Package org.eclipse.jetty.security.authentication

Class SslClientCertAuthenticator

java.lang.Object

org.eclipse.jetty.security.authentication.LoginAuthenticator

org.eclipse.jetty.security.authentication.SslClientCertAuthenticator

All Implemented Interfaces:

Authenticator

public class SslClientCertAuthenticator
extends LoginAuthenticator

CLIENT-CERT authenticator.

This Authenticator implements client certificate authentication. The client certificates available in the request will be verified against the configured SslContextFactory instance

Nested Class Summary

Nested classes/interfaces inherited from interface org.eclipse.jetty.security.Authenticator

Authenticator.AuthConfiguration, Authenticator.Factory

Field Summary

Fields inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator

_identityService, _loginService

Constructor Summary

Constructors

Constructor	Description
SslClientCertAuthenticator(SslContextFactory sslContextFactory)

Method Summary

Modifier and Type	Method	Description
String	getAuthMethod()
boolean	isValidateCerts()
boolean	secureResponse(jakarta.servlet.ServletRequest req, jakarta.servlet.ServletResponse res, boolean mandatory, Authentication.User validatedUser)	is response secure
void	setValidateCerts(boolean validateCerts)
Authentication	validateRequest(jakarta.servlet.ServletRequest req, jakarta.servlet.ServletResponse res, boolean mandatory)	Validate a request

Methods inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator

getLoginService, login, logout, prepareRequest, renewSession, setConfiguration

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SslClientCertAuthenticator

public SslClientCertAuthenticator(SslContextFactory sslContextFactory)

Method Details

getAuthMethod

public String getAuthMethod()

Returns:

The name of the authentication method

validateRequest

public Authentication validateRequest(jakarta.servlet.ServletRequest req,
 jakarta.servlet.ServletResponse res,
 boolean mandatory)
                               throws ServerAuthException

Description copied from interface: Authenticator

Validate a request

Parameters:

req - The request

res - The response

mandatory - True if authentication is mandatory.

Returns:

An Authentication. If Authentication is successful, this will be a Authentication.User. If a response has been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will implement Authentication.ResponseSent. If Authentication is not mandatory, then a Authentication.Deferred may be returned.

Throws:

ServerAuthException - if unable to validate request

secureResponse

public boolean secureResponse(jakarta.servlet.ServletRequest req,
 jakarta.servlet.ServletResponse res,
 boolean mandatory,
 Authentication.User validatedUser)
                       throws ServerAuthException

Description copied from interface: Authenticator

is response secure

Parameters:

req - the request

res - the response

mandatory - if security is mandator

validatedUser - the user that was validated

Returns:

true if response is secure

Throws:

ServerAuthException - if unable to test response

isValidateCerts

public boolean isValidateCerts()

Returns:

true if SSL certificate has to be validated.

setValidateCerts

public void setValidateCerts(boolean validateCerts)

Parameters:

validateCerts - true if SSL certificates have to be validated.