org.springframework.security.ui.digestauth
Class DigestProcessingFilterEntryPoint

java.lang.Object
  org.springframework.security.ui.digestauth.DigestProcessingFilterEntryPoint

All Implemented Interfaces:

org.springframework.beans.factory.InitializingBean, org.springframework.core.Ordered, AuthenticationEntryPoint

public class DigestProcessingFilterEntryPoint
extends java.lang.Object
implements AuthenticationEntryPoint, org.springframework.beans.factory.InitializingBean, org.springframework.core.Ordered

Used by the SecurityEnforcementFilter to commence authentication via the DigestProcessingFilter.

The nonce sent back to the user agent will be valid for the period indicated by setNonceValiditySeconds(int). By default this is 300 seconds. Shorter times should be used if replay attacks are a major concern. Larger values can be used if performance is a greater concern. This class correctly presents the stale=true header when the nonce has expierd, so properly implemented user agents will automatically renegotiate with a new nonce value (ie without presenting a new password dialog box to the user).

Version:

$Id$

Author:

Ben Alex

Field Summary

Fields inherited from interface org.springframework.core.Ordered

HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE

Constructor Summary

DigestProcessingFilterEntryPoint()

Method Summary

void	afterPropertiesSet()
void	commence(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, AuthenticationException authException) Commences an authentication scheme.
java.lang.String	getKey()
int	getNonceValiditySeconds()
int	getOrder()
java.lang.String	getRealmName()
void	setKey(java.lang.String key)
void	setNonceValiditySeconds(int nonceValiditySeconds)
void	setOrder(int order)
void	setRealmName(java.lang.String realmName)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DigestProcessingFilterEntryPoint

public DigestProcessingFilterEntryPoint()

Method Detail

getOrder

public int getOrder()

Specified by:

getOrder in interface org.springframework.core.Ordered

setOrder

public void setOrder(int order)

afterPropertiesSet

public void afterPropertiesSet()
                        throws java.lang.Exception

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Throws:

java.lang.Exception

commence

public void commence(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     AuthenticationException authException)
              throws java.io.IOException,
                     javax.servlet.ServletException

Description copied from interface: AuthenticationEntryPoint

Commences an authentication scheme.

ExceptionTranslationFilter will populate the HttpSession attribute named AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY with the requested target URL before calling this method.

Implementations should modify the headers on the ServletResponse as necessary to commence the authentication process.

Specified by:

commence in interface AuthenticationEntryPoint

Parameters:

request - that resulted in an AuthenticationException

response - so that the user agent can begin authentication

authException - that caused the invocation

Throws:

java.io.IOException

javax.servlet.ServletException

getKey

public java.lang.String getKey()

getNonceValiditySeconds

public int getNonceValiditySeconds()

getRealmName

public java.lang.String getRealmName()

setKey

public void setKey(java.lang.String key)

setNonceValiditySeconds

public void setNonceValiditySeconds(int nonceValiditySeconds)

setRealmName

public void setRealmName(java.lang.String realmName)