org.springframework.security.oauth.provider.nonce
Class NullNonceServices
java.lang.Object
org.springframework.security.oauth.provider.nonce.NullNonceServices
- All Implemented Interfaces:
- OAuthNonceServices
public class NullNonceServices
- extends Object
- implements OAuthNonceServices
No-op nonce services. Assumes all nonces are valid. This leaves the provider exposed to the dangers
of an unlimited timestamp validity window and OAuth request replay attacks.
- Author:
- Ryan Heaton
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
NullNonceServices
public NullNonceServices()
validateNonce
public void validateNonce(ConsumerDetails consumerDetails,
long timestamp,
String nonce)
throws org.springframework.security.core.AuthenticationException
- Description copied from interface:
OAuthNonceServices
- Validate a nonce for a specific consumer timestamp. This is an opportunity to prevent replay attacks. Every nonce
should be unique for each consumer timestamp. In other words, this method should throw a BadCredentialsException
if the specified nonce was used by the consumer more than once with the specified timestamp.
- Specified by:
validateNonce in interface OAuthNonceServices
- Parameters:
consumerDetails - The consumer details.timestamp - The timestamp.nonce - The nonce.
- Throws:
org.springframework.security.core.AuthenticationException - If the nonce failed to validate.
Copyright © 2013. All rights reserved.