1 /* 2 * Copyright 2008 Web Cohesion 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * https://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package org.springframework.security.oauth.provider.nonce; 18 19 import org.springframework.security.core.AuthenticationException; 20 import org.springframework.security.oauth.provider.ConsumerDetails; 21 22 /** 23 * @author Ryan Heaton 24 */ 25 public interface OAuthNonceServices { 26 27 /** 28 * Validate a nonce for a specific consumer timestamp. This is an opportunity to prevent replay attacks. Every nonce 29 * should be unique for each consumer timestamp. In other words, this method should throw a BadCredentialsException 30 * if the specified nonce was used by the consumer more than once with the specified timestamp. 31 * 32 * @param consumerDetails The consumer details. 33 * @param timestamp The timestamp. 34 * @param nonce The nonce. 35 * @throws org.springframework.security.core.AuthenticationException If the nonce failed to validate. 36 */ 37 void validateNonce(ConsumerDetails consumerDetails, long timestamp, String nonce) throws AuthenticationException; 38 39 }