java.lang.Object | |
↳ | org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint |
Used by the SecurityEnforcementFilter
to commence authentication via the DigestAuthenticationFilter
.
The nonce sent back to the user agent will be valid for the period indicated by
setNonceValiditySeconds(int)
. By default this is 300 seconds. Shorter times should be used if replay
attacks are a major concern. Larger values can be used if performance is a greater concern. This class correctly
presents the stale=true
header when the nonce has expired, so properly implemented user agents will
automatically renegotiate with a new nonce value (i.e. without presenting a new password dialog box to the user).
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Commences an authentication scheme.
| |||||||||||
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
From interface
org.springframework.beans.factory.InitializingBean
| |||||||||||
From interface
org.springframework.core.Ordered
| |||||||||||
From interface
org.springframework.security.web.AuthenticationEntryPoint
|
Commences an authentication scheme.
ExceptionTranslationFilter
will populate the HttpSession
attribute named
AbstractAuthenticationProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY
with the requested target URL before
calling this method.
Implementations should modify the headers on the ServletResponse
as necessary to
commence the authentication process.
request | that resulted in an AuthenticationException |
---|---|
response | so that the user agent can begin authentication |
authException | that caused the invocation |
IOException | |
---|---|
ServletException |