org.eclipse.jetty.security.authentication
Class ClientCertAuthenticator

java.lang.Object
  org.eclipse.jetty.security.authentication.LoginAuthenticator
      org.eclipse.jetty.security.authentication.ClientCertAuthenticator

All Implemented Interfaces:

Authenticator

public class ClientCertAuthenticator
extends LoginAuthenticator

Version:

$Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $

Nested Class Summary

Nested classes/interfaces inherited from interface org.eclipse.jetty.security.Authenticator

Authenticator.AuthConfiguration, Authenticator.Factory

Field Summary

Fields inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator

_deferred, _identityService, _loginService, SESSION_SECURED

Constructor Summary

ClientCertAuthenticator()

Method Summary

java.lang.String	getAuthMethod()
java.lang.String	getCrlPath() Get the crlPath.
protected java.security.KeyStore	getKeyStore(java.io.InputStream storeStream, java.lang.String storePath, java.lang.String storeType, java.lang.String storeProvider, java.lang.String storePassword) Loads keystore using an input stream or a file path in the same order of precedence.
int	getMaxCertPathLength()
java.lang.String	getOcspResponderURL()
java.lang.String	getTrustStore()
java.lang.String	getTrustStoreProvider()
java.lang.String	getTrustStoreType()
boolean	isEnableCRLDP()
boolean	isEnableOCSP()
boolean	isValidateCerts()
protected java.util.Collection<? extends java.security.cert.CRL>	loadCRL(java.lang.String crlPath) Loads certificate revocation list (CRL) from a file.
boolean	secureResponse(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory, Authentication.User validatedUser)
void	setCrlPath(java.lang.String crlPath) Set the crlPath.
void	setEnableCRLDP(boolean enableCRLDP) Enables CRL Distribution Points Support
void	setEnableOCSP(boolean enableOCSP) Enables On-Line Certificate Status Protocol support
void	setMaxCertPathLength(int maxCertPathLength)
void	setOcspResponderURL(java.lang.String ocspResponderURL) Set the location of the OCSP Responder.
void	setTrustStore(java.lang.String trustStorePath)
void	setTrustStorePassword(java.lang.String password)
void	setTrustStoreProvider(java.lang.String trustStoreProvider)
void	setTrustStoreType(java.lang.String trustStoreType)
void	setValidateCerts(boolean validateCerts)
Authentication	validateRequest(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory) Validate a response

Methods inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator

getLoginService, renewSessionOnAuthentication, setConfiguration

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ClientCertAuthenticator

public ClientCertAuthenticator()

Method Detail

getAuthMethod

public java.lang.String getAuthMethod()

Returns:

The name of the authentication method

validateRequest

public Authentication validateRequest(javax.servlet.ServletRequest req,
                                      javax.servlet.ServletResponse res,
                                      boolean mandatory)
                               throws ServerAuthException

Description copied from interface: Authenticator

Validate a response

Parameters:

req - The request

res - The response

mandatory - True if authentication is mandatory.

Returns:

Authentication for request

Throws:

ServerAuthException

getKeyStore

protected java.security.KeyStore getKeyStore(java.io.InputStream storeStream,
                                             java.lang.String storePath,
                                             java.lang.String storeType,
                                             java.lang.String storeProvider,
                                             java.lang.String storePassword)
                                      throws java.lang.Exception

Loads keystore using an input stream or a file path in the same order of precedence. Required for integrations to be able to override the mechanism used to load a keystore in order to provide their own implementation.

Parameters:

storeStream - keystore input stream

storePath - path of keystore file

storeType - keystore type

storeProvider - keystore provider

storePassword - keystore password

Returns:

created keystore

Throws:

java.lang.Exception

loadCRL

protected java.util.Collection<? extends java.security.cert.CRL> loadCRL(java.lang.String crlPath)
                                                                  throws java.lang.Exception

Loads certificate revocation list (CRL) from a file. Required for integrations to be able to override the mechanism used to load CRL in order to provide their own implementation.

Parameters:

crlPath - path of certificate revocation list file

Returns:

a (possibly empty) collection view of java.security.cert.CRL objects initialized with the data from the input stream.

Throws:

java.lang.Exception

secureResponse

public boolean secureResponse(javax.servlet.ServletRequest req,
                              javax.servlet.ServletResponse res,
                              boolean mandatory,
                              Authentication.User validatedUser)
                       throws ServerAuthException

Returns:

true if response is secure

Throws:

ServerAuthException

isValidateCerts

public boolean isValidateCerts()

Returns:

true if SSL certificate has to be validated

setValidateCerts

public void setValidateCerts(boolean validateCerts)

Parameters:

validateCerts - true if SSL certificates have to be validated

getTrustStore

public java.lang.String getTrustStore()

Returns:

The file name or URL of the trust store location

setTrustStore

public void setTrustStore(java.lang.String trustStorePath)

Parameters:

trustStorePath - The file name or URL of the trust store location

getTrustStoreProvider

public java.lang.String getTrustStoreProvider()

Returns:

The provider of the trust store

setTrustStoreProvider

public void setTrustStoreProvider(java.lang.String trustStoreProvider)

Parameters:

trustStoreProvider - The provider of the trust store

getTrustStoreType

public java.lang.String getTrustStoreType()

Returns:

The type of the trust store (default "JKS")

setTrustStoreType

public void setTrustStoreType(java.lang.String trustStoreType)

Parameters:

trustStoreType - The type of the trust store (default "JKS")

setTrustStorePassword

public void setTrustStorePassword(java.lang.String password)

Parameters:

password - The password for the trust store

getCrlPath

public java.lang.String getCrlPath()

Get the crlPath.

Returns:

the crlPath

setCrlPath

public void setCrlPath(java.lang.String crlPath)

Set the crlPath.

Parameters:

crlPath - the crlPath to set

getMaxCertPathLength

public int getMaxCertPathLength()

Returns:

Maximum number of intermediate certificates in the certification path (-1 for unlimited)

setMaxCertPathLength

public void setMaxCertPathLength(int maxCertPathLength)

Parameters:

maxCertPathLength - maximum number of intermediate certificates in the certification path (-1 for unlimited)

isEnableCRLDP

public boolean isEnableCRLDP()

Returns:

true if CRL Distribution Points support is enabled

setEnableCRLDP

public void setEnableCRLDP(boolean enableCRLDP)

Enables CRL Distribution Points Support

Parameters:

enableCRLDP - true - turn on, false - turns off

isEnableOCSP

public boolean isEnableOCSP()

Returns:

true if On-Line Certificate Status Protocol support is enabled

setEnableOCSP

public void setEnableOCSP(boolean enableOCSP)

Enables On-Line Certificate Status Protocol support

Parameters:

enableOCSP - true - turn on, false - turn off

getOcspResponderURL

public java.lang.String getOcspResponderURL()

Returns:

Location of the OCSP Responder

setOcspResponderURL

public void setOcspResponderURL(java.lang.String ocspResponderURL)

Set the location of the OCSP Responder.

Parameters:

ocspResponderURL - location of the OCSP Responder