Class SSLAuthenticator
java.lang.Object
org.apache.catalina.util.LifecycleBase
org.apache.catalina.util.LifecycleMBeanBase
org.apache.catalina.valves.ValveBase
org.apache.catalina.authenticator.AuthenticatorBase
org.apache.catalina.authenticator.SSLAuthenticator
- All Implemented Interfaces:
MBeanRegistration,RegistrationListener,Authenticator,Contained,JmxEnabled,Lifecycle,Valve
An Authenticator and Valve implementation of authentication that utilizes SSL certificates to identify
client users.
- Author:
- Craig R. McClanahan
-
Nested Class Summary
Nested classes/interfaces inherited from class org.apache.catalina.authenticator.AuthenticatorBase
AuthenticatorBase.AllowCorsPreflightNested classes/interfaces inherited from interface org.apache.catalina.Lifecycle
Lifecycle.SingleUse -
Field Summary
Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase
alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, jaspicCallbackHandlerClass, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sendAuthInfoResponseHeaders, sessionIdGenerator, sm, ssoFields inherited from class org.apache.catalina.valves.ValveBase
asyncSupported, container, containerLog, nextFields inherited from class org.apache.catalina.util.LifecycleMBeanBase
mserverFields inherited from interface org.apache.catalina.Lifecycle
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected booleandoAuthenticate(Request request, HttpServletResponse response) Authenticate the user by checking for the existence of a certificate chain, validating it against the trust manager for the connector and then validating the user's identity against the configured Realm.protected StringReturn the authentication method, which is vendor-specific and not defined by HttpServletRequest.protected X509Certificate[]getRequestCertificates(Request request) Look for the X509 certificate chain in the Request under the keyjakarta.servlet.request.X509Certificate.protected booleanisPreemptiveAuthPossible(Request request) Can the authenticator perform preemptive authentication for the given request?protected voidStart this component and implement the requirements ofLifecycleBase.startInternal().Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase
allowCorsPreflightBypass, associate, authenticate, changeSessionID, checkForCachedAuthentication, doLogin, getAllowCorsPreflight, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getJaspicCallbackHandlerClass, getRealmName, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, isContinuationRequired, isSendAuthInfoResponseHeaders, login, logout, notify, reauthenticateFromSSO, register, register, setAllowCorsPreflight, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setJaspicCallbackHandlerClass, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, setSendAuthInfoResponseHeaders, stopInternalMethods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toStringMethods inherited from class org.apache.catalina.util.LifecycleMBeanBase
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregisterMethods inherited from class org.apache.catalina.util.LifecycleBase
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop
-
Constructor Details
-
SSLAuthenticator
public SSLAuthenticator()
-
-
Method Details
-
doAuthenticate
Authenticate the user by checking for the existence of a certificate chain, validating it against the trust manager for the connector and then validating the user's identity against the configured Realm.- Specified by:
doAuthenticatein classAuthenticatorBase- Parameters:
request- Request we are processingresponse- Response we are creating- Returns:
trueif the the user was authenticated, otherwisefalse, in which case an authentication challenge will have been written to the response- Throws:
IOException- if an input/output error occurs
-
getAuthMethod
Description copied from class:AuthenticatorBaseReturn the authentication method, which is vendor-specific and not defined by HttpServletRequest.- Specified by:
getAuthMethodin classAuthenticatorBase- Returns:
- the authentication method, which is vendor-specific and not defined by HttpServletRequest.
-
isPreemptiveAuthPossible
Description copied from class:AuthenticatorBaseCan the authenticator perform preemptive authentication for the given request?- Overrides:
isPreemptiveAuthPossiblein classAuthenticatorBase- Parameters:
request- The request to check for credentials- Returns:
trueif preemptive authentication is possible, otherwisefalse
-
getRequestCertificates
Look for the X509 certificate chain in the Request under the keyjakarta.servlet.request.X509Certificate. If not found, trigger extracting the certificate chain from the Coyote request.- Parameters:
request- Request to be processed- Returns:
- The X509 certificate chain if found,
nullotherwise. - Throws:
IllegalStateException
-
startInternal
Description copied from class:ValveBaseStart this component and implement the requirements ofLifecycleBase.startInternal().- Overrides:
startInternalin classAuthenticatorBase- Throws:
LifecycleException- if this component detects a fatal error that prevents this component from being used
-