Package io.milton.http.http11.auth

Interface NonceProvider

All Known Implementing Classes:

AppEngineMemcacheNonceProvider, SimpleMemoryNonceProvider

public interface NonceProvider

Provides a source of nonce values to be used in Digest authentication, and a means to validate nonce values. Implementations should ensure that nonce values are available across all servers in a cluster, and that they expire appropriately. Implementations should also ensure that nonce-count values are always increasing, if provided.

Author:

brad

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static enum	NonceProvider.NonceValidity

Method Summary

Modifier and Type	Method	Description
String	createNonce(Request request)	Create and return a nonce value to be used for an authentication session.
default String	createNonce(Request request, String userUrl)
NonceProvider.NonceValidity	getNonceValidity(String nonce, Long nonceCount)	Check to see if the given nonce is known.
default NonceProvider.NonceValidity	getNonceValidity(String nonce, Long nonceCount, String userId)	Default implementation which calls getNonceValidity( String nonce, Long nonceCount ) Implementations which wish to apply extra security can check the userid is valid for the nonce , IF it is provided Note that the userID may be EITHER a userUrl (from cookie auth handler) or a username (from Digest auth)

Method Details

getNonceValidity

NonceProvider.NonceValidity getNonceValidity(String nonce,
 Long nonceCount)

Check to see if the given nonce is known. If known, is it still valid or has it expired. The request may also be considered invalid if the nonceCount value is non-null and is not greater then any previous value for the valid nonce value.

Parameters:

nonce - - the nonce value given by a client to be checked.

nonceCount - - may be null for non-auth requests. otherwise this should be a monotonically increasing value. The server should record the previous value and ensure that this value is greater then any previously given.

Returns:

getNonceValidity

default NonceProvider.NonceValidity getNonceValidity(String nonce,
 Long nonceCount,
 String userId)

Default implementation which calls getNonceValidity( String nonce, Long nonceCount ) Implementations which wish to apply extra security can check the userid is valid for the nonce , IF it is provided Note that the userID may be EITHER a userUrl (from cookie auth handler) or a username (from Digest auth)

Parameters:

nonce -

nonceCount -

userId -

Returns:

createNonce

String createNonce(Request request)

Create and return a nonce value to be used for an authentication session.

Parameters:

request - - the current request

Returns:

- some string to be used as a nonce value.

createNonce

default String createNonce(Request request,
 String userUrl)

Parameters:

request -

userUrl -

Returns: