Interface NonceManager

All Known Subinterfaces:
SessionNonceManager
All Known Implementing Classes:
SimpleNonceManager

public interface NonceManager
A NonceManager is used by the HTTP Digest authentication mechanism to request nonces and to validate the nonces sent from the client.
Author:
Darran Lofthouse
  • Method Details

    • nextNonce

      String nextNonce(String lastNonce, HttpServerExchange exchange)
      Select the next nonce to be sent from the server taking into account the last valid nonce. It is both possible and likely that the nonce last used by the client will still be valid, in that case the same nonce will be returned.
      Parameters:
      lastNonce - - The last valid nonce received from the client or null if we don't already have a nonce.
      Returns:
      The next nonce to be sent in a challenge to the client.
    • validateNonce

      boolean validateNonce(String nonce, int nonceCount, HttpServerExchange exchange)
      Validate that a nonce can be used. If the nonce can not be used but the related digest was correct then a new nonce should be returned to the client indicating that the nonce was stale. For implementations of this interface this method is not expected by be idempotent, i.e. once a nonce is validated with a specific nonceCount it is not expected that this method will return true again if the same combination is presented. This method is expected to ONLY be called if the users credentials are valid as a storage overhead could be incurred this overhead must not be accessible to unauthenticated clients.
      Parameters:
      nonce - - The nonce received from the client.
      nonceCount - - The nonce count from the client or -1 of none specified.
      Returns:
      true if the nonce can be used otherwise return false.