Package io.milton.http.http11.auth

Interface NonceProvider

All Known Implementing Classes:
AppEngineMemcacheNonceProvider, SimpleMemoryNonceProvider
public interface NonceProvider
Provides a source of nonce values to be used in Digest authentication, and a means to validate nonce values.

Implementations should ensure that nonce values are available across all servers in a cluster, and that they expire appropriately.

Implementations should also ensure that nonce-count values are always increasing, if provided.

Author:
brad

  • Method Details

    • getNonceValidity

      NonceProvider.NonceValidity getNonceValidity(String nonce, Long nonceCount)
      Check to see if the given nonce is known. If known, is it still valid or has it expired.

      The request may also be considered invalid if the nonceCount value is non-null and is not greater then any previous value for the valid nonce value.

      Parameters:
      nonce - - the nonce value given by a client to be checked.
      nonceCount - - may be null for non-auth requests. otherwise this should be a monotonically increasing value. The server should record the previous value and ensure that this value is greater then any previously given.
      Returns:

    • getNonceValidity

      default NonceProvider.NonceValidity getNonceValidity(String nonce, Long nonceCount, String userId)
      Default implementation which calls getNonceValidity( String nonce, Long nonceCount )

      Implementations which wish to apply extra security can check the userid is valid for the nonce , IF it is provided

      Note that the userID may be EITHER a userUrl (from cookie auth handler) or a username (from Digest auth)

      Parameters:
      nonce -
      nonceCount -
      userId -
      Returns:

    • createNonce

      String createNonce(Request request)
      Create and return a nonce value to be used for an authentication session.
      Parameters:
      request - - the current request
      Returns:
      - some string to be used as a nonce value.

    • createNonce

      default String createNonce(Request request, String userUrl)
      Parameters:
      request -
      userUrl -
      Returns: