public class DigestAuthenticationEntryPoint extends Object implements AuthenticationEntryPoint, InitializingBean, Ordered
SecurityEnforcementFilter
to commence authentication via the DigestAuthenticationFilter
.
The nonce sent back to the user agent will be valid for the period indicated by
setNonceValiditySeconds(int)
. By default this is 300 seconds. Shorter times should be used if replay
attacks are a major concern. Larger values can be used if performance is a greater concern. This class correctly
presents the stale=true
header when the nonce has expired, so properly implemented user agents will
automatically renegotiate with a new nonce value (i.e. without presenting a new password dialog box to the user).
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
Constructor and Description |
---|
DigestAuthenticationEntryPoint() |
Modifier and Type | Method and Description |
---|---|
void |
afterPropertiesSet() |
void |
commence(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
org.springframework.security.core.AuthenticationException authException)
Commences an authentication scheme.
|
String |
getKey() |
int |
getNonceValiditySeconds() |
int |
getOrder() |
String |
getRealmName() |
void |
setKey(String key) |
void |
setNonceValiditySeconds(int nonceValiditySeconds) |
void |
setOrder(int order) |
void |
setRealmName(String realmName) |
public void setOrder(int order)
public void afterPropertiesSet() throws Exception
afterPropertiesSet
in interface InitializingBean
Exception
public void commence(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException authException) throws IOException, javax.servlet.ServletException
AuthenticationEntryPoint
ExceptionTranslationFilter
will populate the HttpSession
attribute named
AbstractAuthenticationProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY
with the requested target URL before
calling this method.
Implementations should modify the headers on the ServletResponse
as necessary to
commence the authentication process.
commence
in interface AuthenticationEntryPoint
request
- that resulted in an AuthenticationException
response
- so that the user agent can begin authenticationauthException
- that caused the invocationIOException
javax.servlet.ServletException
public String getKey()
public int getNonceValiditySeconds()
public String getRealmName()
public void setKey(String key)
public void setNonceValiditySeconds(int nonceValiditySeconds)
public void setRealmName(String realmName)