public class ClientCertAuthenticator extends LoginAuthenticator
Authenticator.AuthConfiguration, Authenticator.Factory
_identityService, _loginService
Constructor and Description |
---|
ClientCertAuthenticator() |
Modifier and Type | Method and Description |
---|---|
String |
getAuthMethod() |
String |
getCrlPath()
Get the crlPath.
|
protected KeyStore |
getKeyStore(InputStream storeStream,
String storePath,
String storeType,
String storeProvider,
String storePassword)
Loads keystore using an input stream or a file path in the same
order of precedence.
|
int |
getMaxCertPathLength() |
String |
getOcspResponderURL() |
String |
getTrustStore() |
String |
getTrustStoreProvider() |
String |
getTrustStoreType() |
boolean |
isEnableCRLDP() |
boolean |
isEnableOCSP() |
boolean |
isValidateCerts() |
protected Collection<? extends CRL> |
loadCRL(String crlPath)
Loads certificate revocation list (CRL) from a file.
|
boolean |
secureResponse(ServletRequest req,
ServletResponse res,
boolean mandatory,
Authentication.User validatedUser) |
void |
setCrlPath(String crlPath)
Set the crlPath.
|
void |
setEnableCRLDP(boolean enableCRLDP)
Enables CRL Distribution Points Support
|
void |
setEnableOCSP(boolean enableOCSP)
Enables On-Line Certificate Status Protocol support
|
void |
setMaxCertPathLength(int maxCertPathLength) |
void |
setOcspResponderURL(String ocspResponderURL)
Set the location of the OCSP Responder.
|
void |
setTrustStore(String trustStorePath) |
void |
setTrustStorePassword(String password) |
void |
setTrustStoreProvider(String trustStoreProvider) |
void |
setTrustStoreType(String trustStoreType) |
void |
setValidateCerts(boolean validateCerts) |
Authentication |
validateRequest(ServletRequest req,
ServletResponse res,
boolean mandatory)
Validate a request
|
getLoginService, login, prepareRequest, renewSession, setConfiguration
public String getAuthMethod()
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException
Authenticator
req
- The requestres
- The responsemandatory
- True if authentication is mandatory.ServerAuthException
protected KeyStore getKeyStore(InputStream storeStream, String storePath, String storeType, String storeProvider, String storePassword) throws Exception
storeStream
- keystore input streamstorePath
- path of keystore filestoreType
- keystore typestoreProvider
- keystore providerstorePassword
- keystore passwordException
protected Collection<? extends CRL> loadCRL(String crlPath) throws Exception
crlPath
- path of certificate revocation list fileException
public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, Authentication.User validatedUser) throws ServerAuthException
ServerAuthException
public boolean isValidateCerts()
public void setValidateCerts(boolean validateCerts)
validateCerts
- true if SSL certificates have to be validatedpublic String getTrustStore()
public void setTrustStore(String trustStorePath)
trustStorePath
- The file name or URL of the trust store locationpublic String getTrustStoreProvider()
public void setTrustStoreProvider(String trustStoreProvider)
trustStoreProvider
- The provider of the trust storepublic String getTrustStoreType()
public void setTrustStoreType(String trustStoreType)
trustStoreType
- The type of the trust store (default "JKS")public void setTrustStorePassword(String password)
password
- The password for the trust storepublic String getCrlPath()
public void setCrlPath(String crlPath)
crlPath
- the crlPath to setpublic int getMaxCertPathLength()
public void setMaxCertPathLength(int maxCertPathLength)
maxCertPathLength
- maximum number of intermediate certificates in
the certification path (-1 for unlimited)public boolean isEnableCRLDP()
public void setEnableCRLDP(boolean enableCRLDP)
enableCRLDP
- true - turn on, false - turns offpublic boolean isEnableOCSP()
public void setEnableOCSP(boolean enableOCSP)
enableOCSP
- true - turn on, false - turn offpublic String getOcspResponderURL()
public void setOcspResponderURL(String ocspResponderURL)
ocspResponderURL
- location of the OCSP ResponderCopyright © 1995-2015 Webtide. All Rights Reserved.