Interface Authenticator

public interface Authenticator

This interface provides a way to respond to authentication challenge and authentication response headers. When a client or server receives an authentication challenge or authentication response header, the onAuthenticationChallenge() or onAuthenticationResponse() will be called, respectively, by the implementation.

For more information on how the authentication procedure works in OBEX, please review the IrOBEX specification at

Authentication Challenges

When a client or server receives an authentication challenge header, the onAuthenticationChallenge() method will be invoked by the OBEX API implementation. The application will then return the user name (if needed) and password via a PasswordAuthentication object. The password in this object is not sent in the authentication response. Instead, the 16-byte challenge received in the authentication challenge is combined with the password returned from the onAuthenticationChallenge() method and passed through the MD5 hash algorithm. The resulting value is sent in the authentication response along with the user name if it was provided.

Authentication Responses

When a client or server receives an authentication response header, the onAuthenticationResponse() method is invoked by the API implementation with the user name received in the authentication response header. (The user name will be null if no user name was provided in the authentication response header.) The application must determine the correct password. This value should be returned from the onAuthenticationResponse() method. If the authentication request should fail without the implementation checking the password, null should be returned by the application. (This is needed for reasons like not recognizing the user name, etc.) If the returned value is not null, the OBEX API implementation will combine the password returned from the onAuthenticationResponse() method and challenge sent via the authentication challenge, apply the MD5 hash algorithm, and compare the result to the response hash received in the authentication response header. If the values are not equal, an IOException will be thrown if the client requested authentication. If the server requested authentication, the onAuthenticationFailure() method will be called on the ServerRequestHandler that failed authentication. The connection is not closed if authentication failed.

JDE 4.2.1

Method Summary
 PasswordAuthentication onAuthenticationChallenge(String description, boolean isUserIdRequired, boolean isFullAccess)
          Called when a client or a server receives an authentication challenge header.
 byte[] onAuthenticationResponse(byte[] userName)
          Called when a client or server receives an authentication response header.

Method Detail


public PasswordAuthentication onAuthenticationChallenge(String description,
                                                        boolean isUserIdRequired,
                                                        boolean isFullAccess)
Called when a client or a server receives an authentication challenge header. It should respond to the challenge with a PasswordAuthentication that contains the correct user name and password for the challenge.
description - the description of which user name and password should be used; if no description is provided in the authentication challenge or the description is encoded in an encoding scheme that is not supported, an empty string will be provided
isUserIdRequired - true if the user ID is required; false if the user ID is not required
isFullAccess - true if full access to the server will be granted; false if read only access will be granted
a PasswordAuthentication object containing the user name and password used for authentication
JDE 4.2.1


public byte[] onAuthenticationResponse(byte[] userName)
Called when a client or server receives an authentication response header. This method will provide the user name and expect the correct password to be returned.
userName - the user name provided in the authentication response; may be null
the correct password for the user name provided; if null is returned then the authentication request failed
JDE 4.2.1

Copyright 1999-2009 Research In Motion Limited. 295 Phillip Street, Waterloo, Ontario, Canada, N2L 3W8. All Rights Reserved.
Copyright 1993-2003 Sun Microsystems, Inc. 901 San Antonio Road, Palo Alto, California, 94303, U.S.A.
Copyright 2002-2003 Nokia Corporation All Rights Reserved.
Java is a trademark or registered trademark of Sun Microsystems, Inc. in the US and other countries.