Class DigestAuthenticationEntryPoint
- java.lang.Object
-
- org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
-
- All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean
,org.springframework.core.Ordered
,AuthenticationEntryPoint
public class DigestAuthenticationEntryPoint extends java.lang.Object implements AuthenticationEntryPoint, org.springframework.beans.factory.InitializingBean, org.springframework.core.Ordered
Used by theSecurityEnforcementFilter
to commence authentication via theDigestAuthenticationFilter
.The nonce sent back to the user agent will be valid for the period indicated by
setNonceValiditySeconds(int)
. By default this is 300 seconds. Shorter times should be used if replay attacks are a major concern. Larger values can be used if performance is a greater concern. This class correctly presents thestale=true
header when the nonce has expired, so properly implemented user agents will automatically renegotiate with a new nonce value (i.e. without presenting a new password dialog box to the user).
-
-
Constructor Summary
Constructors Constructor Description DigestAuthenticationEntryPoint()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
afterPropertiesSet()
void
commence(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException authException)
Commences an authentication scheme.java.lang.String
getKey()
int
getNonceValiditySeconds()
int
getOrder()
java.lang.String
getRealmName()
void
setKey(java.lang.String key)
void
setNonceValiditySeconds(int nonceValiditySeconds)
void
setOrder(int order)
void
setRealmName(java.lang.String realmName)
-
-
-
Method Detail
-
getOrder
public int getOrder()
- Specified by:
getOrder
in interfaceorg.springframework.core.Ordered
-
setOrder
public void setOrder(int order)
-
afterPropertiesSet
public void afterPropertiesSet()
- Specified by:
afterPropertiesSet
in interfaceorg.springframework.beans.factory.InitializingBean
-
commence
public void commence(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException authException) throws java.io.IOException
Description copied from interface:AuthenticationEntryPoint
Commences an authentication scheme.ExceptionTranslationFilter
will populate theHttpSession
attribute namedAbstractAuthenticationProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY
with the requested target URL before calling this method.Implementations should modify the headers on the
ServletResponse
as necessary to commence the authentication process.- Specified by:
commence
in interfaceAuthenticationEntryPoint
- Parameters:
request
- that resulted in anAuthenticationException
response
- so that the user agent can begin authenticationauthException
- that caused the invocation- Throws:
java.io.IOException
-
getKey
public java.lang.String getKey()
-
getNonceValiditySeconds
public int getNonceValiditySeconds()
-
getRealmName
public java.lang.String getRealmName()
-
setKey
public void setKey(java.lang.String key)
-
setNonceValiditySeconds
public void setNonceValiditySeconds(int nonceValiditySeconds)
-
setRealmName
public void setRealmName(java.lang.String realmName)
-
-