Please see Authenticating and authorizing users for an introduction to the classes in the Authentication group. More...

Classes
struct	AuthorizerIntf
	An abstract class, which you must implement, provides a method of authorizing an authenticated user. More...
struct	UserIntf
	Interface class used by the Authentication classes. More...
struct	AuthenticatedUser
	Abstract base class implemented by BasicAuthUser, FormAuthUser and DigestAuthUser. More...
struct	AuthenticatorIntf
	Abstract interface class implemented by DigestAuthenticator, FormAuthenticator and DigestAuthenticator. More...
struct	LoginRespIntf
	The LoginRespIntf is an abstract class, which must be implemented when using one of DigestAuthenticator, BasicAuthenticator, and FormAuthenticator. More...
struct	AuthInfo
	An instance of the AuthInfo struct is created on the stack in the Barracuda authenticators and is used as a container object for sending information to the registered user callback methods. More...
struct	LoginTrackerIntf
	The interface between the LoginTracker and the application code. More...
struct	LoginTrackerNode
	A LoginTrackerNode keeps track of how many times a user using a specific IP address has attempted to login to the server. More...
struct	LoginTracker
	The LoginTracker class is an optional security enhancement that can be installed in an instance of one of the authenticator classes. More...
struct	Authenticator
	This class implements HTTP Basic, HTTP Digest, and Form-Based Authentication. More...
struct	BasicAuthenticator
	Implements Basic Authentication. More...
struct	DigestAuthenticator
	Implements Digest Authentication. More...
struct	FormAuthenticator
	Implements Form-Based Authentication. More...
struct	DavAuth
	This class implements HTTP Basic and HTTP Digest authentication. More...
Typedefs
typedef BaBool(*	AuthorizerIntf_Authorize )(struct AuthorizerIntf intf, struct AuthenticatedUser user, HttpMethod httpMethod, const char *path)
	Prototype for the Authorize callback method.
typedef struct AuthorizerIntf	AuthorizerIntf
	An abstract class, which you must implement, provides a method of authorizing an authenticated user.
typedef void(*	UserIntf_GetPwd )(struct UserIntf intf, struct AuthInfo info)
	The GetPwd callback function searches for info->username and sets info->password if found.
typedef struct UserIntf	UserIntf
	Interface class used by the Authentication classes.
typedef struct AuthenticatedUser	AuthenticatedUser
	Abstract base class implemented by BasicAuthUser, FormAuthUser and DigestAuthUser.
typedef AuthenticatedUser (	AuthenticatorIntf_Authenticate )(struct AuthenticatorIntf super, const char relPath, HttpCommand *cmd)
	The authenticator callback method for the abstract class AuthenticatorIntf.
typedef struct AuthenticatorIntf	AuthenticatorIntf
	Abstract interface class implemented by DigestAuthenticator, FormAuthenticator and DigestAuthenticator.
typedef void(*	LoginRespIntf_Service )(struct LoginRespIntf intf, struct AuthInfo info)
	This callback function is called if the user failed to authenticate with one of DigestAuthenticator, BasicAuthenticator, or FormAuthenticator.
typedef struct LoginRespIntf	LoginRespIntf
	The LoginRespIntf is an abstract class, which must be implemented when using one of DigestAuthenticator, BasicAuthenticator, and FormAuthenticator.
typedef struct AuthInfo	AuthInfo
	An instance of the AuthInfo struct is created on the stack in the Barracuda authenticators and is used as a container object for sending information to the registered user callback methods.
typedef BaBool(*	LoginTrackerIntf_Validate )(struct LoginTrackerIntf o, AuthInfo info, struct LoginTrackerNode *node)
	Prototype for the validate callback method.
typedef void(*	LoginTrackerIntf_Login )(struct LoginTrackerIntf o, AuthInfo info, struct LoginTrackerNode *node)
	Prototype for the Login method.
typedef void(*	LoginTrackerIntf_LoginFailed )(struct LoginTrackerIntf o, AuthInfo info, struct LoginTrackerNode *node)
	Prototype for the LoginFailed callback method.
typedef void(*	LoginTrackerIntf_TerminateNode )(struct LoginTrackerIntf o, struct LoginTrackerNode node)
	Prototype for the TerminateNode callback method.
typedef struct LoginTrackerIntf	LoginTrackerIntf
	The interface between the LoginTracker and the application code.
typedef struct LoginTrackerNode	LoginTrackerNode
	A LoginTrackerNode keeps track of how many times a user using a specific IP address has attempted to login to the server.
typedef struct LoginTracker	LoginTracker
	The LoginTracker class is an optional security enhancement that can be installed in an instance of one of the authenticator classes.
typedef Authenticator	Authenticator
	This class implements HTTP Basic, HTTP Digest, and Form-Based Authentication.
typedef BasicAuthenticator	BasicAuthenticator
	Implements Basic Authentication.
typedef DigestAuthenticator	DigestAuthenticator
	Implements Digest Authentication.
typedef FormAuthenticator	FormAuthenticator
	Implements Form-Based Authentication.
typedef DavAuth	DavAuth
	This class implements HTTP Basic and HTTP Digest authentication.
Functions
	AuthorizerIntf::AuthorizerIntf (AuthorizerIntf_Authorize authorize)
	The constructor.
bool	AuthorizerIntf::authorize (struct AuthenticatedUser user, HttpMethod method, const char path)
	Returns TRUE if user is authorized.
	UserIntf::UserIntf (UserIntf_GetPwd getPwd)
	The UserIntf constructor.
static AuthenticatedUser *	AuthenticatedUser::get (HttpRequest *request)
	Returns a pointer to an instance of class AuthenticatedUser if a session object exists and if the user is authenticated, otherwise NULL is returned.
static AuthenticatedUser *	AuthenticatedUser::get (HttpSession *session)
	Returns a pointer to an instance of class AuthenticatedUser if the user is authenticated, otherwise NULL is returned.
const char *	AuthenticatedUser::getName ()
	Returns the user's name.
HttpSession *	AuthenticatedUser::getSession ()
	Get the session object.
const char *	AuthenticatedUser::getPassword ()
	Returns the user's password.
void	AuthenticatedUser::logout (bool all=false)
	Logout user and terminate the session object.
AuthenticatedUserType	AuthenticatedUser::getType ()
	Returns the authenticator type that was used to authenticate this user.
static AuthenticatedUser *	AuthenticatedUser::getAnonymous ()
	non public
	AuthenticatorIntf::AuthenticatorIntf (AuthenticatorIntf_Authenticate authenticate)
	The constructor is used by one of the BasicAuthenticator, DigestAuthenticator or FormAuthenticator constructors.
AuthenticatedUser *	AuthenticatorIntf::authenticate (const char relPath, HttpCommand cmd)
	Authenticate the user.
	LoginRespIntf::LoginRespIntf (LoginRespIntf_Service service)
	The UserIntf constructor.
	LoginTrackerIntf::LoginTrackerIntf (LoginTrackerIntf_Validate validate, LoginTrackerIntf_Login login, LoginTrackerIntf_LoginFailed loginFailed, LoginTrackerIntf_TerminateNode terminateNode)
	Create a LoginTrackerIntf.
U32	LoginTrackerNode::getCounter ()
	Returns the number of login attempts.
U32	LoginTrackerNode::getAuxCounter ()
	Get auxiliary counter.
void	LoginTrackerNode::setAuxCounter (U32 count)
	Set auxiliary counter.
HttpSockaddr *	LoginTrackerNode::getAddr ()
	Return the HttpSockaddr.
void	LoginTrackerNode::setUserData (void *data)
	Store application data in this node.
void *	LoginTrackerNode::getUserData ()
	Fetch stored application data in this node.
BaTime	LoginTrackerNode::getTime ()
	Returns the time for the latest login attempt.
	LoginTracker::LoginTracker (U32 noOfLoginTrackerNodes, LoginTrackerIntf intf, AllocatorIntf allocator=AllocatorIntf::getDefault())
	Create a LoginTracker instance.
void	LoginTracker::clearCache ()
	Clear the LoginTrackerNode cache.
LoginTrackerNode *	LoginTracker::getFirstNode ()
	Return first LoginTrackerNode in the cache or NULL if cache empty.
LoginTrackerNode *	LoginTracker::getNextNode (LoginTrackerNode *n)
	Return the next LoginTrackerNode in the cache or NULL if no more nodes.
LoginTrackerNode *	LoginTracker::find (HttpRequest *request)
	Find LoginTrackerNode in cache by using the IP address from the request object.
	Authenticator::Authenticator (UserIntf userDbIntf, const char realm, LoginRespIntf *sendLogin)
void	Authenticator::setLoginTracker (LoginTracker *tracker)
	Prevent dictionary attacks.
BasicAuthenticator *	Authenticator::getBasicAuthenticator ()
	Get the internal BasicAuthenticator.
DigestAuthenticator *	Authenticator::getDigestAuthenticator ()
	Get the internal DigestAuthenticator.
FormAuthenticator *	Authenticator::getFormAuthenticator ()
	Get the internal FormAuthenticator.
	BasicAuthenticator::BasicAuthenticator (UserIntf userDbIntf, const char realm, LoginRespIntf *sendLogin)
void	BasicAuthenticator::setLoginTracker (LoginTracker *tracker)
	Prevent dictionary attacks.
static void	BasicAuthenticator::setAutHeader (const char realm, HttpResponse response)
	Sets a HTTP basic authenticate header and sets status to 401.
int	BasicAuthenticator::isUserValid (HttpCommand *cmd)
	Returns status of an authenticated user.
	DigestAuthenticator::DigestAuthenticator (UserIntf userDbIntf, const char realm, LoginRespIntf *sendLogin)
void	DigestAuthenticator::setLoginTracker (LoginTracker *tracker)
	Prevent dictionary attacks.
static void	DigestAuthenticator::setAutHeader (const char realm, HttpResponse response)
	Sets a HTTP digest authenticate header and sets status to 401.
int	DigestAuthenticator::isUserValid (HttpCommand *cmd)
	Returns status of an authenticated user.
void	DigestAuthenticator::setStrictMode (bool enableStrictMode=false)
	Enable strict mode.
	FormAuthenticator::FormAuthenticator (UserIntf userDbIntf, LoginRespIntf sendLogin)
void	FormAuthenticator::setLoginTracker (LoginTracker *tracker)
	Prevent dictionary attacks.
void	FormAuthenticator::setSecure ()
	Set authenticator into secure mode and accept only SSL connections.
	DavAuth::DavAuth (UserIntf userDbIntf, const char realm)
	Create a DavAuth instance.
BasicAuthenticator *	DavAuth::getBasicAuth ()
	Get the internal BasicAuthenticator.
DigestAuthenticator *	DavAuth::getDigestAuth ()
	Get the internal DigestAuthenticator.
void	DavAuth::setLoginTracker (LoginTracker *tracker)
	Prevent dictionary attacks.

Detailed Description

Please see Authenticating and authorizing users for an introduction to the classes in the Authentication group.

See also:: Barracuda Introduction

Typedef Documentation

typedef struct AuthenticatedUser AuthenticatedUser

Abstract base class implemented by BasicAuthUser, FormAuthUser and DigestAuthUser.

Please see the User Authentication documentation for more information.

typedef Authenticator Authenticator

This class implements HTTP Basic, HTTP Digest, and Form-Based Authentication.

The Authentication class, which implements all authentication methods in the server, is very useful in a mixed client environment. A limitation with Basic and Digest authentication is that the pop-up window presented by the browser is not user friendly. Consequently, it is common to use a customizable HTML user interface for login. A non-browser client such as a C program, a Java program, or a Python script will usually not be able to display a HTML based login user interface. For this reason, it is recommended to use Basic or Digest authentication for non-browser clients.

The Authentication class makes it possible for the client to decide on the authentication method used. The default authentication is a "form login" and will automatically be used by a HTML browser interface.

A non-HTML client can force the authentication to be one of Basic or Digest by explicitly setting the "Authorization" HTTP header. An instance of the Authentication class analyzes the "Authorization" HTTP header and forwards the request to one of Basic, Digest, or form based login classes. A non-authenticated user requesting a resource without an "Authorization" header is forwarded to the form login class.

It is very simple to use the Authentication class if you use a client HTTP library that automatically handles Digest and/or Basic authentication. You simply set the header to one of Basic or Digest and leave the implementation details to the client HTTP library.

Forcing the login to be Basic or Digest from a client using a client HTTP library:

setHttpHeader("PrefAuth", "Basic"); /* force basic authentication */
setHttpHeader("PrefAuth", "Digest"); /* force digest authentication */

Other uses for the Authentication class include use of Digest authentication for clients that can properly handle Digest authentication and use of Basic authentication for clients that cannot properly handle or do not implement Digest authentication.

typedef AuthenticatedUser*(* AuthenticatorIntf_Authenticate)(struct AuthenticatorIntf *super, const char *relPath, HttpCommand *cmd)

The authenticator callback method for the abstract class AuthenticatorIntf.

Parameters:

super	a pointer to the super class.
cmd	The HttpRequest HttpResponse container.

Returns:: The AuthenticatedUser if authenticated, otherwise NULL is returned.

typedef BaBool(* AuthorizerIntf_Authorize)(struct AuthorizerIntf *intf, struct AuthenticatedUser *user, HttpMethod httpMethod, const char *path)

Prototype for the Authorize callback method.

Parameters:

intf	The object pointer, which you must upcast to your class implementation; i.e., MySecurityRealm* o = (MySecurityRealm*)intf;
user.	A reference to the authenticated user. The method must return false if user is NULL.
httpMethod	The HTTP method type: From HttpRequest::getMethodType
path	the path to the requested resource.

typedef BasicAuthenticator BasicAuthenticator

Implements Basic Authentication.

Please see the User Authentication documentation for more information.

typedef DavAuth DavAuth

This class implements HTTP Basic and HTTP Digest authentication.

The client selects the HTTP authentication method it wants to use. The authenticator also handles the domain name prefix added to the user name by many Microsoft HTTP clients.

This class was specifically designed for our WebDAV plugin, but the authenticator is also useful when authenticating non-browser clients in a mixed environment.

typedef DigestAuthenticator DigestAuthenticator

Implements Digest Authentication.

Please see the User Authentication documentation for more information.

typedef FormAuthenticator FormAuthenticator

Implements Form-Based Authentication.

See the User Authentication documentation for an introduction to authentication and authorization.

A form authenticator can be used only by browser clients. A form authenticator is not suitable for authenticating Applets, the EventHandler, or any type of non HTML based applications. See the Authenticator class for more information.

See also:: Authenticator

typedef struct LoginRespIntf LoginRespIntf

The LoginRespIntf is an abstract class, which must be implemented when using one of DigestAuthenticator, BasicAuthenticator, and FormAuthenticator.

The Barracuda authenticators call the service method if the user is not authenticated or failed to login. The service method must respond by sending a message to the client.

typedef void(* LoginRespIntf_Service)(struct LoginRespIntf *intf, struct AuthInfo *info)

This callback function is called if the user failed to authenticate with one of DigestAuthenticator, BasicAuthenticator, or FormAuthenticator.

The service function must send an appropriate error message to the client.

The callback is also called when a FormAuthenticator instance needs to send the form login page to the client. This callback can detect the difference between sending the login page and the error page by checking info->username. This variable is NULL when the callback must send the login page.

typedef struct LoginTracker LoginTracker

The LoginTracker class is an optional security enhancement that can be installed in an instance of one of the authenticator classes.

A hacker may write an automated password cracker tool to exploit weak passwords. This is often referred to as a Dictionary attack.

The purpose with the LoginTracker is to make it virtually impossible to perform dictionary attacks on the Barracuda authenticator classes. The LoginTracker keeps track of IP addresses that failed to supply the correct user and/or password. The LoginTracker keeps a cache of LoginTrackerNode instances where each LoginTrackerNode stores information such as IP address and time of login attempt.

You can download and try the BarracudaDrive demo for a practical example of using the LoginTracker. Enter an invalid user/password when logging into the BarracudaDrive Web Server and observe the response message.

typedef struct LoginTrackerIntf LoginTrackerIntf

The interface between the LoginTracker and the application code.

You must inherit and implement the callback methods required for the LoginTrackerIntf.

typedef void(* LoginTrackerIntf_Login)(struct LoginTrackerIntf *o, AuthInfo *info, struct LoginTrackerNode *node)

Prototype for the Login method.

The Login method is called when a user is authenticated.

Parameters:

info	The AuthInfo container object.
node	may be be NULL if the object was recycled. This object is automatically terminated as soon as this callback returns; i.e., the terminate callback is called.

typedef void(* LoginTrackerIntf_LoginFailed)(struct LoginTrackerIntf *o, AuthInfo *info, struct LoginTrackerNode *node)

Prototype for the LoginFailed callback method.

The LoginFailed method is called when a user attempts to log in and the user and/or password is incorrect.

One can potentially tarpit the failed login attempt if you run the HTTP server in threaded mode, but a short "login window" is probably more than sufficient in most applications. The "login window" length is controlled in the LoginTrackerIntf_Validate callback method.

typedef void(* LoginTrackerIntf_TerminateNode)(struct LoginTrackerIntf *o, struct LoginTrackerNode *node)

Prototype for the TerminateNode callback method.

The TerminateNode method is called when the LoginTracker reuses a node in the internal node cache. The TerminateNode method can be used for clearing/releasing any data set with method LoginTrackerNode::setUserData.

typedef BaBool(* LoginTrackerIntf_Validate)(struct LoginTrackerIntf *o, AuthInfo *info, struct LoginTrackerNode *node)

Prototype for the validate callback method.

The validate callback method is called before attempting to authorize a user. The validate callback method can keep track of the login counter in the LoginTrackerNode and either accepts or denies the user. The method should return true if the request is accepted and false if the request is denied. Attribute info.denied is set by the LoginTracker if this method returns false.

typedef struct LoginTrackerNode LoginTrackerNode

A LoginTrackerNode keeps track of how many times a user using a specific IP address has attempted to login to the server.

The LoginTracker stores LoginTrackerNodes internally in a cache.

typedef struct UserIntf UserIntf

Interface class used by the Authentication classes.

The getPwd function returns the user's password if user found.

typedef void(* UserIntf_GetPwd)(struct UserIntf *intf, struct AuthInfo *info)

The GetPwd callback function searches for info->username and sets info->password if found.

info->userObj is NULL, but can be set in this callback to signal information to the other callbacks such as LoginRespIntf_Service.

info->user is NULL when this method is called.

The method is allowed to set header values and work with the response object. The authenticator stops authentication and returns FALSE if the response object is committed; i.e., the login fails.

The authenticator checks if the response is committed on return. The authenticator assumes the user is not authenticated if the response is committed.

Function Documentation

AuthenticatedUser * AuthenticatorIntf::authenticate	(	const char *	relPath,
		HttpCommand *	cmd
	)

Authenticate the user.

Returns:: The AuthenticatedUser if authenticated, otherwise NULL is returned.

Authenticator::Authenticator	(	UserIntf *	userDbIntf,
		const char *	realm,
		LoginRespIntf *	sendLogin
	)

Parameters:

userDbIntf	is a reference to a user database you must provide/implement.
realm	is the name of the Basic Authenticator realm.
sendLogin	must be an implementation of LoginRespIntf.

bool AuthorizerIntf::authorize	(	struct AuthenticatedUser *	user,
		HttpMethod	method,
		const char *	path
	)

Returns TRUE if user is authorized.

Parameters:

user	AuthenticatedUser::get
method	The HTTP method type: From HttpRequest::getMethodType
path	The relative path element of the URL requested by the user.

AuthorizerIntf::AuthorizerIntf ( AuthorizerIntf_Authorize authorize )

The constructor.

Parameters:

authorize Pointer to authorize method.

BasicAuthenticator::BasicAuthenticator	(	UserIntf *	userDbIntf,
		const char *	realm,
		LoginRespIntf *	sendLogin
	)

Parameters:

userDbIntf	is a reference to a user database you must provide/implement.
realm	is the name displayed in the browser's pop-up window.
sendLogin	must be an implementation of LoginRespIntf.

DavAuth::DavAuth	(	UserIntf *	userDbIntf,
		const char *	realm
	)

Create a DavAuth instance.

Parameters:

userDbIntf	is a reference to a user database you must provide/implement.
realm	is the realm name provided to the client.

DigestAuthenticator::DigestAuthenticator	(	UserIntf *	userDbIntf,
		const char *	realm,
		LoginRespIntf *	sendLogin
	)

Parameters:

userDbIntf	is a reference to a user database you must provide/implement.
realm	is the name displayed in the browser's pop-up window.
sendLogin	must be an implementation of LoginRespIntf.

LoginTrackerNode * LoginTracker::find ( HttpRequest * request )

Find LoginTrackerNode in cache by using the IP address from the request object.

Returns:: the LoginTrackerNode if the user is in the cache or NULL if the user either never has failed a login attempt or the user is authenticated.

FormAuthenticator::FormAuthenticator	(	UserIntf *	userDbIntf,
		LoginRespIntf *	sendLogin
	)

Parameters:

userDbIntf	is a reference to a user database you must provide/implement.
sendLogin	must be an implementation of LoginRespIntf.

AuthenticatedUser * AuthenticatedUser::get ( HttpRequest * request ) [static]

Returns a pointer to an instance of class AuthenticatedUser if a session object exists and if the user is authenticated, otherwise NULL is returned.

          AuthenticatedUser* user;
          user = AuthenticatedUser::get(reguest);

C name: AuthenticatedUser_get1

AuthenticatedUser * AuthenticatedUser::get ( HttpSession * session ) [static]

Returns a pointer to an instance of class AuthenticatedUser if the user is authenticated, otherwise NULL is returned.

          AuthenticatedUser* user;
          user = AuthenticatedUser::get(reguest->getSession(false));

C name: AuthenticatedUser_get2

See also:: HttpServer::getSession

HttpSession * AuthenticatedUser::getSession ( )

Get the session object.

See also:: HttpSession::getId

AuthenticatedUserType AuthenticatedUser::getType ( )

Returns the authenticator type that was used to authenticate this user.

See also:: attribute type in AuthInfo.

int BasicAuthenticator::isUserValid ( HttpCommand * cmd )

Returns status of an authenticated user.

This method together with setAutHeader can be used to force a browser to log out (invalidate) a user.

Returns:

-2: No authorization header found.
-1: Authorization header invalid or not a Basic header.
0: Valid header, but user not found in user database.
1: User found in user database and password is correct.

See also:: DigestAuthenticator::isUserValid

int DigestAuthenticator::isUserValid ( HttpCommand * cmd )

Returns status of an authenticated user.

This method together with setAutHeader can be used to force a browser to log out (invalidate) a user.

Returns:

-2: No authorization header found.
-1: Authorization header invalid or not a Digest header.
0: Valid header, but user not found in user database.
1: User found in user database and password is correct.

See also:: BasicAuthenticator::isUserValid

LoginRespIntf::LoginRespIntf ( LoginRespIntf_Service service )

The UserIntf constructor.

Parameters:

service a pointer to the response service callback function.

LoginTracker::LoginTracker	(	U32	noOfLoginTrackerNodes,
		LoginTrackerIntf *	intf,
		AllocatorIntf *	allocator = `AllocatorIntf::getDefault()`
	)

Create a LoginTracker instance.

Parameters:

noOfLoginTrackerNodes	size of internal LoginTrackerNode cache.
intf	the application interface used by the LoginTracker.
allocator	the allocator uses when allocating the LoginTracker nodes.

LoginTrackerIntf::LoginTrackerIntf	(	LoginTrackerIntf_Validate	validate,
		LoginTrackerIntf_Login	login,
		LoginTrackerIntf_LoginFailed	loginFailed,
		LoginTrackerIntf_TerminateNode	terminateNode
	)

Create a LoginTrackerIntf.

Parameters:

validate	validate a user.
login	A user successfully logged in.
loginFailed	The login attempt failed.
terminateNode	The LoginTrackerNode is recycled.

void AuthenticatedUser::logout ( bool all = false )

Logout user and terminate the session object.

You should use this method and not HttpSession:terminate when logging out a user.

Example

        // The following code works if AuthenticatedUser::get returns NULL.
        AuthenticatedUser::get(request)->logout();

Basic and Digest logout:

With Basic and Digest authentication, the browser remembers the user and password. This means that this method will not have any effect with Basic and Digest since the user will be automatically logged in as soon as the browser sends a request to the server.

The only viable solution to logging out using Basic and Digest is to terminate the browser client.

Parameters:

all	Set to true if you want to terminate all of the user's active sessions. A user may be logged in using more than one client. One must typically set all=true when changing password as all clients must be terminated or the clients may get a 403 response.

void BasicAuthenticator::setAutHeader	(	const char *	realm,
		HttpResponse *	response
	)		`[static]`

Sets a HTTP basic authenticate header and sets status to 401.

This method can be used to design logic for invalidating the user and password saved by a browser.

void DigestAuthenticator::setAutHeader	(	const char *	realm,
		HttpResponse *	response
	)		`[static]`

Sets a HTTP digest authenticate header and sets status to 401.

This method can be used to design logic for invalidating the user and password saved by a browser.

void BasicAuthenticator::setLoginTracker ( LoginTracker * tracker )

Prevent dictionary attacks.

Parameters: