java.lang.Object
- org.apache.catalina.util.LifecycleBase
- - org.apache.catalina.util.LifecycleMBeanBase
  - - org.apache.catalina.valves.ValveBase
    - - org.apache.catalina.authenticator.AuthenticatorBase
      - org.apache.catalina.authenticator.SSLAuthenticator

All Implemented Interfaces:

RegistrationListener, javax.management.MBeanRegistration, Authenticator, Contained, JmxEnabled, Lifecycle, Valve
```
public class SSLAuthenticator
extends AuthenticatorBase
```
An Authenticator and Valve implementation of authentication that utilizes SSL certificates to identify client users.

Author:

Craig R. McClanahan

Nested Class Summary
- Nested classes/interfaces inherited from class org.apache.catalina.authenticator.AuthenticatorBase
  AuthenticatorBase.AllowCorsPreflight
- Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle
  Lifecycle.SingleUse

Field Summary
- Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase
  alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, jaspicCallbackHandlerClass, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sendAuthInfoResponseHeaders, sessionIdGenerator, sm, sso
- Fields inherited from class org.apache.catalina.valves.ValveBase
  asyncSupported, container, containerLog, next
- Fields inherited from interface org.apache.catalina.Lifecycle
  AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Constructors
Constructor Description

SSLAuthenticator()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`protected boolean`	`doAuthenticate(Request request, HttpServletResponse response)`	Authenticate the user by checking for the existence of a certificate chain, validating it against the trust manager for the connector and then validating the user's identity against the configured Realm.
`protected java.lang.String`	`getAuthMethod()`
`protected java.security.cert.X509Certificate[]`	`getRequestCertificates(Request request)`	Look for the X509 certificate chain in the Request under the key `jakarta.servlet.request.X509Certificate`.
`protected boolean`	`isPreemptiveAuthPossible(Request request)`	Can the authenticator perform preemptive authentication for the given request?
`protected void`	`startInternal()`	Start this component and implement the requirements of `LifecycleBase.startInternal()`.

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase
allowCorsPreflightBypass, associate, authenticate, changeSessionID, checkForCachedAuthentication, doLogin, getAllowCorsPreflight, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getJaspicCallbackHandlerClass, getRealmName, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, isContinuationRequired, isSendAuthInfoResponseHeaders, login, logout, notify, reauthenticateFromSSO, register, register, setAllowCorsPreflight, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setJaspicCallbackHandlerClass, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, setSendAuthInfoResponseHeaders, stopInternal

Methods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toString

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregister

Methods inherited from class org.apache.catalina.util.LifecycleBase
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Constructor Detail
  - SSLAuthenticator
```
public SSLAuthenticator()
```
- Method Detail
  - doAuthenticate
```
protected boolean doAuthenticate(Request request,
                                 HttpServletResponse response)
                          throws java.io.IOException
```
    Authenticate the user by checking for the existence of a certificate chain, validating it against the trust manager for the connector and then validating the user's identity against the configured Realm.
    
    Specified by:
    
    doAuthenticate in class AuthenticatorBase
    
    Parameters:
    
    request - Request we are processing
    
    response - Response we are creating
    
    Returns:
    
    true if the the user was authenticated, otherwise false, in which case an authentication challenge will have been written to the response
    
    Throws:
    
    java.io.IOException - if an input/output error occurs
  - getAuthMethod
```
protected java.lang.String getAuthMethod()
```
    Specified by:
    
    getAuthMethod in class AuthenticatorBase
  - isPreemptiveAuthPossible
```
protected boolean isPreemptiveAuthPossible(Request request)
```
    Description copied from class: AuthenticatorBase
    
    Can the authenticator perform preemptive authentication for the given request?
    
    Overrides:
    
    isPreemptiveAuthPossible in class AuthenticatorBase
    
    Parameters:
    
    request - The request to check for credentials
    
    Returns:
    
    true if preemptive authentication is possible, otherwise false
  - getRequestCertificates
```
protected java.security.cert.X509Certificate[] getRequestCertificates(Request request)
                                                               throws java.lang.IllegalStateException
```
    Look for the X509 certificate chain in the Request under the key jakarta.servlet.request.X509Certificate. If not found, trigger extracting the certificate chain from the Coyote request.
    
    Parameters:
    
    request - Request to be processed
    
    Returns:
    
    The X509 certificate chain if found, null otherwise.
    
    Throws:
    
    java.lang.IllegalStateException
  - startInternal
```
protected void startInternal()
                      throws LifecycleException
```
    Description copied from class: AuthenticatorBase
    
    Start this component and implement the requirements of LifecycleBase.startInternal().
    
    Overrides:
    
    startInternal in class AuthenticatorBase
    
    Throws:
    
    LifecycleException - if this component detects a fatal error that prevents this component from being used

Class SSLAuthenticator

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.catalina.authenticator.AuthenticatorBase

Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle

Field Summary

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

Fields inherited from class org.apache.catalina.valves.ValveBase

Fields inherited from interface org.apache.catalina.Lifecycle

Constructor Summary

Method Summary

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

Methods inherited from class org.apache.catalina.valves.ValveBase

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase

Methods inherited from class org.apache.catalina.util.LifecycleBase

Methods inherited from class java.lang.Object

Constructor Detail

SSLAuthenticator

Method Detail

doAuthenticate

getAuthMethod

isPreemptiveAuthPossible

getRequestCertificates

startInternal