com.bradmcevoy.http.http11.auth
Class SimpleMemoryNonceProvider
java.lang.Object
com.bradmcevoy.http.http11.auth.SimpleMemoryNonceProvider
- All Implemented Interfaces:
- NonceProvider
public class SimpleMemoryNonceProvider
- extends java.lang.Object
- implements NonceProvider
A very simple nonce provide that users a map to store issued nonces.
If the map is constructed internally it will be a ConcurrentHashMap, which
will restrict the application to a single machine, and nonces will not
be preserved across restarts.
To improve reliability and scalability provide an alternative map implementation.
For example, it could be a cluster
aware map which synchonrises across a cluster. Or it could be a map which
persists entries to a database or file.
- Author:
- brad
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
SimpleMemoryNonceProvider
public SimpleMemoryNonceProvider(int nonceValiditySeconds)
SimpleMemoryNonceProvider
public SimpleMemoryNonceProvider(int nonceValiditySeconds,
ExpiredNonceRemover remover)
SimpleMemoryNonceProvider
public SimpleMemoryNonceProvider(int nonceValiditySeconds,
ExpiredNonceRemover remover,
java.util.Map<java.util.UUID,Nonce> nonces)
SimpleMemoryNonceProvider
public SimpleMemoryNonceProvider(int nonceValiditySeconds,
java.util.Map<java.util.UUID,Nonce> nonces)
createNonceObject
public Nonce createNonceObject(Resource resource,
Request request)
createNonce
public java.lang.String createNonce(Resource resource,
Request request)
- Description copied from interface:
NonceProvider
- Create and return a nonce value to be used for an authentication session.
- Specified by:
createNonce in interface NonceProvider
- Parameters:
resource - - the resource being accessed.request - - the current request
- Returns:
- - some string to be used as a nonce value.
getNonceValidity
public NonceProvider.NonceValidity getNonceValidity(java.lang.String nonce,
java.lang.Long nc)
- Description copied from interface:
NonceProvider
- Check to see if the given nonce is known. If known, is it still valid
or has it expired.
The request may also be considered invalid if the nonceCount value is
non-null and is not greater then any previous value for the valid nonce value.
- Specified by:
getNonceValidity in interface NonceProvider
- Parameters:
nonce - - the nonce value given by a client to be checked.nc - - may be null for non-auth requests. otherwise this should
be a monotonically increasing value. The server should record the previous
value and ensure that this value is greater then any previously given.
- Returns:
isEnableNonceCountChecking
public boolean isEnableNonceCountChecking()
- IE seems to send nc (nonce count) parameters out of order. To correctly
implement checking we need to record which nonces have been sent, and not
assume they will be sent in a monotonically increasing sequence.
The quick fix here is to disable checking of the nc param, since other
common servers seem to do so to.
Note that this will allow replay attacks.
- Returns:
setEnableNonceCountChecking
public void setEnableNonceCountChecking(boolean enableNonceCountChecking)
Copyright © 2011. All Rights Reserved.