Authenticator
public class ClientCertAuthenticator extends LoginAuthenticator
Authenticator.AuthConfiguration, Authenticator.Factory
_identityService, _loginService
Constructor | Description |
---|---|
ClientCertAuthenticator() |
Modifier and Type | Method | Description |
---|---|---|
java.lang.String |
getAuthMethod() |
|
java.lang.String |
getCrlPath() |
Get the crlPath.
|
protected java.security.KeyStore |
getKeyStore(java.io.InputStream storeStream,
java.lang.String storePath,
java.lang.String storeType,
java.lang.String storeProvider,
java.lang.String storePassword) |
Deprecated.
|
protected java.security.KeyStore |
getKeyStore(java.lang.String storePath,
java.lang.String storeType,
java.lang.String storeProvider,
java.lang.String storePassword) |
Loads keystore using an input stream or a file path in the same
order of precedence.
|
int |
getMaxCertPathLength() |
|
java.lang.String |
getOcspResponderURL() |
|
java.lang.String |
getTrustStore() |
|
java.lang.String |
getTrustStoreProvider() |
|
java.lang.String |
getTrustStoreType() |
|
boolean |
isEnableCRLDP() |
|
boolean |
isEnableOCSP() |
|
boolean |
isValidateCerts() |
|
protected java.util.Collection<? extends java.security.cert.CRL> |
loadCRL(java.lang.String crlPath) |
Loads certificate revocation list (CRL) from a file.
|
boolean |
secureResponse(ServletRequest req,
ServletResponse res,
boolean mandatory,
Authentication.User validatedUser) |
is response secure
|
void |
setCrlPath(java.lang.String crlPath) |
Set the crlPath.
|
void |
setEnableCRLDP(boolean enableCRLDP) |
Enables CRL Distribution Points Support
|
void |
setEnableOCSP(boolean enableOCSP) |
Enables On-Line Certificate Status Protocol support
|
void |
setMaxCertPathLength(int maxCertPathLength) |
|
void |
setOcspResponderURL(java.lang.String ocspResponderURL) |
Set the location of the OCSP Responder.
|
void |
setTrustStore(java.lang.String trustStorePath) |
|
void |
setTrustStorePassword(java.lang.String password) |
|
void |
setTrustStoreProvider(java.lang.String trustStoreProvider) |
|
void |
setTrustStoreType(java.lang.String trustStoreType) |
|
void |
setValidateCerts(boolean validateCerts) |
|
Authentication |
validateRequest(ServletRequest req,
ServletResponse res,
boolean mandatory) |
Validate a request
|
getLoginService, login, prepareRequest, renewSession, setConfiguration
public java.lang.String getAuthMethod()
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException
Authenticator
req
- The requestres
- The responsemandatory
- True if authentication is mandatory.Authentication.User
. If a response has
been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will
implement Authentication.ResponseSent
. If Authentication is not manditory, then a
Authentication.Deferred
may be returned.ServerAuthException
- if unable to validate request@Deprecated protected java.security.KeyStore getKeyStore(java.io.InputStream storeStream, java.lang.String storePath, java.lang.String storeType, java.lang.String storeProvider, java.lang.String storePassword) throws java.lang.Exception
java.lang.Exception
protected java.security.KeyStore getKeyStore(java.lang.String storePath, java.lang.String storeType, java.lang.String storeProvider, java.lang.String storePassword) throws java.lang.Exception
storePath
- path of keystore filestoreType
- keystore typestoreProvider
- keystore providerstorePassword
- keystore passwordjava.lang.Exception
- if unable to get keystoreprotected java.util.Collection<? extends java.security.cert.CRL> loadCRL(java.lang.String crlPath) throws java.lang.Exception
crlPath
- path of certificate revocation list filejava.lang.Exception
- if unable to load CRLpublic boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, Authentication.User validatedUser) throws ServerAuthException
Authenticator
req
- the requestres
- the responsemandatory
- if security is mandatorvalidatedUser
- the user that was validatedServerAuthException
- if unable to test responsepublic boolean isValidateCerts()
public void setValidateCerts(boolean validateCerts)
validateCerts
- true if SSL certificates have to be validatedpublic java.lang.String getTrustStore()
public void setTrustStore(java.lang.String trustStorePath)
trustStorePath
- The file name or URL of the trust store locationpublic java.lang.String getTrustStoreProvider()
public void setTrustStoreProvider(java.lang.String trustStoreProvider)
trustStoreProvider
- The provider of the trust storepublic java.lang.String getTrustStoreType()
public void setTrustStoreType(java.lang.String trustStoreType)
trustStoreType
- The type of the trust store (default "JKS")public void setTrustStorePassword(java.lang.String password)
password
- The password for the trust storepublic java.lang.String getCrlPath()
public void setCrlPath(java.lang.String crlPath)
crlPath
- the crlPath to setpublic int getMaxCertPathLength()
public void setMaxCertPathLength(int maxCertPathLength)
maxCertPathLength
- maximum number of intermediate certificates in
the certification path (-1 for unlimited)public boolean isEnableCRLDP()
public void setEnableCRLDP(boolean enableCRLDP)
enableCRLDP
- true - turn on, false - turns offpublic boolean isEnableOCSP()
public void setEnableOCSP(boolean enableOCSP)
enableOCSP
- true - turn on, false - turn offpublic java.lang.String getOcspResponderURL()
public void setOcspResponderURL(java.lang.String ocspResponderURL)
ocspResponderURL
- location of the OCSP ResponderCopyright © 1995–2018 Webtide. All rights reserved.