Class ClientCertAuthenticator
java.lang.Object
org.eclipse.jetty.security.authentication.LoginAuthenticator
org.eclipse.jetty.security.authentication.ClientCertAuthenticator
- All Implemented Interfaces:
Authenticator
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.eclipse.jetty.security.Authenticator
Authenticator.AuthConfiguration, Authenticator.Factory
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate String
Path to file that contains Certificate Revocation Listprivate boolean
CRL Distribution Points (CRLDP) supportprivate boolean
On-Line Certificate Status Protocol (OCSP) supportprivate int
Maximum certification path length (n - number of intermediate certs, -1 for unlimited)private String
Location of OCSP Responderprivate Password
Truststore passwordprivate String
Truststore pathprivate String
Truststore provider nameprivate String
Truststore typeprivate boolean
Set to true if SSL certificate validation is requiredprivate static final String
String name of keystore password property.Fields inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator
_identityService, _loginService
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionGet the crlPath.protected KeyStore
getKeyStore
(InputStream storeStream, String storePath, String storeType, String storeProvider, String storePassword) Deprecated.protected KeyStore
getKeyStore
(String storePath, String storeType, String storeProvider, String storePassword) Loads keystore using an input stream or a file path in the same order of precedence.int
boolean
boolean
boolean
protected Collection
<? extends CRL> Loads certificate revocation list (CRL) from a file.boolean
secureResponse
(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory, Authentication.User validatedUser) is response securevoid
setCrlPath
(String crlPath) Set the crlPath.void
setEnableCRLDP
(boolean enableCRLDP) Enables CRL Distribution Points Supportvoid
setEnableOCSP
(boolean enableOCSP) Enables On-Line Certificate Status Protocol supportvoid
setMaxCertPathLength
(int maxCertPathLength) void
setOcspResponderURL
(String ocspResponderURL) Set the location of the OCSP Responder.void
setTrustStore
(String trustStorePath) void
setTrustStorePassword
(String password) void
setTrustStoreProvider
(String trustStoreProvider) void
setTrustStoreType
(String trustStoreType) void
setValidateCerts
(boolean validateCerts) validateRequest
(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory) Validate a requestMethods inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator
getLoginService, login, logout, prepareRequest, renewSession, setConfiguration
-
Field Details
-
PASSWORD_PROPERTY
String name of keystore password property.- See Also:
-
_trustStorePath
Truststore path -
_trustStoreProvider
Truststore provider name -
_trustStoreType
Truststore type -
_trustStorePassword
Truststore password -
_validateCerts
private boolean _validateCertsSet to true if SSL certificate validation is required -
_crlPath
Path to file that contains Certificate Revocation List -
_maxCertPathLength
private int _maxCertPathLengthMaximum certification path length (n - number of intermediate certs, -1 for unlimited) -
_enableCRLDP
private boolean _enableCRLDPCRL Distribution Points (CRLDP) support -
_enableOCSP
private boolean _enableOCSPOn-Line Certificate Status Protocol (OCSP) support -
_ocspResponderURL
Location of OCSP Responder
-
-
Constructor Details
-
ClientCertAuthenticator
public ClientCertAuthenticator()
-
-
Method Details
-
getAuthMethod
- Returns:
- The name of the authentication method
-
validateRequest
public Authentication validateRequest(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory) throws ServerAuthException Description copied from interface:Authenticator
Validate a request- Parameters:
req
- The requestres
- The responsemandatory
- True if authentication is mandatory.- Returns:
- An Authentication. If Authentication is successful, this will be a
Authentication.User
. If a response has been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will implementAuthentication.ResponseSent
. If Authentication is not mandatory, then aAuthentication.Deferred
may be returned. - Throws:
ServerAuthException
- if unable to validate request
-
getKeyStore
@Deprecated protected KeyStore getKeyStore(InputStream storeStream, String storePath, String storeType, String storeProvider, String storePassword) throws Exception Deprecated.- Throws:
Exception
-
getKeyStore
protected KeyStore getKeyStore(String storePath, String storeType, String storeProvider, String storePassword) throws Exception Loads keystore using an input stream or a file path in the same order of precedence. Required for integrations to be able to override the mechanism used to load a keystore in order to provide their own implementation.- Parameters:
storePath
- path of keystore filestoreType
- keystore typestoreProvider
- keystore providerstorePassword
- keystore password- Returns:
- created keystore
- Throws:
Exception
- if unable to get keystore
-
loadCRL
Loads certificate revocation list (CRL) from a file. Required for integrations to be able to override the mechanism used to load CRL in order to provide their own implementation.- Parameters:
crlPath
- path of certificate revocation list file- Returns:
- a (possibly empty) collection view of java.security.cert.CRL objects initialized with the data from the input stream.
- Throws:
Exception
- if unable to load CRL
-
secureResponse
public boolean secureResponse(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory, Authentication.User validatedUser) throws ServerAuthException Description copied from interface:Authenticator
is response secure- Parameters:
req
- the requestres
- the responsemandatory
- if security is mandatorvalidatedUser
- the user that was validated- Returns:
- true if response is secure
- Throws:
ServerAuthException
- if unable to test response
-
isValidateCerts
public boolean isValidateCerts()- Returns:
- true if SSL certificate has to be validated
-
setValidateCerts
public void setValidateCerts(boolean validateCerts) - Parameters:
validateCerts
- true if SSL certificates have to be validated
-
getTrustStore
- Returns:
- The file name or URL of the trust store location
-
setTrustStore
- Parameters:
trustStorePath
- The file name or URL of the trust store location
-
getTrustStoreProvider
- Returns:
- The provider of the trust store
-
setTrustStoreProvider
- Parameters:
trustStoreProvider
- The provider of the trust store
-
getTrustStoreType
- Returns:
- The type of the trust store (default "JKS")
-
setTrustStoreType
- Parameters:
trustStoreType
- The type of the trust store (default "JKS")
-
setTrustStorePassword
- Parameters:
password
- The password for the trust store
-
getCrlPath
Get the crlPath.- Returns:
- the crlPath
-
setCrlPath
Set the crlPath.- Parameters:
crlPath
- the crlPath to set
-
getMaxCertPathLength
public int getMaxCertPathLength()- Returns:
- Maximum number of intermediate certificates in the certification path (-1 for unlimited)
-
setMaxCertPathLength
public void setMaxCertPathLength(int maxCertPathLength) - Parameters:
maxCertPathLength
- maximum number of intermediate certificates in the certification path (-1 for unlimited)
-
isEnableCRLDP
public boolean isEnableCRLDP()- Returns:
- true if CRL Distribution Points support is enabled
-
setEnableCRLDP
public void setEnableCRLDP(boolean enableCRLDP) Enables CRL Distribution Points Support- Parameters:
enableCRLDP
- true - turn on, false - turns off
-
isEnableOCSP
public boolean isEnableOCSP()- Returns:
- true if On-Line Certificate Status Protocol support is enabled
-
setEnableOCSP
public void setEnableOCSP(boolean enableOCSP) Enables On-Line Certificate Status Protocol support- Parameters:
enableOCSP
- true - turn on, false - turn off
-
getOcspResponderURL
- Returns:
- Location of the OCSP Responder
-
setOcspResponderURL
Set the location of the OCSP Responder.- Parameters:
ocspResponderURL
- location of the OCSP Responder
-