public class InMemoryNonceServices extends Object implements OAuthNonceServices
ExpiringTimestampNonceServices
to include
validation of the nonce for replay protection.
To validate the nonce, the InMemoryNonceService first validates the consumer key and timestamp as does the
ExpiringTimestampNonceServices
. Assuming the consumer and
timestamp are valid, the InMemoryNonceServices further ensures that the specified nonce was not used with the
specified timestamp within the specified validity window. The list of nonces used within the validity window is kept
in memory.
Note: the default validity window in this class is different from the one used in
ExpiringTimestampNonceServices
. The reason for this is that
this class has a per request memory overhead. Keeping the validity window short helps prevent wasting a lot of
memory. 10 minutes that allows for minor variations in time between servers.Constructor and Description |
---|
InMemoryNonceServices() |
Modifier and Type | Method and Description |
---|---|
long |
getValidityWindowSeconds()
Set the timestamp validity window (in seconds).
|
void |
setValidityWindowSeconds(long validityWindowSeconds)
The timestamp validity window (in seconds).
|
void |
validateNonce(ConsumerDetails consumerDetails,
long timestamp,
String nonce)
Validate a nonce for a specific consumer timestamp.
|
public void validateNonce(ConsumerDetails consumerDetails, long timestamp, String nonce)
OAuthNonceServices
validateNonce
in interface OAuthNonceServices
consumerDetails
- The consumer details.timestamp
- The timestamp.nonce
- The nonce.public long getValidityWindowSeconds()
public void setValidityWindowSeconds(long validityWindowSeconds)
validityWindowSeconds
- the timestamp validity window (in seconds).Copyright © 2019. All rights reserved.