httpauth 0.1 → 0.2.0

data/LICENSE

@@ -1,16 +1,20 @@
-HTTPauth is an HTTP Authentication library for Ruby
-Copyright (C) 2006 Fingertips, Manfred Stienstra <m.stienstra@fngtps.com>
+Copyright (C) 2006-2011
+  Manfred Stienstra <manfred@fngtps.com>, Fingertips,
+  Tim Olsen <tim@brooklynpenguin.com>
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
 
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2 of the License, or
-(at your option) any later version.
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
 
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License along
-with this program; if not, write to the Free Software Foundation, Inc.,
-51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/{README → README.md}

@@ -1,4 +1,5 @@
-= README
+HTTPauth
+======
 
 HTTPauth is a library supporting the full HTTP Authentication protocol as specified in RFC 2617; both Digest Authentication and Basic Authentication. We aim to make HTTPAuth as compliant as possible.
 
@@ -6,34 +7,34 @@ HTTPAuth is built to be completely agnostic of the HTTP implementation. If you h
 
 This project is currently under development, don't use it in mission critical applications.
 
-== Getting started
+## Getting started
 
 If you want to implement authentication for your application you should probably start by looking at the various examples. In the examples directory is an implementation of an HTTP client and server, you can use these to test your implementation. The examples are basic implementations of the protocol.
 
-== Limitations
+## Limitations
 
 Currently the library doesn't check for consistency of the directives in the various headers, this means that implementations using this library can be vulnerable to request replay attacks. This will obviously be addressed before the final release.
 
-== Plugins
+## Plugins
 
-=== Ruby on Rails
+### Ruby on Rails
 
 A plugin for Ruby on Rails can be found here:
 
 https://fngtps.com/svn/rails-plugins/trunk/digest_authentication
 
-== Known client implementation issues
+## Known client implementation issues
 
-=== Safari
+### Safari
 
-Safari doesn't understand and parse the algorithm and qop directives correctly. For instance: it sends qop=auth as qop="auth" and when multiple qop values are suggested by the server, no authentication is triggered. See http://bugzilla.opendarwin.org/show_bug.cgi?id=10727.
+Safari doesn't understand and parse the algorithm and qop directives correctly. For instance: it sends qop=auth as qop="auth" and when multiple qop values are suggested by the server, no authentication is triggered.
 
-== Internet Explorer
+### Internet Explorer
 
 The qop and algorithm bug quoting bugs are also present in IE.
 
 IE doesn't use the full URI for digest calculation, it chops off the query parameters. So a request on /script?q=a will response with uri='/script'.
 
-== Known server implementation issues
+## Known server implementation issues
 
 Apache 2.0 sends Authorization-Info headers without a nextnonce directive.

data/lib/httpauth/basic.rb

@@ -106,7 +106,7 @@ module HTTPAuth
       #   RewriteRule ^admin/ - [E=X-HTTP-AUTHORIZATION:%{HTTP:Authorization}]
       def get_credentials(env)
         d = HTTPAuth::CREDENTIAL_HEADERS.inject(false) { |d,h| env[h] || d }
-        return unpack_authorization(d) if d
+        return unpack_authorization(d) unless !d or d.nil? or d.empty?
         [nil, nil]
       end
     end

data/lib/httpauth/constants.rb

@@ -3,7 +3,7 @@
 #
 # For more information see RFC 2617 (http://www.ietf.org/rfc/rfc2617.txt)
 module HTTPAuth
-  VERSION = '0.1'
+  VERSION = '0.2'
   
   CREDENTIAL_HEADERS = %w{REDIRECT_X_HTTP_AUTHORIZATION X-HTTP-AUTHORIZATION X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION}
   SUPPORTED_SCHEMES = { :basic => 'Basic', :digest => 'Digest' }

data/lib/httpauth/digest.rb

@@ -54,12 +54,11 @@ module HTTPAuth
         # * <tt>variant</tt>: Specifies whether the directives are for an Authorize header (:credentials),
         #   for a WWW-Authenticate header (:challenge) or for a Authentication-Info header (:auth_info).
         def encode_directives(h, variant)
-          encode = {:domain => :join, :algorithm => false, :stale => :str_to_bool, :nc => :int_to_hex,
-                    :nextnonce => :int_to_hex}
+          encode = {:domain => :list_to_space_quoted_string, :algorithm => false, :stale => :bool_to_str, :nc => :int_to_hex}
           if [:credentials, :auth].include? variant
             encode.merge! :qop => false
           elsif variant == :challenge
-            encode.merge! :qop => :list_to_quoted_string
+            encode.merge! :qop => :list_to_comma_quoted_string
           else
             raise ArgumentError.new("#{variant} is not a valid value for `variant' use :auth, :credentials or :challenge")
           end
@@ -89,12 +88,11 @@ module HTTPAuth
         #   for a WWW-Authenticate header (:challenge) or for a Authentication-Info header (:auth_info).        
         def decode_directives(directives, variant)
           raise HTTPAuth::UnwellformedHeader.new("Can't decode directives which are nil") if directives.nil?
-          decode = {:domain => :split, :algorithm => false, :stale => :bool_to_str, :nc => :hex_to_int,
-                    :nextnonce => :hex_to_int}
+          decode = {:domain => :space_quoted_string_to_list, :algorithm => false, :stale => :str_to_bool, :nc => :hex_to_int}
           if [:credentials, :auth].include? variant
             decode.merge! :qop => false
           elsif variant == :challenge
-            decode.merge! :qop => :quoted_string_to_list
+            decode.merge! :qop => :comma_quoted_string_to_list
           else
             raise ArgumentError.new("#{variant} is not a valid value for `variant' use :auth, :credentials or :challenge")
           end
@@ -230,7 +228,7 @@ module HTTPAuth
             )
           ).gsub("\n", '')[0..-3]
         end
-    
+        
         # Create a 32 character long opaque string with a 'random' value
         def create_opaque
           s = []; 16.times { s << rand(127).chr }
@@ -275,8 +273,10 @@ module HTTPAuth
     #
     # See the Digest module for examples
     class Credentials < AbstractHeader
+      # Holds an explanation why <tt>validate</tt> returned false.
+      attr_reader :reason
       
-      # Parses the information from a Authorize header and create a new Credentials instance with the information.
+      # Parses the information from an Authorize header and creates a new Credentials instance with the information.
       # The options hash allows you to specify additional information.
       #
       # * <tt>authorization</tt>: The contents of the Authorize header
@@ -294,6 +294,14 @@ module HTTPAuth
         credentials.update_from_challenge! options
         credentials
       end
+
+      def self.load(filename, options={})
+        h = nil
+        File.open(filename, 'r') do |f|
+          h = Marshal.load f
+        end
+        new h, options
+      end
       
       # Create a new instance.
       #
@@ -334,7 +342,7 @@ module HTTPAuth
       #   * <tt>:method</tt>: The HTTP Verb in uppercase, ie. GET or POST.
       #   * <tt>:password</tt>: The password for the sent username and realm, either a password or digest should be
       #     provided.
-      #   * <tt>:digest</tt>: The digest for the specified username and realm, either a digest or password should ne
+      #   * <tt>:digest</tt>: The digest for the specified username and realm, either a digest or password should be
       #     provided.
       def validate(options)
         ho = @h.merge(options)
@@ -351,13 +359,8 @@ module HTTPAuth
         false
       end
       
-      # Returns a string with the reason <tt>validate</tt> returned false.
-      def reason
-        @reason
-      end
-      
       # Encodeds directives and returns a string that can be used in the Authorize header
-      def to_header        
+      def to_header
         Utils.encode_directives Utils.filter_h_on(@h,
           [:username, :realm, :nonce, :uri, :response, :algorithm, :cnonce, :opaque, :qop, :nc]), :credentials
       end
@@ -390,6 +393,13 @@ module HTTPAuth
         end
         @h[:response] = Utils.calculate_digest(@h, @s, :request)
       end
+
+      def dump_sans_creds(filename)
+        File.open(filename, 'w') do |f|
+          Marshal.dump(Utils.filter_h_on(@h, [:username, :realm, :nonce, :algorithm, :cnonce, :opaque, :qop, :nc]), f)
+        end
+      end
+      
     end
     
     # The Challenge class handlers the WWW-Authenticate header. The WWW-Authenticate header is sent by a server when
@@ -469,6 +479,7 @@ module HTTPAuth
       # * <tt>h</tt>: A Hash with directives, normally this is filled with the directives coming from a
       #   Credentials instance.
       # * <tt>options</tt>: Used to set or override data from the Authentication-Info header
+      #   * <tt>:digest</tt>: The digest for the specified username and realm.
       #   * <tt>:response_body</tt> The body of the response that's going to be sent to the client. This is a
       #     compulsory option if the qop directive is 'auth-int'.
       def initialize(h, options={})
@@ -485,9 +496,25 @@ module HTTPAuth
       # Updates @h from options, generally called after an instance was created with <tt>from_credentials</tt>.
       def update_from_credentials!(options)
         # TODO: update @h after nonce invalidation
+        [:digest, :username, :realm, :password].each do |k|
+          @h[k] = options[k] if options.include? k
+        end
         @h[:response_body] = options[:response_body]
-        @h[:nextnonce] = @h[:nc] + 1
+        @h[:nextnonce] = Utils.create_nonce @h[:salt]
+        @h[:rspauth] = Utils.calculate_digest(@h, nil, :response)
       end
+
+      # Validates rspauth.  Returns <tt>true</tt> or <tt>false</tt>
+      #
+      # * <tt>options</tt>: The extra options needed to validate rspauth.
+      #   * <tt>:digest</tt>: The H(a1) digest
+      #   * <tt>:uri</tt>: request uri
+      #   * <tt>:nonce</tt>:nonce
+      def validate(options)
+        ho = @h.merge(options)
+        return @h[:rspauth] == Utils.calculate_digest(ho, @s, :response)
+      end
+      
     end
     
     # Conversion for a number of internal data structures to and from directives in the headers. Implementations
@@ -497,7 +524,7 @@ module HTTPAuth
       
         # Adds quotes around the string
         def quote_string(str)
-          "\"#{str.gsub('"', '')}\""
+          "\"#{str.gsub(/\"/, '')}\""
         end
 
         # Removes quotes from around a string
@@ -526,14 +553,23 @@ module HTTPAuth
         end
 
         # Creates a quoted string with space separated items from a list
-        def list_to_quoted_string(list)
+        def list_to_space_quoted_string(list)
           quote_string list.join(' ')
         end
 
         # Creates a list from a quoted space separated string of items
-        def quoted_string_to_list(string)
+        def space_quoted_string_to_list(string)
           unquote_string(string).split ' '
         end
+
+        # Creates a quoted string with comma separated items from a list
+        def list_to_comma_quoted_string(list)
+          quote_string list.join(',')
+        end
+        # Create a list from a quoted comma separated string of items
+        def comma_quoted_string_to_list(string)
+          unquote_string(string).split ','
+        end
       end
     end
 

data/lib/httpauth/exceptions.rb

@@ -3,4 +3,6 @@ module HTTPAuth
   class UnwellformedHeader < ArgumentError; end
   # Raised when the library finds data that is not strictly forbidden but doesn't know how to handle.
   class UnsupportedError < ArgumentError; end
+  # Raise when validation on the request failed, most of the times this means that someone is trying to do replay attacks.
+  class ValidationError < ArgumentError; end
 end

metadata

@@ -1,66 +1,72 @@
 --- !ruby/object:Gem::Specification 
-rubygems_version: 0.8.10
-specification_version: 1
 name: httpauth
 version: !ruby/object:Gem::Version 
-  version: "0.1"
-date: 2006-09-04
-summary: Library for the HTTP Authentication protocol (RFC 2617)
-require_paths: 
-- lib
-email: manfred@fngtps.com
-homepage: http://httpauth.rubyforge.org
-rubyforge_project: 
-description: HTTPauth is a library supporting the full HTTP Authentication protocol as specified in RFC 2617; both Digest Authentication and Basic Authentication.
-autorequire: 
-default_executable: 
-bindir: bin
-has_rdoc: true
-required_ruby_version: !ruby/object:Gem::Version::Requirement 
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      version: 1.8.0
-  version: 
+  hash: 23
+  prerelease: 
+  segments: 
+  - 0
+  - 2
+  - 0
+  version: 0.2.0
 platform: ruby
 authors: 
 - Manfred Stienstra
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2012-09-25 00:00:00 Z
+dependencies: []
+
+description: Library for the HTTP Authentication protocol (RFC 2617)
+email: manfred@fngtpspec.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.md
+- LICENSE
 files: 
-- README
+- README.md
 - LICENSE
-- Rakefile
-- lib/httpauth
-- lib/httpauth.rb
 - lib/httpauth/basic.rb
 - lib/httpauth/constants.rb
 - lib/httpauth/digest.rb
 - lib/httpauth/exceptions.rb
-- examples/client_digest_secure
-- examples/server_digest_secure
-test_files: []
+- lib/httpauth.rb
+homepage: https://github.com/Manfred/HTTPauth
+licenses: []
 
+post_install_message: 
 rdoc_options: 
-- --quiet
-- --title
-- HTTPAuth - A Ruby library for creating, parsing and validating HTTP authentication headers
-- --opname
-- index.html
-- --line-numbers
-- --main
-- README
-- --charset
-- utf-8
-- --inline-source
-- --exclude
-- ^(examples|test)\/
-extra_rdoc_files: 
-- README
-- LICENSE
-executables: []
-
-extensions: []
-
+- --charset=utf-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
 requirements: []
 
-dependencies: []
+rubyforge_project: 
+rubygems_version: 1.8.18
+signing_key: 
+specification_version: 3
+summary: HTTPauth is a library supporting the full HTTP Authentication protocol as specified in RFC 2617; both Digest Authentication and Basic Authentication.
+test_files: []
 

data/Rakefile

@@ -1,76 +0,0 @@
-require 'rake'
-require 'rake/clean'
-require 'rake/testtask'
-require 'rake/gempackagetask'
-require 'rake/rdoctask'
-
-NAME = 'httpauth'
-VERSIE = '0.1' 
-RDOC_OPTS = ['--quiet', '--title', "HTTPAuth - A Ruby library for creating, parsing and validating HTTP authentication headers",
-    "--opname", "index.html",
-    "--line-numbers", 
-    "--main", "README",
-    "--charset", "utf-8",
-    "--inline-source"]
-CLEAN.include ['pkg', 'doc', '*.gem']
-
-desc 'Default: run tests'
-task :default => [:test]
-task :package => [:clean]
-
-desc 'Run tests'
-Rake::TestTask.new(:test) do |t|
-  t.pattern = 'test/**/*_test.rb'
-  t.verbose = true
-  t.warning = true
-end
-
-desc 'Create documentation'
-Rake::RDocTask.new("doc") do |rdoc|
-  rdoc.rdoc_dir = 'doc'
-  rdoc.options += RDOC_OPTS
-  rdoc.main = "README"
-  rdoc.rdoc_files.include('README')
-  rdoc.rdoc_files.include('lib/**/*.rb')
-end
-
-desc 'Upload rdoc documentation to Rubyforge'
-task :upload_doc => :doc do
-  `scp -r #{File.dirname(__FILE__)}/doc/* mst@rubyforge.org:/var/www/gforge-projects/httpauth/`
-end
-
-spec =
-    Gem::Specification.new do |s|
-        s.name = NAME
-        s.version = VERSIE
-        s.platform = Gem::Platform::RUBY
-        s.has_rdoc = true
-        s.extra_rdoc_files = ["README", "LICENSE"]
-        s.rdoc_options += RDOC_OPTS + ['--exclude', '^(examples|test)\/']
-        s.summary = "Library for the HTTP Authentication protocol (RFC 2617)"
-        s.description = "HTTPauth is a library supporting the full HTTP Authentication protocol as specified in RFC 2617; both Digest Authentication and Basic Authentication."
-        s.author = "Manfred Stienstra"
-        s.email = 'manfred@fngtps.com'
-        s.homepage = 'http://httpauth.rubyforge.org'
-        s.required_ruby_version = '>= 1.8.0'
-
-        s.files = %w(README LICENSE Rakefile) +
-          Dir.glob("lib/**/*") + 
-          Dir.glob("examples/**/*")
-        
-        s.require_path = "lib"
-    end
-
-Rake::GemPackageTask.new(spec) do |p|
-    p.need_tar = true
-    p.gem_spec = spec
-end
-
-task :install do
-  sh %{rake package}
-  sh %{sudo gem install pkg/#{NAME}-#{VERSIE}}
-end
-
-task :uninstall => [:clean] do
-  sh %{sudo gem uninstall #{NAME}}
-end

data/examples/client_digest_secure

@@ -1,132 +0,0 @@
-#!/usr/bin/env ruby
-
-$:.unshift File.expand_path(File.dirname(__FILE__) + '/../lib')
-
-require 'rubygems' rescue LoadError
-require 'uri'
-require 'rfuzz/client'
-require 'httpauth/digest'
-
-SALT = 'My very very secret salt'
-
-class AuthenticationCache
-  
-  def initialize
-    @uri = nil
-    @credentials = nil
-  end
-  
-  def set_credentials_for(uri, credentials)
-    @uri = get_new_uri(@uri, uri)
-    @credentials = credentials
-  end
-  
-  def get_credentials
-    @credentials
-  end
-  
-  def update_usage_for(uri, nextnonce=nil)
-    if nextnonce
-      @credentials.nc = nextnonce
-    else
-      @credentials.nc += 1
-    end
-  end
-  
-  protected
-  
-  # Is uri1 more general than uri2
-  def more_general_uri?(uri1, uri2)
-    ua1 = uri1.nil? ? [] : uri1.split('/')
-    ua2 = uri2.nil? ? [] : uri2.split('/')
-    ua1.each_with_index do |p, i|
-      return false unless ua2[i] == p
-    end
-    true
-  end
-  
-  def get_new_uri(uri1, uri2)
-    if more_general_uri?(uri1, uri2)
-      uri1
-    else
-      uri2
-    end
-  end
-end
-
-class AuthenticatedClient
-  include HTTPAuth::Digest
-  
-  def initialize(host, port)
-    @client = RFuzz::HttpClient.new host, port
-    @cache = AuthenticationCache.new
-    @username = nil
-    @password = nil
-  end
-  
-  def get_credentials_from_user
-    if @username.nil?
-      print 'Username: '
-      @username = $stdin.gets.strip
-    end
-    if @password.nil?
-      print 'Password: '
-      @password = $stdin.gets.strip
-    end
-    [@username, @password]
-  end
-  
-  # Get a resource from the server
-  def get(resource)
-    uri = URI.parse resource
-    
-    # If credentials were stored, use them. Otherwise do a normal get
-    credentials = @cache.get_credentials
-    unless credentials.nil?
-      puts "sending credentials: #{credentials.to_header}"
-      response = @client.get resource, :head => {"Authorization" => credentials.to_header}
-    else
-      response = @client.get resource
-    end
-    # If response was 401, retry with authentication
-    if response.http_status == '401' and !response['WWW_AUTHENTICATE'].nil?
-      puts "got challenge: #{response['WWW_AUTHENTICATE']}"
-      challenge = Challenge.from_header(response['WWW_AUTHENTICATE'])
-      (stale = challenge.stale) rescue NoMethodError
-      unless stale
-        username, password = get_credentials_from_user
-      else
-        username = credentials.username
-        password = credentials.password
-      end
-      credentials = Credentials.from_challenge(challenge,
-        {:uri => resource, :username => username, :password => password, :method => 'GET'}
-      )
-      puts "sending credentials: #{credentials.to_header}"
-      @cache.set_credentials_for uri.path, credentials
-      response = @client.get resource, :head => {"Authorization" => credentials.to_header}
-    end
-    # If the server sends authentication info use the information for the next request
-    if response['AUTHENTICATION_INFO']
-      puts "got authentication-info: #{response['AUTHENTICATION_INFO']}"
-      auth_info = AuthenticationInfo.from_header(response['AUTHENTICATION_INFO'])
-      @cache.update_usage_for uri.path, auth_info.h[:nextnonce]
-    else
-      @cache.update_usage_for uri.path
-    end
-    response
-  end
-end
-
-if $0 == __FILE__
-  unless ARGV.length == 2
-    puts <<-EOT
-Usage: client_digest_secure get <url>
-    EOT
-    exit 0
-  end
-  uri = URI.parse ARGV[1]
-  client = AuthenticatedClient.new uri.host, uri.port
-  response = client.send ARGV[0].intern, uri.query ? "#{uri.path}&#{uri.query}" : uri.path
-  puts response.http_body
-end

data/examples/server_digest_secure

@@ -1,47 +0,0 @@
-#!/usr/bin/env ruby
-
-$:.unshift File.expand_path(File.dirname(__FILE__) + '/../lib')
-
-require 'webrick'
-require 'httpauth/digest'
-require 'yaml'
-
-include WEBrick
-
-s = HTTPServer.new :Port => 2000, :AccessLog => [[File.open('/dev/null', 'w'), AccessLog::COMMON_LOG_FORMAT],
-  [File.open('/dev/null', 'w'), AccessLog::REFERER_LOG_FORMAT]]
-
-class AuthenticationServlet < HTTPServlet::AbstractServlet
-  include HTTPAuth::Digest
-  def do_GET(request, response)
-    puts '-'*79
-    puts "request: Authorization: " + (request['Authorization'] || '')
-    
-    credentials = Credentials.from_header(request['Authorization']) unless request['Authorization'].nil?
-    if !credentials.nil? and credentials.validate :password => 'secret', :method => 'GET'
-      response.status = 200
-      auth_info = AuthenticationInfo.from_credentials credentials
-      response['Authentication-Info'] = auth_info.to_header
-      response['Content-Type'] = 'text/plain; charset=utf-8'
-      response.body  = 'You are authorized'
-      puts "response: Authentication-Info: " + response['Authentication-Info']
-    else
-      if credentials
-        puts '[!] FAILED: ' + credentials.reason
-      else
-        puts '[!] FAILED: No credentials specified'
-      end
-      response.status = 401
-      challenge = Challenge.new :realm => 'admin@httpauth.example.com', :qop => ['auth']
-      response['WWW-Authenticate'] = challenge.to_header
-      response['Content-Type'] = 'text/plain; charset=utf-8'
-      response.body  = 'You are not authorized'
-      puts "response: WWW-Authenticate: " + response['WWW-Authenticate']
-    end
-  end
-end
-
-puts "\n>>> Open http://localhost:2000/ and login with password 'secret', any username should work\n\n"
-s.mount '/', AuthenticationServlet
-trap('INT') { s.shutdown }
-s.start