public class DigestAuthenticationEntryPoint extends Object implements AuthenticationEntryPoint, InitializingBean, Ordered
SecurityEnforcementFilter
to commence authentication via the
DigestAuthenticationFilter
.
The nonce sent back to the user agent will be valid for the period indicated by
setNonceValiditySeconds(int)
. By default this is 300 seconds. Shorter times
should be used if replay attacks are a major concern. Larger values can be used if
performance is a greater concern. This class correctly presents the
stale=true
header when the nonce has expired, so properly implemented user
agents will automatically renegotiate with a new nonce value (i.e. without presenting a
new password dialog box to the user).
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
Constructor and Description |
---|
DigestAuthenticationEntryPoint() |
Modifier and Type | Method and Description |
---|---|
void |
afterPropertiesSet() |
void |
commence(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException authException)
Commences an authentication scheme.
|
String |
getKey() |
int |
getNonceValiditySeconds() |
int |
getOrder() |
String |
getRealmName() |
void |
setKey(String key) |
void |
setNonceValiditySeconds(int nonceValiditySeconds) |
void |
setOrder(int order) |
void |
setRealmName(String realmName) |
public void setOrder(int order)
public void afterPropertiesSet() throws Exception
afterPropertiesSet
in interface InitializingBean
Exception
public void commence(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthenticationException authException) throws IOException, javax.servlet.ServletException
AuthenticationEntryPoint
ExceptionTranslationFilter
will populate the HttpSession
attribute named
AbstractAuthenticationProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY
with the requested target URL before calling this method.
Implementations should modify the headers on the ServletResponse
as
necessary to commence the authentication process.
commence
in interface AuthenticationEntryPoint
request
- that resulted in an AuthenticationException
response
- so that the user agent can begin authenticationauthException
- that caused the invocationIOException
javax.servlet.ServletException
public String getKey()
public int getNonceValiditySeconds()
public String getRealmName()
public void setKey(String key)
public void setNonceValiditySeconds(int nonceValiditySeconds)
public void setRealmName(String realmName)