator configured which is the `ServiceAuthenticator` since this preserves behavioural 
+backwards compatibility with prior versions of ARQ.
+
+You can configure the default authenticator to whatever you need so even if you don't directly control the code
+that is making HTTP requests provided that it is using ARQs APIs to make these then authentication will
+still be applied.
+
+Note that the default authenticator may be disabled by setting it to `null`.
+
   [1]: http://jena.apache.org/documentation/javadoc/arq/org/apache/jena/atlas/web/auth/HttpAuthenticator.html
   [2]: http://jena.apache.org/documentation/javadoc/arq/org/apache/jena/atlas/web/auth/SimpleAuthenticator.html
   [3]: http://jena.apache.org/documentation/javadoc/arq/org/apache/jena/atlas/web/auth/ScopedAuthenticator.html
@@ -80,4 +99,9 @@ avoids the needs to cast and manually se
   [5]: service.html
   [6]: http://jena.apache.org/documentation/javadoc/arq/org/apache/jena/atlas/web/auth/FormsAuthenticator.html
   [7]: https://httpd.apache.org/docs/2.4/mod/mod_auth_form.html
-  [8]: http://jena.apache.org/documentation/javadoc/arq/org/apache/jena/atlas/web/auth/PreemptiveBasicAuthenticator.html
\ No newline at end of file
+  [8]: http://jena.apache.org/documentation/javadoc/arq/org/apache/jena/atlas/web/auth/PreemptiveBasicAuthenticator.html
+  [9]: http://jena.apache.org/documentation/javadoc/arq/com/hp/hpl/jena/sparql/engine/http/QueryEngineHTTP.html
+  [10]: http://jena.apache.org/documentation/javadoc/arq/com/hp/hpl/jena/sparql/modify/UpdateProcessRemoteBase.html
+  [11]: http://jena.apache.org/documentation/javadoc/arq/org/apache/jena/web/DatasetGraphAccessorHTTP.html
+  [12]: http://jena.apache.org/documentation/javadoc/arq/org/apache/jena/atlas/web/auth/DelegatingAuthenticator.html
+  [13]: http://jena.apache.org/documentation/javadoc/arq/org/apache/jena/riot/web/HttpOp.html
\ No newline at end of file