org.springframework.security.web.authentication.www
Class DigestAuthenticationEntryPoint
java.lang.Object
org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- All Implemented Interfaces:
- org.springframework.beans.factory.InitializingBean, org.springframework.core.Ordered, AuthenticationEntryPoint
public class DigestAuthenticationEntryPoint
- extends java.lang.Object
- implements AuthenticationEntryPoint, org.springframework.beans.factory.InitializingBean, org.springframework.core.Ordered
Used by the SecurityEnforcementFilter
to commence authentication via the DigestAuthenticationFilter
.
The nonce sent back to the user agent will be valid for the period indicated by
setNonceValiditySeconds(int)
. By default this is 300 seconds. Shorter times should be used if replay
attacks are a major concern. Larger values can be used if performance is a greater concern. This class correctly
presents the stale=true
header when the nonce has expierd, so properly implemented user agents will
automatically renegotiate with a new nonce value (ie without presenting a new password dialog box to the user).
Fields inherited from interface org.springframework.core.Ordered |
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
DigestAuthenticationEntryPoint
public DigestAuthenticationEntryPoint()
getOrder
public int getOrder()
- Specified by:
getOrder
in interface org.springframework.core.Ordered
setOrder
public void setOrder(int order)
afterPropertiesSet
public void afterPropertiesSet()
throws java.lang.Exception
- Specified by:
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
- Throws:
java.lang.Exception
commence
public void commence(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException authException)
throws java.io.IOException,
javax.servlet.ServletException
- Description copied from interface:
AuthenticationEntryPoint
- Commences an authentication scheme.
ExceptionTranslationFilter
will populate the HttpSession
attribute named
AbstractAuthenticationProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY
with the requested target URL before
calling this method.
Implementations should modify the headers on the ServletResponse
as necessary to
commence the authentication process.
- Specified by:
commence
in interface AuthenticationEntryPoint
- Parameters:
request
- that resulted in an AuthenticationException
response
- so that the user agent can begin authenticationauthException
- that caused the invocation
- Throws:
java.io.IOException
javax.servlet.ServletException
getKey
public java.lang.String getKey()
getNonceValiditySeconds
public int getNonceValiditySeconds()
getRealmName
public java.lang.String getRealmName()
setKey
public void setKey(java.lang.String key)
setNonceValiditySeconds
public void setNonceValiditySeconds(int nonceValiditySeconds)
setRealmName
public void setRealmName(java.lang.String realmName)