From dbedbfa67e2ccfb41cb41de6f6bb65961a5ea315 Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Thu, 25 Apr 2013 10:44:33 +1000 Subject: [PATCH] 406437 Digest Auth supports out of order nc --- .../security/authentication/DigestAuthenticator.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java index 5abd9113b5f..0fe374774ba 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java @@ -26,7 +26,6 @@ import java.util.Queue; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentLinkedQueue; import java.util.concurrent.ConcurrentMap; -import java.util.concurrent.atomic.AtomicInteger; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; @@ -54,7 +53,8 @@ import org.eclipse.jetty.util.security.Credential; * @version $Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $ * * The nonce max age in ms can be set with the {@link SecurityHandler#setInitParameter(String, String)} - * using the name "maxNonceAge" + * using the name "maxNonceAge". The nonce max count can be set with {@link SecurityHandler#setInitParameter(String, String)} + * using the name "maxNonceCount". When the age or count is exceeded, the nonce is considered stale. */ public class DigestAuthenticator extends LoginAuthenticator { @@ -110,6 +110,11 @@ public class DigestAuthenticator extends LoginAuthenticator { _maxNonceAgeMs=Long.valueOf(mna); } + String mnc=configuration.getInitParameter("maxNonceCount"); + if (mnc!=null) + { + _maxNC=Integer.valueOf(mnc); + } } /* ------------------------------------------------------------ */