Examples of org.springframework.security.web.authentication.www.DigestAuthenticationFilter

• org.springframework.security.web.authentication.www.DigestAuthenticationFilter
  etf.org/rfc/rfc2617.txt">RFC 2617 (which superseded RFC 2069, although this filter support clients that implement either RFC 2617 or RFC 2069).

  This filter can be used to provide Digest authentication services to both remoting protocol clients (such as Hessian and SOAP) as well as standard user agents (such as Internet Explorer and FireFox).

  This Digest implementation has been designed to avoid needing to store session state between invocations. All session management information is stored in the "nonce" that is sent to the client by the {@link DigestAuthenticationEntryPoint}.

  If authentication is successful, the resulting {@link org.springframework.security.core.Authentication Authentication}object will be placed into the SecurityContextHolder.

  If authentication fails, an {@link org.springframework.security.web.AuthenticationEntryPoint AuthenticationEntryPoint}implementation is called. This must always be {@link DigestAuthenticationEntryPoint}, which will prompt the user to authenticate again via Digest authentication.

  Note there are limitations to Digest authentication, although it is a more comprehensive and secure solution than Basic authentication. Please see RFC 2617 section 4 for a full discussion on the advantages of Digest authentication over Basic authentication, including commentary on the limitations that it still imposes. @author Ben Alex @author Luke Taylor @since 1.0.0

    Environment env;

    // @see http://docs.spring.io/spring-security/site/docs/4.0.0.CI-SNAPSHOT/reference/htmlsingle/#digest-processing-filter
    @Bean
    DigestAuthenticationFilter digestAuthenticationFilter() throws Exception {
        DigestAuthenticationFilter digestAuthenticationFilter = new DigestAuthenticationFilter();
        digestAuthenticationFilter.setAuthenticationEntryPoint(digestEntryPoint());
        digestAuthenticationFilter.setUserDetailsService(userDetailsServiceBean());
        return digestAuthenticationFilter;
    }

        request = new MockHttpServletRequest();

        entryPoint = new DigestAuthenticationEntryPoint();
        entryPoint.setKey("key");
        entryPoint.setRealmName("Spring Security");
        filter = new DigestAuthenticationFilter();
        filter.setUserDetailsService(new UserDetailsService() {
            public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
                return new User(username,password, AuthorityUtils.createAuthorityList("ROLE_USER"));
            }
        });

            aep.afterPropertiesSet();
        } catch (Exception e) {
            throw new IOException(e);
        }

        DigestAuthenticationFilter filter = new DigestAuthenticationFilter();

        filter.setCreateAuthenticatedToken(true);
        filter.setPasswordAlreadyEncoded(true);


        filter.setAuthenticationEntryPoint(aep);


        HttpDigestUserDetailsServiceWrapper wrapper =
                new HttpDigestUserDetailsServiceWrapper(
                        getSecurityManager().loadUserGroupService(authConfig.getUserGroupServiceName()),
                        Charset.defaultCharset());
        filter.setUserDetailsService(wrapper);

        filter.afterPropertiesSet();
        getNestedFilters().add(filter);
    }