Community
Participate
Working Groups
Build Identifier: 7.1.6v20100715 In org.eclipse.jetty.security.authentication.DigestAuthenticator, the protected attribute _maxNonceAge is used to control the age of a nonce. No mechanism is provided to change this value. This is a useful mechanism to ensure that a nonce can be reused, but not reused indefinitely. Reproducible: Always Steps to Reproduce: n/a
I've added maxNonceAge as an init parameter on the SecurityHandler. Is that accessible enough or do you want a context attribute?
I was really only looking for a setMaxNonceAge method on DigestAuthenticator, but changing the SecurityHandler (and DefaultAuthenticatorFactory, I assume) makes sense too. I don't have a need for anything more than that right now. Thanks for being so quick to respond.
I just looked at the changes in 7.2.0. I'm disappointed that you didn't provide a setMaxNonceAge method. As it stands, it's not possible to change the value once the SecurityHandler is running. We would like to be able to configure this without stopping anything - and that should be possible. We're using DigestAuthenticator directly for various reasons. For now, we have two options: extend DigestAuthenticator to provide the method; or implement AuthConfiguration and call setConfiguration. We'll do the former for now.
Jetty is intended to allow classes to be easily extended so that uncommon behaviour does not need to be carried by all. So if extension is feasible for you, then it is probably best. If you really want it in the core, then please submit a patch and we'll consider it. cheers
no comments for a while, so I assume this is sufficient.
