org.springframework.security.oauth.provider.nonce
Class InMemoryNonceServices

java.lang.Object
  extended by org.springframework.security.oauth.provider.nonce.InMemoryNonceServices
All Implemented Interfaces:
OAuthNonceServices

public class InMemoryNonceServices
extends Object
implements OAuthNonceServices

Expands on the ExpiringTimestampNonceServices to include validation of the nonce for replay protection.

To validate the nonce, the InMemoryNonceService first validates the consumer key and timestamp as does the ExpiringTimestampNonceServices. Assuming the consumer and timestamp are valid, the InMemoryNonceServices further ensures that the specified nonce was not used with the specified timestamp within the specified validity window. The list of nonces used within the validity window is kept in memory. Note: the default validity window in this class is different from the one used in ExpiringTimestampNonceServices. The reason for this is that this class has a per request memory overhead. Keeping the validity window short helps prevent wasting a lot of memory. 10 minutes that allows for minor variations in time between servers.

Author:
Ryan Heaton, Jilles van Gurp

Constructor Summary
InMemoryNonceServices()
           
 
Method Summary
 long getValidityWindowSeconds()
          Set the timestamp validity window (in seconds).
 void setValidityWindowSeconds(long validityWindowSeconds)
          The timestamp validity window (in seconds).
 void validateNonce(ConsumerDetails consumerDetails, long timestamp, String nonce)
          Validate a nonce for a specific consumer timestamp.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

InMemoryNonceServices

public InMemoryNonceServices()
Method Detail

validateNonce

public void validateNonce(ConsumerDetails consumerDetails,
                          long timestamp,
                          String nonce)
Description copied from interface: OAuthNonceServices
Validate a nonce for a specific consumer timestamp. This is an opportunity to prevent replay attacks. Every nonce should be unique for each consumer timestamp. In other words, this method should throw a BadCredentialsException if the specified nonce was used by the consumer more than once with the specified timestamp.

Specified by:
validateNonce in interface OAuthNonceServices
Parameters:
consumerDetails - The consumer details.
timestamp - The timestamp.
nonce - The nonce.

getValidityWindowSeconds

public long getValidityWindowSeconds()
Set the timestamp validity window (in seconds).

Returns:
the timestamp validity window (in seconds).

setValidityWindowSeconds

public void setValidityWindowSeconds(long validityWindowSeconds)
The timestamp validity window (in seconds).

Parameters:
validityWindowSeconds - the timestamp validity window (in seconds).


Copyright © 2012. All Rights Reserved.