NonceProvider (milton-server-ce 3.0.0.215 API)

All Known Implementing Classes:

AppEngineMemcacheNonceProvider, SimpleMemoryNonceProvider
```
public interface NonceProvider
```
Provides a source of nonce values to be used in Digest authentication, and a means to validate nonce values. Implementations should ensure that nonce values are available across all servers in a cluster, and that they expire appropriately. Implementations should also ensure that nonce-count values are always increasing, if provided.

Author:

brad

Nested Class Summary

Nested Classes
Modifier and Type Interface and Description

static class NonceProvider.NonceValidity

Nested Classes
Modifier and Type	Interface and Description
`static class`	`NonceProvider.NonceValidity`

Method Summary

All Methods Instance Methods Abstract Methods Default Methods
Modifier and Type	Method and Description
`String`	`createNonce(Request request)` Create and return a nonce value to be used for an authentication session.
`default String`	`createNonce(Request request, String userUrl)`
`NonceProvider.NonceValidity`	`getNonceValidity(String nonce, Long nonceCount)` Check to see if the given nonce is known.
`default NonceProvider.NonceValidity`	`getNonceValidity(String nonce, Long nonceCount, String userId)` Default implementation which calls getNonceValidity( String nonce, Long nonceCount ) Implementations which wish to apply extra security can check the userid is valid for the nonce , IF it is provided Note that the userID may be EITHER a userUrl (from cookie auth handler) or a username (from Digest auth)

- Method Detail
  - getNonceValidity
```
NonceProvider.NonceValidity getNonceValidity(String nonce,
                                             Long nonceCount)
```
    Check to see if the given nonce is known. If known, is it still valid or has it expired. The request may also be considered invalid if the nonceCount value is non-null and is not greater then any previous value for the valid nonce value.
    
    Parameters:
    
    nonce - - the nonce value given by a client to be checked.
    
    nonceCount - - may be null for non-auth requests. otherwise this should be a monotonically increasing value. The server should record the previous value and ensure that this value is greater then any previously given.
    
    Returns:
  - getNonceValidity
```
default NonceProvider.NonceValidity getNonceValidity(String nonce,
                                                     Long nonceCount,
                                                     String userId)
```
    Default implementation which calls getNonceValidity( String nonce, Long nonceCount ) Implementations which wish to apply extra security can check the userid is valid for the nonce , IF it is provided Note that the userID may be EITHER a userUrl (from cookie auth handler) or a username (from Digest auth)
    
    Parameters:
    
    nonce -
    
    nonceCount -
    
    userId -
    
    Returns:
  - createNonce
```
String createNonce(Request request)
```
    Create and return a nonce value to be used for an authentication session.
    
    Parameters:
    
    request - - the current request
    
    Returns:
    
    - some string to be used as a nonce value.
  - createNonce
```
default String createNonce(Request request,
                           String userUrl)
```
    Parameters:
    
    request -
    
    userUrl -
    
    Returns:

Interface NonceProvider

Nested Class Summary

Method Summary

Method Detail

getNonceValidity

getNonceValidity

createNonce

createNonce