Package org.eclipse.jetty.security.authentication

Class ClientCertAuthenticator

java.lang.Object

org.eclipse.jetty.security.authentication.LoginAuthenticator

org.eclipse.jetty.security.authentication.ClientCertAuthenticator

All Implemented Interfaces:

Authenticator

public class ClientCertAuthenticator
extends LoginAuthenticator

Nested Class Summary

Nested classes/interfaces inherited from interface org.eclipse.jetty.security.Authenticator

Authenticator.AuthConfiguration, Authenticator.Factory

Field Summary

Fields inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator

_identityService, _loginService

Constructor Summary

Constructors

Constructor	Description
ClientCertAuthenticator()

Method Summary

Modifier and Type	Method	Description
java.lang.String	getAuthMethod()
java.lang.String	getCrlPath()	Get the crlPath.
protected java.security.KeyStore	getKeyStore(java.io.InputStream storeStream, java.lang.String storePath, java.lang.String storeType, java.lang.String storeProvider, java.lang.String storePassword)	Deprecated.
protected java.security.KeyStore	getKeyStore(java.lang.String storePath, java.lang.String storeType, java.lang.String storeProvider, java.lang.String storePassword)	Loads keystore using an input stream or a file path in the same order of precedence.
int	getMaxCertPathLength()
java.lang.String	getOcspResponderURL()
java.lang.String	getTrustStore()
java.lang.String	getTrustStoreProvider()
java.lang.String	getTrustStoreType()
boolean	isEnableCRLDP()
boolean	isEnableOCSP()
boolean	isValidateCerts()
protected java.util.Collection<? extends java.security.cert.CRL>	loadCRL(java.lang.String crlPath)	Loads certificate revocation list (CRL) from a file.
boolean	secureResponse(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory, Authentication.User validatedUser)	is response secure
void	setCrlPath(java.lang.String crlPath)	Set the crlPath.
void	setEnableCRLDP(boolean enableCRLDP)	Enables CRL Distribution Points Support
void	setEnableOCSP(boolean enableOCSP)	Enables On-Line Certificate Status Protocol support
void	setMaxCertPathLength(int maxCertPathLength)
void	setOcspResponderURL(java.lang.String ocspResponderURL)	Set the location of the OCSP Responder.
void	setTrustStore(java.lang.String trustStorePath)
void	setTrustStorePassword(java.lang.String password)
void	setTrustStoreProvider(java.lang.String trustStoreProvider)
void	setTrustStoreType(java.lang.String trustStoreType)
void	setValidateCerts(boolean validateCerts)
Authentication	validateRequest(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory)	Validate a request

Methods inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator

getLoginService, login, prepareRequest, renewSession, setConfiguration

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ClientCertAuthenticator

public ClientCertAuthenticator()

Method Detail

getAuthMethod

public java.lang.String getAuthMethod()

Returns:

The name of the authentication method

validateRequest

public Authentication validateRequest(javax.servlet.ServletRequest req,
                                      javax.servlet.ServletResponse res,
                                      boolean mandatory)
                               throws ServerAuthException

Description copied from interface: Authenticator

Validate a request

Parameters:

req - The request

res - The response

mandatory - True if authentication is mandatory.

Returns:

An Authentication. If Authentication is successful, this will be a Authentication.User. If a response has been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will implement Authentication.ResponseSent. If Authentication is not manditory, then a Authentication.Deferred may be returned.

Throws:

ServerAuthException - if unable to validate request

getKeyStore

@Deprecated
protected java.security.KeyStore getKeyStore(java.io.InputStream storeStream,
                                             java.lang.String storePath,
                                             java.lang.String storeType,
                                             java.lang.String storeProvider,
                                             java.lang.String storePassword)
                                      throws java.lang.Exception

Deprecated.

Throws:

java.lang.Exception

getKeyStore

protected java.security.KeyStore getKeyStore(java.lang.String storePath,
                                             java.lang.String storeType,
                                             java.lang.String storeProvider,
                                             java.lang.String storePassword)
                                      throws java.lang.Exception

Loads keystore using an input stream or a file path in the same order of precedence. Required for integrations to be able to override the mechanism used to load a keystore in order to provide their own implementation.

Parameters:

storePath - path of keystore file

storeType - keystore type

storeProvider - keystore provider

storePassword - keystore password

Returns:

created keystore

Throws:

java.lang.Exception - if unable to get keystore

loadCRL

protected java.util.Collection<? extends java.security.cert.CRL> loadCRL(java.lang.String crlPath)
                                                                  throws java.lang.Exception

Loads certificate revocation list (CRL) from a file. Required for integrations to be able to override the mechanism used to load CRL in order to provide their own implementation.

Parameters:

crlPath - path of certificate revocation list file

Returns:

a (possibly empty) collection view of java.security.cert.CRL objects initialized with the data from the input stream.

Throws:

java.lang.Exception - if unable to load CRL

secureResponse

public boolean secureResponse(javax.servlet.ServletRequest req,
                              javax.servlet.ServletResponse res,
                              boolean mandatory,
                              Authentication.User validatedUser)
                       throws ServerAuthException

Description copied from interface: Authenticator

is response secure

Parameters:

req - the request

res - the response

mandatory - if security is mandator

validatedUser - the user that was validated

Returns:

true if response is secure

Throws:

ServerAuthException - if unable to test response

isValidateCerts

public boolean isValidateCerts()

Returns:

true if SSL certificate has to be validated

setValidateCerts

public void setValidateCerts(boolean validateCerts)

Parameters:

validateCerts - true if SSL certificates have to be validated

getTrustStore

public java.lang.String getTrustStore()

Returns:

The file name or URL of the trust store location

setTrustStore

public void setTrustStore(java.lang.String trustStorePath)

Parameters:

trustStorePath - The file name or URL of the trust store location

getTrustStoreProvider

public java.lang.String getTrustStoreProvider()

Returns:

The provider of the trust store

setTrustStoreProvider

public void setTrustStoreProvider(java.lang.String trustStoreProvider)

Parameters:

trustStoreProvider - The provider of the trust store

getTrustStoreType

public java.lang.String getTrustStoreType()

Returns:

The type of the trust store (default "JKS")

setTrustStoreType

public void setTrustStoreType(java.lang.String trustStoreType)

Parameters:

trustStoreType - The type of the trust store (default "JKS")

setTrustStorePassword

public void setTrustStorePassword(java.lang.String password)

Parameters:

password - The password for the trust store

getCrlPath

public java.lang.String getCrlPath()

Get the crlPath.

Returns:

the crlPath

setCrlPath

public void setCrlPath(java.lang.String crlPath)

Set the crlPath.

Parameters:

crlPath - the crlPath to set

getMaxCertPathLength

public int getMaxCertPathLength()

Returns:

Maximum number of intermediate certificates in the certification path (-1 for unlimited)

setMaxCertPathLength

public void setMaxCertPathLength(int maxCertPathLength)

Parameters:

maxCertPathLength - maximum number of intermediate certificates in the certification path (-1 for unlimited)

isEnableCRLDP

public boolean isEnableCRLDP()

Returns:

true if CRL Distribution Points support is enabled

setEnableCRLDP

public void setEnableCRLDP(boolean enableCRLDP)

Enables CRL Distribution Points Support

Parameters:

enableCRLDP - true - turn on, false - turns off

isEnableOCSP

public boolean isEnableOCSP()

Returns:

true if On-Line Certificate Status Protocol support is enabled

setEnableOCSP

public void setEnableOCSP(boolean enableOCSP)

Enables On-Line Certificate Status Protocol support

Parameters:

enableOCSP - true - turn on, false - turn off

getOcspResponderURL

public java.lang.String getOcspResponderURL()

Returns:

Location of the OCSP Responder

setOcspResponderURL

public void setOcspResponderURL(java.lang.String ocspResponderURL)

Set the location of the OCSP Responder.

Parameters:

ocspResponderURL - location of the OCSP Responder