org.springframework.security.oauth.provider.nonce
Class ExpiringTimestampNonceServices

java.lang.Object
  org.springframework.security.oauth.provider.nonce.ExpiringTimestampNonceServices

All Implemented Interfaces:

org.springframework.beans.factory.InitializingBean, OAuthNonceServices

Direct Known Subclasses:

InMemoryNonceServices

public class ExpiringTimestampNonceServices
extends java.lang.Object
implements OAuthNonceServices, org.springframework.beans.factory.InitializingBean

Nonce services that only validates the timestamp of a consumer request. The nonce is not checked for replay attacks.

The timestamp is interpreted as the number of seconds from January 1, 1970 00:00:00 GMT. If the timestamp is older than the configured validity window, the nonce is not valid. The default validity window is 12 hours.

Author:

Ryan Heaton

Constructor Summary

ExpiringTimestampNonceServices()

Method Summary

void	afterPropertiesSet()
ConsumerDetailsService	getConsumerDetailsService() The consumer details service.
long	getValidityWindowSeconds() Set the timestamp validity window (in seconds).
void	setConsumerDetailsService(ConsumerDetailsService consumerDetailsService) The consumer details service.
void	setValidityWindowSeconds(long validityWindowSeconds) The timestamp validity window (in seconds).
boolean	validateNonce(ConsumerDetails consumerDetails, long timestamp, java.lang.String nonce) Validate a nonce for a specific consumer timestamp.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ExpiringTimestampNonceServices

public ExpiringTimestampNonceServices()

Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws java.lang.Exception

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Throws:

java.lang.Exception

validateNonce

public boolean validateNonce(ConsumerDetails consumerDetails,
                             long timestamp,
                             java.lang.String nonce)
                      throws org.springframework.security.AuthenticationException

Description copied from interface: OAuthNonceServices

Validate a nonce for a specific consumer timestamp. This is an opportunity to prevent replay attacks. Every nonce should be unique for each consumer timestamp. In other words, this method should throw a BadCredentialsException if the specified nonce was used by the consumer more than once with the specified timestamp.

Specified by:

validateNonce in interface OAuthNonceServices

Parameters:

consumerDetails - The consumer details.

timestamp - The timestamp.

nonce - The nonce.

Returns:

Whether the timestamp is a new timestamp. This gives the authentication processor the chance to enforce that all peer requests have the same timestamp, per the OAuth spec.

Throws:

org.springframework.security.AuthenticationException - If the nonce failed to validate.

getConsumerDetailsService

public ConsumerDetailsService getConsumerDetailsService()

The consumer details service.

Returns:

The consumer details service.

setConsumerDetailsService

public void setConsumerDetailsService(ConsumerDetailsService consumerDetailsService)

The consumer details service.

Parameters:

consumerDetailsService - The consumer details service.

getValidityWindowSeconds

public long getValidityWindowSeconds()

Set the timestamp validity window (in seconds).

Returns:

the timestamp validity window (in seconds).

setValidityWindowSeconds

public void setValidityWindowSeconds(long validityWindowSeconds)

The timestamp validity window (in seconds).

Parameters:

validityWindowSeconds - the timestamp validity window (in seconds).