ClientCertAuthenticator (Jetty :: Project 7.4.0.v20110414 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.eclipse.jetty.security.authentication
Class ClientCertAuthenticator

java.lang.Object
  org.eclipse.jetty.security.authentication.LoginAuthenticator
      org.eclipse.jetty.security.authentication.ClientCertAuthenticator

All Implemented Interfaces:: Authenticator

public class ClientCertAuthenticator
extends LoginAuthenticator
extends LoginAuthenticator

Version:: $Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $

Nested Class Summary

Nested classes/interfaces inherited from interface org.eclipse.jetty.security.Authenticator
`Authenticator.AuthConfiguration, Authenticator.Factory`

Field Summary

Fields inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator
`_deferred, _identityService, _loginService, SESSION_SECURED`

Constructor Summary
`ClientCertAuthenticator()`

Method Summary
`String`	`getAuthMethod()`
`String`	`getCrlPath()` Get the crlPath.
`protected KeyStore`	`getKeyStore(InputStream storeStream, String storePath, String storeType, String storeProvider, String storePassword)` Loads keystore using an input stream or a file path in the same order of precedence.
`int`	`getMaxCertPathLength()`
`String`	`getOcspResponderURL()`
`String`	`getTrustStore()`
`String`	`getTrustStoreProvider()`
`String`	`getTrustStoreType()`
`boolean`	`isEnableCRLDP()`
`boolean`	`isEnableOCSP()`
`boolean`	`isValidateCerts()`
`protected Collection<? extends CRL>`	`loadCRL(String crlPath)` Loads certificate revocation list (CRL) from a file.
`boolean`	`secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, Authentication.User validatedUser)`
`void`	`setCrlPath(String crlPath)` Set the crlPath.
`void`	`setEnableCRLDP(boolean enableCRLDP)` Enables CRL Distribution Points Support
`void`	`setEnableOCSP(boolean enableOCSP)` Enables On-Line Certificate Status Protocol support
`void`	`setMaxCertPathLength(int maxCertPathLength)`
`void`	`setOcspResponderURL(String ocspResponderURL)` Set the location of the OCSP Responder.
`void`	`setTrustStore(String trustStorePath)`
`void`	`setTrustStorePassword(String password)`
`void`	`setTrustStoreProvider(String trustStoreProvider)`
`void`	`setTrustStoreType(String trustStoreType)`
`void`	`setValidateCerts(boolean validateCerts)`
`Authentication`	`validateRequest(ServletRequest req, ServletResponse res, boolean mandatory)` Validate a response

Methods inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator
`getLoginService, renewSessionOnAuthentication, setConfiguration`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

ClientCertAuthenticator

public ClientCertAuthenticator()

Method Detail

getAuthMethod

public String getAuthMethod()

Returns:: The name of the authentication method

validateRequest

public Authentication validateRequest(ServletRequest req,
                                      ServletResponse res,
                                      boolean mandatory)
                               throws ServerAuthException

Description copied from interface: Authenticator

Validate a response

Parameters:: req - The request; res - The response; mandatory - True if authentication is mandatory.
Returns:: Authentication for request
Throws:: ServerAuthException

getKeyStore

protected KeyStore getKeyStore(InputStream storeStream,
                               String storePath,
                               String storeType,
                               String storeProvider,
                               String storePassword)
                        throws Exception

Loads keystore using an input stream or a file path in the same order of precedence. Required for integrations to be able to override the mechanism used to load a keystore in order to provide their own implementation.

Parameters:: storeStream - keystore input stream; storePath - path of keystore file; storeType - keystore type; storeProvider - keystore provider; storePassword - keystore password
Returns:: created keystore
Throws:: Exception

loadCRL

protected Collection<? extends CRL> loadCRL(String crlPath)
                                     throws Exception

Loads certificate revocation list (CRL) from a file. Required for integrations to be able to override the mechanism used to load CRL in order to provide their own implementation.

Parameters:: crlPath - path of certificate revocation list file
Returns:
Throws:: Exception

secureResponse

public boolean secureResponse(ServletRequest req,
                              ServletResponse res,
                              boolean mandatory,
                              Authentication.User validatedUser)
                       throws ServerAuthException

Returns:: true if response is secure
Throws:: ServerAuthException

isValidateCerts

public boolean isValidateCerts()

Returns:: true if SSL certificate has to be validated

setValidateCerts

public void setValidateCerts(boolean validateCerts)

Parameters:: validateCerts - true if SSL certificates have to be validated

getTrustStore

public String getTrustStore()

Returns:: The file name or URL of the trust store location

setTrustStore

public void setTrustStore(String trustStorePath)

Parameters:: trustStorePath - The file name or URL of the trust store location

getTrustStoreProvider

public String getTrustStoreProvider()

Returns:: The provider of the trust store

setTrustStoreProvider

public void setTrustStoreProvider(String trustStoreProvider)

Parameters:: trustStoreProvider - The provider of the trust store

getTrustStoreType

public String getTrustStoreType()

Returns:: The type of the trust store (default "JKS")

setTrustStoreType

public void setTrustStoreType(String trustStoreType)

Parameters:: trustStoreType - The type of the trust store (default "JKS")

setTrustStorePassword

public void setTrustStorePassword(String password)

Parameters:: password - The password for the trust store

getCrlPath

public String getCrlPath()

Get the crlPath.

Returns:: the crlPath

setCrlPath

public void setCrlPath(String crlPath)

Set the crlPath.

Parameters:: crlPath - the crlPath to set

getMaxCertPathLength

public int getMaxCertPathLength()

Returns:: Maximum number of intermediate certificates in the certification path (-1 for unlimited)

setMaxCertPathLength

public void setMaxCertPathLength(int maxCertPathLength)

Parameters:: maxCertPathLength - maximum number of intermediate certificates in the certification path (-1 for unlimited)

isEnableCRLDP

public boolean isEnableCRLDP()

Returns:: true if CRL Distribution Points support is enabled

setEnableCRLDP

public void setEnableCRLDP(boolean enableCRLDP)

Enables CRL Distribution Points Support

Parameters:: enableCRLDP - true - turn on, false - turns off

isEnableOCSP

public boolean isEnableOCSP()

Returns:: true if On-Line Certificate Status Protocol support is enabled

setEnableOCSP

public void setEnableOCSP(boolean enableOCSP)

Enables On-Line Certificate Status Protocol support

Parameters:: enableOCSP - true - turn on, false - turn off

getOcspResponderURL

public String getOcspResponderURL()

Returns:: Location of the OCSP Responder

setOcspResponderURL

public void setOcspResponderURL(String ocspResponderURL)

Set the location of the OCSP Responder.

Parameters:: ocspResponderURL - location of the OCSP Responder