diff --git a/src/java/org/apache/http/auth/AuthPolicy.java b/src/java/org/apache/http/auth/AuthPolicy.java
new file mode 100644
index 000000000..2278468b6
--- /dev/null
+++ b/src/java/org/apache/http/auth/AuthPolicy.java
@@ -0,0 +1,191 @@
+/*
+ * $HeadURL$
+ * $Revision$
+ * $Date$
+ *
+ * ====================================================================
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+
+package org.apache.http.auth;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.http.impl.auth.BasicScheme;
+import org.apache.http.impl.auth.DigestScheme;
+
+/**
+ * Authentication policy class. The Authentication policy provides corresponding
+ * authentication scheme interfrace for a given type of authorization challenge.
+ *
The following specifications are provided:
+ *
+ * - Basic: Basic authentication scheme as defined in RFC2617
+ * (considered inherently insecure, but most widely supported)
+ *
- Digest: Digest authentication scheme as defined in RFC2617
+ *
- NTLM: The NTLM scheme is a proprietary Microsoft Windows
+ * Authentication protocol (considered to be the most secure among
+ * currently supported authentication schemes)
+ *
+ *
+ * @author Oleg Kalnichevski
+ *
+ * @version $Revision$
+ * @since 3.0
+ */
+public abstract class AuthPolicy {
+
+ private static final HashMap SCHEMES = new HashMap();
+ private static final ArrayList SCHEME_LIST = new ArrayList();
+
+ /**
+ * The key used to look up the list of IDs of supported {@link AuthScheme
+ * authentication schemes} in their order of preference. The scheme IDs are
+ * stored in a {@link java.util.Collection} as {@link java.lang.String}s.
+ *
+ *
+ * If several schemes are returned in the WWW-Authenticate
+ * or Proxy-Authenticate header, this parameter defines which
+ * {@link AuthScheme authentication schemes} takes precedence over others.
+ * The first item in the collection represents the most preferred
+ * {@link AuthScheme authentication scheme}, the last item represents the ID
+ * of the least preferred one.
+ *
+ *
+ * @see org.apache.commons.httpclient.params.DefaultHttpParams
+ */
+ public static final String AUTH_SCHEME_PRIORITY = "http.auth.scheme-priority";
+
+ /**
+ * The NTLM scheme is a proprietary Microsoft Windows Authentication
+ * protocol (considered to be the most secure among currently supported
+ * authentication schemes).
+ */
+ public static final String NTLM = "NTLM";
+
+ /**
+ * Digest authentication scheme as defined in RFC2617.
+ */
+ public static final String DIGEST = "Digest";
+
+ /**
+ * Basic authentication scheme as defined in RFC2617 (considered inherently
+ * insecure, but most widely supported)
+ */
+ public static final String BASIC = "Basic";
+
+ static {
+// AuthPolicy.registerAuthScheme(NTLM, NTLMScheme.class);
+ AuthPolicy.registerAuthScheme(DIGEST, DigestScheme.class);
+ AuthPolicy.registerAuthScheme(BASIC, BasicScheme.class);
+ }
+
+ /** Log object. */
+ protected static final Log LOG = LogFactory.getLog(AuthPolicy.class);
+
+ /**
+ * Registers a class implementing an {@link AuthScheme authentication scheme} with
+ * the given identifier. If a class with the given ID already exists it will be overridden.
+ * This ID is the same one used to retrieve the {@link AuthScheme authentication scheme}
+ * from {@link #getAuthScheme(String)}.
+ *
+ *
+ * Please note that custom authentication preferences, if used, need to be updated accordingly
+ * for the new {@link AuthScheme authentication scheme} to take effect.
+ *
+ *
+ * @param id the identifier for this scheme
+ * @param clazz the class to register
+ *
+ * @see #getAuthScheme(String)
+ * @see #AUTH_SCHEME_PRIORITY
+ */
+ public static synchronized void registerAuthScheme(final String id, Class clazz) {
+ if (id == null) {
+ throw new IllegalArgumentException("Id may not be null");
+ }
+ if (clazz == null) {
+ throw new IllegalArgumentException("Authentication scheme class may not be null");
+ }
+ SCHEMES.put(id.toLowerCase(), clazz);
+ SCHEME_LIST.add(id.toLowerCase());
+ }
+
+ /**
+ * Unregisters the class implementing an {@link AuthScheme authentication scheme} with
+ * the given ID.
+ *
+ * @param id the ID of the class to unregister
+ */
+ public static synchronized void unregisterAuthScheme(final String id) {
+ if (id == null) {
+ throw new IllegalArgumentException("Id may not be null");
+ }
+ SCHEMES.remove(id.toLowerCase());
+ SCHEME_LIST.remove(id.toLowerCase());
+ }
+
+ /**
+ * Gets the {@link AuthScheme authentication scheme} with the given ID.
+ *
+ * @param id the {@link AuthScheme authentication scheme} ID
+ *
+ * @return {@link AuthScheme authentication scheme}
+ *
+ * @throws IllegalStateException if a scheme with the ID cannot be found
+ */
+ public static synchronized AuthScheme getAuthScheme(final String id)
+ throws IllegalStateException {
+
+ if (id == null) {
+ throw new IllegalArgumentException("Id may not be null");
+ }
+ Class clazz = (Class)SCHEMES.get(id.toLowerCase());
+ if (clazz != null) {
+ try {
+ return (AuthScheme)clazz.newInstance();
+ } catch (Exception e) {
+ LOG.error("Error initializing authentication scheme: " + id, e);
+ throw new IllegalStateException(id +
+ " authentication scheme implemented by " +
+ clazz.getName() + " could not be initialized");
+ }
+ } else {
+ throw new IllegalStateException("Unsupported authentication scheme " + id);
+ }
+ }
+
+ /**
+ * Returns a list containing all registered {@link AuthScheme authentication
+ * schemes} in their default order.
+ *
+ * @return {@link AuthScheme authentication scheme}
+ */
+ public static synchronized List getDefaultAuthPrefs() {
+ return (List)SCHEME_LIST.clone();
+ }
+}
diff --git a/src/java/org/apache/http/auth/AuthScope.java b/src/java/org/apache/http/auth/AuthScope.java
new file mode 100644
index 000000000..7a3d5b74a
--- /dev/null
+++ b/src/java/org/apache/http/auth/AuthScope.java
@@ -0,0 +1,305 @@
+/*
+ * $HeadURL$
+ * $Revision$
+ * $Date$
+ *
+ * ====================================================================
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ */
+
+package org.apache.http.auth;
+
+import org.apache.http.util.LangUtils;
+
+/**
+ * The class represents an authentication scope consisting of a host name,
+ * a port number, a realm name and an authentication scheme name which
+ * {@link org.apache.commons.httpclient.Credentials} apply to.
+ *
+ * @author Oleg Kalnichevski
+ * @author Adrian Sutton
+ *
+ * @since 3.0
+ */
+public class AuthScope {
+
+ /**
+ * The null value represents any host. In the future versions of
+ * HttpClient the use of this parameter will be discontinued.
+ */
+ public static final String ANY_HOST = null;
+
+ /**
+ * The -1 value represents any port.
+ */
+ public static final int ANY_PORT = -1;
+
+ /**
+ * The null value represents any realm.
+ */
+ public static final String ANY_REALM = null;
+
+ /**
+ * The null value represents any authentication scheme.
+ */
+ public static final String ANY_SCHEME = null;
+
+ /**
+ * Default scope matching any host, port, realm and authentication scheme.
+ * In the future versions of HttpClient the use of this parameter will be
+ * discontinued.
+ */
+ public static final AuthScope ANY = new AuthScope(ANY_HOST, ANY_PORT, ANY_REALM, ANY_SCHEME);
+
+ /** The authentication scheme the credentials apply to. */
+ private String scheme = null;
+
+ /** The realm the credentials apply to. */
+ private String realm = null;
+
+ /** The host the credentials apply to. */
+ private String host = null;
+
+ /** The port the credentials apply to. */
+ private int port = -1;
+
+ /** Creates a new credentials scope for the given
+ * host, port, realm, and
+ * authentication scheme.
+ *
+ * @param host the host the credentials apply to. May be set
+ * to null if credenticals are applicable to
+ * any host.
+ * @param port the port the credentials apply to. May be set
+ * to negative value if credenticals are applicable to
+ * any port.
+ * @param realm the realm the credentials apply to. May be set
+ * to null if credenticals are applicable to
+ * any realm.
+ * @param scheme the authentication scheme the credentials apply to.
+ * May be set to null if credenticals are applicable to
+ * any authentication scheme.
+ *
+ * @since 3.0
+ */
+ public AuthScope(final String host, int port,
+ final String realm, final String scheme)
+ {
+ this.host = (host == null) ? ANY_HOST: host.toLowerCase();
+ this.port = (port < 0) ? ANY_PORT: port;
+ this.realm = (realm == null) ? ANY_REALM: realm;
+ this.scheme = (scheme == null) ? ANY_SCHEME: scheme.toUpperCase();;
+ }
+
+ /** Creates a new credentials scope for the given
+ * host, port, realm, and any
+ * authentication scheme.
+ *
+ * @param host the host the credentials apply to. May be set
+ * to null if credenticals are applicable to
+ * any host.
+ * @param port the port the credentials apply to. May be set
+ * to negative value if credenticals are applicable to
+ * any port.
+ * @param realm the realm the credentials apply to. May be set
+ * to null if credenticals are applicable to
+ * any realm.
+ *
+ * @since 3.0
+ */
+ public AuthScope(final String host, int port, final String realm) {
+ this(host, port, realm, ANY_SCHEME);
+ }
+
+ /** Creates a new credentials scope for the given
+ * host, port, any realm name, and any
+ * authentication scheme.
+ *
+ * @param host the host the credentials apply to. May be set
+ * to null if credenticals are applicable to
+ * any host.
+ * @param port the port the credentials apply to. May be set
+ * to negative value if credenticals are applicable to
+ * any port.
+ *
+ * @since 3.0
+ */
+ public AuthScope(final String host, int port) {
+ this(host, port, ANY_REALM, ANY_SCHEME);
+ }
+
+ /**
+ * Creates a copy of the given credentials scope.
+ *
+ * @since 3.0
+ */
+ public AuthScope(final AuthScope authscope) {
+ super();
+ if (authscope == null) {
+ throw new IllegalArgumentException("Scope may not be null");
+ }
+ this.host = authscope.getHost();
+ this.port = authscope.getPort();
+ this.realm = authscope.getRealm();
+ this.scheme = authscope.getScheme();
+ }
+
+ /**
+ * @return the host
+ *
+ * @since 3.0
+ */
+ public String getHost() {
+ return this.host;
+ }
+
+ /**
+ * @return the port
+ *
+ * @since 3.0
+ */
+ public int getPort() {
+ return this.port;
+ }
+
+ /**
+ * @return the realm name
+ *
+ * @since 3.0
+ */
+ public String getRealm() {
+ return this.realm;
+ }
+
+ /**
+ * @return the scheme type
+ *
+ * @since 3.0
+ */
+ public String getScheme() {
+ return this.scheme;
+ }
+
+ /**
+ * Tests if the authentication scopes match.
+ *
+ * @return the match factor. Negative value signifies no match.
+ * Non-negative signifies a match. The greater the returned value
+ * the closer the match.
+ *
+ * @since 3.0
+ */
+ public int match(final AuthScope that) {
+ int factor = 0;
+ if (LangUtils.equals(this.scheme, that.scheme)) {
+ factor += 1;
+ } else {
+ if (this.scheme != ANY_SCHEME && that.scheme != ANY_SCHEME) {
+ return -1;
+ }
+ }
+ if (LangUtils.equals(this.realm, that.realm)) {
+ factor += 2;
+ } else {
+ if (this.realm != ANY_REALM && that.realm != ANY_REALM) {
+ return -1;
+ }
+ }
+ if (this.port == that.port) {
+ factor += 4;
+ } else {
+ if (this.port != ANY_PORT && that.port != ANY_PORT) {
+ return -1;
+ }
+ }
+ if (LangUtils.equals(this.host, that.host)) {
+ factor += 8;
+ } else {
+ if (this.host != ANY_HOST && that.host != ANY_HOST) {
+ return -1;
+ }
+ }
+ return factor;
+ }
+
+ /**
+ * @see java.lang.Object#equals(Object)
+ */
+ public boolean equals(Object o) {
+ if (o == null) {
+ return false;
+ }
+ if (o == this) {
+ return true;
+ }
+ if (!(o instanceof AuthScope)) {
+ return super.equals(o);
+ }
+ AuthScope that = (AuthScope) o;
+ return
+ LangUtils.equals(this.host, that.host)
+ && this.port == that.port
+ && LangUtils.equals(this.realm, that.realm)
+ && LangUtils.equals(this.scheme, that.scheme);
+ }
+
+ /**
+ * @see java.lang.Object#toString()
+ */
+ public String toString() {
+ StringBuffer buffer = new StringBuffer();
+ if (this.scheme != null) {
+ buffer.append(this.scheme.toUpperCase());
+ buffer.append(' ');
+ }
+ if (this.realm != null) {
+ buffer.append('\'');
+ buffer.append(this.realm);
+ buffer.append('\'');
+ } else {
+ buffer.append("");
+ }
+ if (this.host != null) {
+ buffer.append('@');
+ buffer.append(this.host);
+ if (this.port >= 0) {
+ buffer.append(':');
+ buffer.append(this.port);
+ }
+ }
+ return buffer.toString();
+ }
+
+ /**
+ * @see java.lang.Object#hashCode()
+ */
+ public int hashCode() {
+ int hash = LangUtils.HASH_SEED;
+ hash = LangUtils.hashCode(hash, this.host);
+ hash = LangUtils.hashCode(hash, this.port);
+ hash = LangUtils.hashCode(hash, this.realm);
+ hash = LangUtils.hashCode(hash, this.scheme);
+ return hash;
+ }
+}