org.acegisecurity.ui.digestauth
Class DigestProcessingFilterEntryPoint
java.lang.Object
org.acegisecurity.ui.digestauth.DigestProcessingFilterEntryPoint
- All Implemented Interfaces:
- AuthenticationEntryPoint, org.springframework.beans.factory.InitializingBean, org.springframework.core.Ordered
public class DigestProcessingFilterEntryPoint
- extends Object
- implements AuthenticationEntryPoint, org.springframework.beans.factory.InitializingBean, org.springframework.core.Ordered
Used by the SecurityEnforcementFilter
to commence authentication via the DigestProcessingFilter
.
The nonce sent back to the user agent will be valid for the period indicated by
setNonceValiditySeconds(int)
. By default this is 300 seconds. Shorter times should be used if replay
attacks are a major concern. Larger values can be used if performance is a greater concern. This class correctly
presents the stale=true
header when the nonce has expierd, so properly implemented user agents will
automatically renegotiate with a new nonce value (ie without presenting a new password dialog box to the user).
- Version:
- $Id: DigestProcessingFilterEntryPoint.java 1822 2007-05-17 12:20:16Z vishalpuri $
- Author:
- Ben Alex
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
DigestProcessingFilterEntryPoint
public DigestProcessingFilterEntryPoint()
getOrder
public int getOrder()
- Specified by:
getOrder
in interface org.springframework.core.Ordered
setOrder
public void setOrder(int order)
afterPropertiesSet
public void afterPropertiesSet()
throws Exception
- Specified by:
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
- Throws:
Exception
commence
public void commence(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
AuthenticationException authException)
throws IOException,
javax.servlet.ServletException
- Description copied from interface:
AuthenticationEntryPoint
- Commences an authentication scheme.
SecurityEnforcementFilter
will populate the
HttpSession
attribute named
AuthenticationProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY
with the requested target URL before
calling this method.
Implementations should modify the headers on the ServletResponse
as necessary to
commence the authentication process.
- Specified by:
commence
in interface AuthenticationEntryPoint
- Parameters:
request
- that resulted in an AuthenticationException
response
- so that the user agent can begin authenticationauthException
- that caused the invocation
- Throws:
IOException
- DOCUMENT ME!
javax.servlet.ServletException
- DOCUMENT ME!
getKey
public String getKey()
getNonceValiditySeconds
public int getNonceValiditySeconds()
getRealmName
public String getRealmName()
setKey
public void setKey(String key)
setNonceValiditySeconds
public void setNonceValiditySeconds(int nonceValiditySeconds)
setRealmName
public void setRealmName(String realmName)
Copyright © 2004-2011 Interface21, Inc. All Rights Reserved.