com.bradmcevoy.http.http11.auth
Interface NonceProvider

All Known Implementing Classes:

SimpleMemoryNonceProvider

public interface NonceProvider

Provides a source of nonce values to be used in Digest authentication, and a means to validate nonce values. Implementations should ensure that nonce values are available across all servers in a cluster, and that they expire appropriately. Implementations should also ensure that nonce-count values are always increasing, if provided.

Author:

brad

Nested Class Summary

static class

NonceProvider.NonceValidity

Method Summary

java.lang.String	createNonce(Resource resource, Request request) Create and return a nonce value to be used for an authentication session.
NonceProvider.NonceValidity	getNonceValidity(java.lang.String nonce, java.lang.Long nonceCount) Check to see if the given nonce is known.

Method Detail

getNonceValidity

NonceProvider.NonceValidity getNonceValidity(java.lang.String nonce,
                                             java.lang.Long nonceCount)

Check to see if the given nonce is known. If known, is it still valid or has it expired. The request may also be considered invalid if the nonceCount value is non-null and is not greater then any previous value for the valid nonce value.

Parameters:

nonce - - the nonce value given by a client to be checked.

nonceCount - - may be null for non-auth requests. otherwise this should be a monotonically increasing value. The server should record the previous value and ensure that this value is greater then any previously given.

Returns:

createNonce

java.lang.String createNonce(Resource resource,
                             Request request)

Create and return a nonce value to be used for an authentication session.

Parameters:

resource - - the resource being accessed.

request - - the current request

Returns:

- some string to be used as a nonce value.