All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.undertow.security.api.NonceManager Maven / Gradle / Ivy

Go to download

This artifact provides a single jar that contains all classes required to use remote Jakarta Enterprise Beans and Jakarta Messaging, including all dependencies. It is intended for use by those not using maven, maven users should just import the Jakarta Enterprise Beans and Jakarta Messaging BOM's instead (shaded JAR's cause lots of problems with maven, as it is very easy to inadvertently end up with different versions on classes on the class path).

There is a newer version: 35.0.0.Beta1
Show newest version
/*
 * JBoss, Home of Professional Open Source.
 * Copyright 2014 Red Hat, Inc., and individual contributors
 * as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
package io.undertow.security.api;

import io.undertow.server.HttpServerExchange;

/**
 * A NonceManager is used by the HTTP Digest authentication mechanism to request nonces and to validate the nonces sent from the
 * client.
 *
 * @author Darran Lofthouse
 */
public interface NonceManager {

    // TODO - Should a nonce manager be able to tie these to a connection or session, or any other piece of info we have about
    // the client?
    // Also different rules depending on HTTP method or the resource being accessed?

    /**
     * Select the next nonce to be sent from the server taking into account the last valid nonce.
     *
     * It is both possible and likely that the nonce last used by the client will still be valid, in that case the same nonce
     * will be returned.
     *
     * @param lastNonce - The last valid nonce received from the client or null if we don't already have a nonce.
     * @return The next nonce to be sent in a challenge to the client.
     */
    String nextNonce(final String lastNonce, final HttpServerExchange exchange);

    /**
     * Validate that a nonce can be used.
     *
     * If the nonce can not be used but the related digest was correct then a new nonce should be returned to the client
     * indicating that the nonce was stale.
     *
     * For implementations of this interface this method is not expected by be idempotent, i.e. once a nonce is validated with a
     * specific nonceCount it is not expected that this method will return true again if the same combination is presented.
     *
     * This method is expected to ONLY be called if the users credentials are valid as a storage overhead could be incurred
     * this overhead must not be accessible to unauthenticated clients.
     *
     * @param nonce - The nonce received from the client.
     * @param nonceCount - The nonce count from the client or -1 of none specified.
     * @return true if the nonce can be used otherwise return false.
     */
    boolean validateNonce(final String nonce, final int nonceCount, final HttpServerExchange exchange);

}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy