Class InMemoryNonceServices

  extended by
All Implemented Interfaces:

public class InMemoryNonceServices
extends Object
implements OAuthNonceServices

Expands on the ExpiringTimestampNonceServices to include validation of the nonce for replay protection.

To validate the nonce, the InMemoryNonceService first validates the consumer key and timestamp as does the ExpiringTimestampNonceServices. Assuming the consumer and timestamp are valid, the InMemoryNonceServices further ensures that the specified nonce was not used with the specified timestamp within the specified validity window. The list of nonces used within the validity window is kept in memory. Note: the default validity window in this class is different from the one used in ExpiringTimestampNonceServices. The reason for this is that this class has a per request memory overhead. Keeping the validity window short helps prevent wasting a lot of memory. 10 minutes that allows for minor variations in time between servers.

Ryan Heaton, Jilles van Gurp

Constructor Summary
Method Summary
 long getValidityWindowSeconds()
          Set the timestamp validity window (in seconds).
 void setValidityWindowSeconds(long validityWindowSeconds)
          The timestamp validity window (in seconds).
 void validateNonce(ConsumerDetails consumerDetails, long timestamp, String nonce)
          Validate a nonce for a specific consumer timestamp.
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail


public InMemoryNonceServices()
Method Detail


public void validateNonce(ConsumerDetails consumerDetails,
                          long timestamp,
                          String nonce)
Description copied from interface: OAuthNonceServices
Validate a nonce for a specific consumer timestamp. This is an opportunity to prevent replay attacks. Every nonce should be unique for each consumer timestamp. In other words, this method should throw a BadCredentialsException if the specified nonce was used by the consumer more than once with the specified timestamp.

Specified by:
validateNonce in interface OAuthNonceServices
consumerDetails - The consumer details.
timestamp - The timestamp.
nonce - The nonce.


public long getValidityWindowSeconds()
Set the timestamp validity window (in seconds).

the timestamp validity window (in seconds).


public void setValidityWindowSeconds(long validityWindowSeconds)
The timestamp validity window (in seconds).

validityWindowSeconds - the timestamp validity window (in seconds).

Copyright © 2012. All Rights Reserved.