# 🇺🇸🔍 🔰 🔐

🙅 💼, 👆 💪 ⚙️ 🇺🇸🔍 🔰 🔐.

🇺🇸🔍 🔰 🔐, 🈸 ⌛ 🎚 👈 🔌 🆔 & 🔐.

🚥 ⚫️ 🚫 📨 ⚫️, ⚫️ 📨 🇺🇸🔍 4️⃣0️⃣1️⃣ "⛔" ❌.

& 📨 🎚 `WWW-Authenticate` ⏮️ 💲 `Basic`, & 📦 `realm` 🔢.

👈 💬 🖥 🎦 🛠️ 📋 🆔 & 🔐.

⤴️, 🕐❔ 👆 🆎 👈 🆔 & 🔐, 🖥 📨 👫 🎚 🔁.

## 🙅 🇺🇸🔍 🔰 🔐

* 🗄 `HTTPBasic` & `HTTPBasicCredentials`.
* ✍ "`security` ⚖" ⚙️ `HTTPBasic`.
* ⚙️ 👈 `security` ⏮️ 🔗 👆 *➡ 🛠️*.

public final class okhttp3/JavaNetAuthenticator : okhttp3/Authenticator {
	public fun <init> ()V
	public fun authenticate (Lokhttp3/Route;Lokhttp3/Response;)Lokhttp3/Request;
}

public final class okhttp3/JavaNetCookieJar : okhttp3/CookieJar {
	public fun <init> (Ljava/net/CookieHandler;)V
	public fun loadForRequest (Lokhttp3/HttpUrl;)Ljava/util/List;
	public fun saveFromResponse (Lokhttp3/HttpUrl;Ljava/util/List;)V

{* ../../docs_src/security/tutorial003_an_py310.py hl[58:66,69:74,94] *}

/// info

The additional header `WWW-Authenticate` with value `Bearer` we are returning here is also part of the spec.

Any HTTP (error) status code 401 "UNAUTHORIZED" is supposed to also return a `WWW-Authenticate` header.

In the case of bearer tokens (our case), the value of that header should be `Bearer`.

            } catch (final SmbAuthException sae) {
                response.setHeader("WWW-Authenticate", "NTLM");
                if (offerBasic) {
                    response.addHeader("WWW-Authenticate", "Basic realm=\"" + this.realm + "\"");
                }
                response.setHeader("Connection", "close");

Bei HTTP Basic Auth erwartet die Anwendung einen Header, der einen Benutzernamen und ein Passwort enthält.

Wenn sie diesen nicht empfängt, gibt sie den HTTP-Error 401 „Unauthorized“ zurück.

Und gibt einen Header `WWW-Authenticate` mit dem Wert `Basic` und einem optionalen `realm`-Parameter („Bereich“) zurück.

Dadurch wird der Browser angewiesen, die integrierte Eingabeaufforderung für einen Benutzernamen und ein Passwort anzuzeigen.

En HTTP Basic Auth, la aplicación espera un header que contiene un nombre de usuario y una contraseña.

Si no lo recibe, devuelve un error HTTP 401 "Unauthorized".

Y devuelve un header `WWW-Authenticate` con un valor de `Basic`, y un parámetro `realm` opcional.

Eso le dice al navegador que muestre el prompt integrado para un nombre de usuario y contraseña.

 *    certificate is not included in this chain.
 *  * The client's handshake certificates must include a set of trusted root certificates. They will
 *    be used to authenticate the server's certificate chain. Typically this is a set of well-known
 *    root certificates that is distributed with the HTTP client or its platform. It may be
 *    augmented by certificates private to an organization or service.

     * property values.
     *
     * @param tc
     *            context to use
     * @param domain the authentication domain
     * @param username the username to authenticate with
     * @param password the password to authenticate with
     */
    public NtlmPasswordAuthentication(final CIFSContext tc, final String domain, final String username, final String password) {

                ntlm = (NtlmPasswordAuthentication) ssn.getAttribute("npa-" + server);
            }
            if (ntlm == null) {
                resp.setHeader("WWW-Authenticate", "NTLM");
                if (offerBasic) {
                    resp.addHeader("WWW-Authenticate", "Basic realm=\"" + this.realm + "\"");
                }
                resp.setHeader("Connection", "close");

  /**
   * Returns the RFC 7235 authorization challenges appropriate for this response's code. If the
   * response code is 401 unauthorized, this returns the "WWW-Authenticate" challenges. If the
   * response code is 407 proxy unauthorized, this returns the "Proxy-Authenticate" challenges.
   * Otherwise this returns an empty list of challenges.
   *
   * If a challenge uses the `token68` variant instead of auth params, there is exactly one