org.springframework.security.web.authentication.www
Class DigestAuthenticationEntryPoint
java.lang.Object
org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- All Implemented Interfaces:
- InitializingBean, Ordered, AuthenticationEntryPoint
public class DigestAuthenticationEntryPoint
- extends Object
- implements AuthenticationEntryPoint, InitializingBean, Ordered
Used by the SecurityEnforcementFilter
to commence authentication via the DigestAuthenticationFilter
.
The nonce sent back to the user agent will be valid for the period indicated by
setNonceValiditySeconds(int)
. By default this is 300 seconds. Shorter times should be used if replay
attacks are a major concern. Larger values can be used if performance is a greater concern. This class correctly
presents the stale=true
header when the nonce has expierd, so properly implemented user agents will
automatically renegotiate with a new nonce value (ie without presenting a new password dialog box to the user).
- Version:
- $Id: DigestAuthenticationEntryPoint.java 4003 2009-11-24 09:31:03Z ltaylor $
- Author:
- Ben Alex
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
DigestAuthenticationEntryPoint
public DigestAuthenticationEntryPoint()
getOrder
public int getOrder()
- Specified by:
getOrder
in interface Ordered
setOrder
public void setOrder(int order)
afterPropertiesSet
public void afterPropertiesSet()
throws Exception
- Specified by:
afterPropertiesSet
in interface InitializingBean
- Throws:
Exception
commence
public void commence(HttpServletRequest request,
HttpServletResponse response,
AuthenticationException authException)
throws IOException,
ServletException
- Description copied from interface:
AuthenticationEntryPoint
- Commences an authentication scheme.
ExceptionTranslationFilter
will populate the HttpSession
attribute named
AbstractAuthenticationProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY
with the requested target URL before
calling this method.
Implementations should modify the headers on the ServletResponse
as necessary to
commence the authentication process.
- Specified by:
commence
in interface AuthenticationEntryPoint
- Parameters:
request
- that resulted in an AuthenticationException
response
- so that the user agent can begin authenticationauthException
- that caused the invocation
- Throws:
IOException
ServletException
getKey
public String getKey()
getNonceValiditySeconds
public int getNonceValiditySeconds()
getRealmName
public String getRealmName()
setKey
public void setKey(String key)
setNonceValiditySeconds
public void setNonceValiditySeconds(int nonceValiditySeconds)
setRealmName
public void setRealmName(String realmName)
Copyright © 2004-2009 SpringSource, Inc. All Rights Reserved.