当前位置：文江博客知识库 en-US 文档 Mozilla Tech XPCOM Reference Interface nsIAuthModule

nsIAuthModule 编辑

netwerk/base/public/nsIAuthModule.idlScriptable This interface is intended to be used as server and client authentication service. Inherits from: nsISupports Last changed in Gecko 1.8 (Firefox 1.5 / Thunderbird 1.5 / SeaMonkey 1.0)

Method overview

void getNextToken([const] in voidPtr aInToken, in unsigned long aInTokenLength, out voidPtr aOutToken, out unsigned long aOutTokenLength);

void init(in string aServiceName, in unsigned long aServiceFlags, in wstring aDomain, in wstring aUsername, in wstring aPassword);

void unwrap([const] in voidPtr aInToken, in unsigned long aInTokenLength, out voidPtr aOutToken, out unsigned long aOutTokenLength);

void wrap([const] in voidPtr aInToken, in unsigned long aInTokenLength, in boolean confidential, out voidPtr aOutToken, out unsigned long aOutTokenLength);

Constants

Constant	Value	Description
`REQ_DEFAULT`	`0`	Default behavior.
`REQ_MUTUAL_AUTH`	`(1 << 0)`	Client and server will be authenticated.
`REQ_DELEGATE`	`(1 << 1)`	The server is allowed to impersonate the client. The `REQ_MUTUAL_AUTH` flag may also need to be specified in order for this flag to take effect.

Methods

getNextToken()

This method is called to get the next token in a sequence of authentication steps.

void getNextToken(
  [const] in voidPtr aInToken,
  in unsigned long aInTokenLength,
  out voidPtr aOutToken,
  out unsigned long aOutTokenLength
);

Parameters

aInToken: A buffer containing the input token (For example a challenge from a server). This may be null.
aInTokenLength: The length of the input token.
aOutToken: If getNextToken succeeds, then aOutToken will point to a buffer to be sent in response to the server challenge. The length of this buffer is given by aOutTokenLength. The buffer at aOutToken must be recycled with a call to nsIMemory.free().
aOutTokenLength: If getNextToken succeeds, then aOutTokenLength contains the length of the buffer (number of bytes) pointed to by aOutToken.

init()

This method is called to initialize an auth module. The other methods cannot be called unless this method succeeds.

void init(
  in string aServiceName,
  in unsigned long aServiceFlags,
  in wstring aDomain,
  in wstring aUsername,
  in wstring aPassword
);

Parameters

aServiceName: The service name, which may be null if not applicable (For example, for NTLM, this parameter should be null).
aServiceFlags: A bitwise-or of the REQ_ constants (pass REQ_DEFAULT for default behavior).
aDomain: The authentication domain, which may be null if not applicable.
aUsername: The user's login name.
aPassword: The user's password.

unwrap()

This method is used to unpack, decrypt, and verify the checksums on data returned by a server when security layers are in use.

void unwrap(
  [const] in voidPtr aInToken,
  in unsigned long aInTokenLength,
  out voidPtr aOutToken,
  out unsigned long aOutTokenLength
);

Parameters

aInToken: A buffer containing the data received from the server.
aInTokenLength: The length of the input token.
aOutToken: A buffer containing the plaintext data from the server.
aOutTokenLength: The length of the output token buffer.

Exceptions thrown

NS_ERROR_NOT_IMPLEMENTED: If the underlying authentication mechanism does not support security layers.

wrap()

Once a security context has been established through calls to getNextToken() it may be used to protect data exchanged between client and server. Calls to this method are used to protect items of data to be sent to the server.

void wrap(
  [const] in voidPtr aInToken,
  in unsigned long aInTokenLength,
  in boolean confidential,
  out voidPtr aOutToken,
  out unsigned long aOutTokenLength
);

Parameters

aInToken: A buffer containing the data to be sent to the server.
aInTokenLength: The length of the input token.
confidential: If set to true, it will encrypt the data, otherwise data will just be integrity protected (checksummed).
aOutToken: A buffer containing the resulting data to be sent to the server.
aOutTokenLength: The length of the output token buffer.