org.springframework.security.oauth.provider.nonce
Class NullNonceServices

java.lang.Object
  extended by org.springframework.security.oauth.provider.nonce.NullNonceServices
All Implemented Interfaces:
OAuthNonceServices

public class NullNonceServices
extends Object
implements OAuthNonceServices

No-op nonce services. Assumes all nonces are valid. This leaves the provider exposed to the dangers of an unlimited timestamp validity window and OAuth request replay attacks.

Author:
Ryan Heaton

Constructor Summary
NullNonceServices()
           
 
Method Summary
 void validateNonce(ConsumerDetails consumerDetails, long timestamp, String nonce)
          Validate a nonce for a specific consumer timestamp.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

NullNonceServices

public NullNonceServices()
Method Detail

validateNonce

public void validateNonce(ConsumerDetails consumerDetails,
                          long timestamp,
                          String nonce)
                   throws org.springframework.security.core.AuthenticationException
Description copied from interface: OAuthNonceServices
Validate a nonce for a specific consumer timestamp. This is an opportunity to prevent replay attacks. Every nonce should be unique for each consumer timestamp. In other words, this method should throw a BadCredentialsException if the specified nonce was used by the consumer more than once with the specified timestamp.

Specified by:
validateNonce in interface OAuthNonceServices
Parameters:
consumerDetails - The consumer details.
timestamp - The timestamp.
nonce - The nonce.
Throws:
org.springframework.security.core.AuthenticationException - If the nonce failed to validate.


Copyright © 2012. All Rights Reserved.