Package io.milton.http.http11.auth

Class SimpleMemoryNonceProvider

java.lang.Object

io.milton.http.http11.auth.SimpleMemoryNonceProvider

All Implemented Interfaces:

NonceProvider

public class SimpleMemoryNonceProvider
extends Object
implements NonceProvider

A very simple nonce provide that users a map to store issued nonces.

If the map is constructed internally it will be a ConcurrentHashMap, which will restrict the application to a single machine, and nonces will not be preserved across restarts.

To improve reliability and scalability provide an alternative map implementation. For example, it could be a cluster aware map which synchronizes across a cluster. Or it could be a map which persists entries to a database or file.

Author:

brad

Nested Class Summary

Nested classes/interfaces inherited from interface io.milton.http.http11.auth.NonceProvider

NonceProvider.NonceValidity

Constructor Summary

Constructors

Constructor	Description
SimpleMemoryNonceProvider(int nonceValiditySeconds)
SimpleMemoryNonceProvider(int nonceValiditySeconds, ExpiredNonceRemover remover, Map<UUID,Nonce> nonces)

Method Summary

Modifier and Type	Method	Description
String	createNonce(Request request)	Create and return a nonce value to be used for an authentication session.
Nonce	createNonceObject(Request request)
Map<UUID,Nonce>	getNonces()
NonceProvider.NonceValidity	getNonceValidity(String nonce, Long nc)	Check to see if the given nonce is known.
boolean	isEnableNonceCountChecking()	IE seems to send nc (nonce count) parameters out of order.
void	setEnableNonceCountChecking(boolean enableNonceCountChecking)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.milton.http.http11.auth.NonceProvider

createNonce, getNonceValidity

Constructor Details

SimpleMemoryNonceProvider

public SimpleMemoryNonceProvider(int nonceValiditySeconds,
 ExpiredNonceRemover remover,
 Map<UUID,Nonce> nonces)

SimpleMemoryNonceProvider

public SimpleMemoryNonceProvider(int nonceValiditySeconds)

Method Details

createNonceObject

public Nonce createNonceObject(Request request)

createNonce

public String createNonce(Request request)

Description copied from interface: NonceProvider

Create and return a nonce value to be used for an authentication session.

Specified by:

createNonce in interface NonceProvider

Parameters:

request - - the current request

Returns:

- some string to be used as a nonce value.

getNonceValidity

public NonceProvider.NonceValidity getNonceValidity(String nonce,
 Long nc)

Description copied from interface: NonceProvider

Check to see if the given nonce is known. If known, is it still valid or has it expired.

The request may also be considered invalid if the nonceCount value is non-null and is not greater then any previous value for the valid nonce value.

Specified by:

getNonceValidity in interface NonceProvider

Parameters:

nonce - - the nonce value given by a client to be checked.

nc - - may be null for non-auth requests. otherwise this should be a monotonically increasing value. The server should record the previous value and ensure that this value is greater then any previously given.

Returns:

isEnableNonceCountChecking

public boolean isEnableNonceCountChecking()

IE seems to send nc (nonce count) parameters out of order. To correctly implement checking we need to record which nonces have been sent, and not assume they will be sent in a monotonically increasing sequence.

The quick fix here is to disable checking of the nc param, since other common servers seem to do so to.

Note that this will allow replay attacks.

Returns:

setEnableNonceCountChecking

public void setEnableNonceCountChecking(boolean enableNonceCountChecking)

getNonces

public Map<UUID,Nonce> getNonces()