org.apache.catalina.authenticator

Class SSLAuthenticator

java.lang.Object

org.apache.catalina.util.LifecycleBase

org.apache.catalina.util.LifecycleMBeanBase

org.apache.catalina.valves.ValveBase

org.apache.catalina.authenticator.AuthenticatorBase

org.apache.catalina.authenticator.SSLAuthenticator

All Implemented Interfaces:

javax.management.MBeanRegistration, RegistrationListener, Authenticator, Contained, JmxEnabled, Lifecycle, Valve

public class SSLAuthenticator
extends AuthenticatorBase

An Authenticator and Valve implementation of authentication that utilizes SSL certificates to identify client users.

Author:

Craig R. McClanahan

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.catalina.authenticator.AuthenticatorBase

AuthenticatorBase.AllowCorsPreflight

Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle

Lifecycle.SingleUse

Field Summary

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, jaspicCallbackHandlerClass, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sendAuthInfoResponseHeaders, sessionIdGenerator, sm, sso

Fields inherited from class org.apache.catalina.valves.ValveBase

asyncSupported, container, containerLog, next

Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase

mserver

Fields inherited from interface org.apache.catalina.Lifecycle

AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Constructors

Constructor and Description
SSLAuthenticator()

Method Summary

Modifier and Type	Method and Description
protected boolean	doAuthenticate(Request request, HttpServletResponse response) Authenticate the user by checking for the existence of a certificate chain, validating it against the trust manager for the connector and then validating the user's identity against the configured Realm.
protected java.lang.String	getAuthMethod() Return the authentication method, which is vendor-specific and not defined by HttpServletRequest.
protected java.security.cert.X509Certificate[]	getRequestCertificates(Request request) Look for the X509 certificate chain in the Request under the key jakarta.servlet.request.X509Certificate.
protected boolean	isPreemptiveAuthPossible(Request request) Can the authenticator perform preemptive authentication for the given request?
protected void	startInternal() Start this component and implement the requirements of LifecycleBase.startInternal().

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

allowCorsPreflightBypass, associate, authenticate, changeSessionID, checkForCachedAuthentication, doLogin, getAllowCorsPreflight, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getJaspicCallbackHandlerClass, getRealmName, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, isContinuationRequired, isSendAuthInfoResponseHeaders, login, logout, notify, reauthenticateFromSSO, register, register, setAllowCorsPreflight, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setJaspicCallbackHandlerClass, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, setSendAuthInfoResponseHeaders, stopInternal

Methods inherited from class org.apache.catalina.valves.ValveBase

backgroundProcess, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toString

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase

destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregister

Methods inherited from class org.apache.catalina.util.LifecycleBase

addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

SSLAuthenticator

public SSLAuthenticator()

Method Detail

doAuthenticate

protected boolean doAuthenticate(Request request,
                                 HttpServletResponse response)
                          throws java.io.IOException

Authenticate the user by checking for the existence of a certificate chain, validating it against the trust manager for the connector and then validating the user's identity against the configured Realm.

Specified by:

doAuthenticate in class AuthenticatorBase

Parameters:

request - Request we are processing

response - Response we are creating

Returns:

true if the the user was authenticated, otherwise false, in which case an authentication challenge will have been written to the response

Throws:

java.io.IOException - if an input/output error occurs

getAuthMethod

protected java.lang.String getAuthMethod()

Description copied from class: AuthenticatorBase

Return the authentication method, which is vendor-specific and not defined by HttpServletRequest.

Specified by:

getAuthMethod in class AuthenticatorBase

Returns:

the authentication method, which is vendor-specific and not defined by HttpServletRequest.

isPreemptiveAuthPossible

protected boolean isPreemptiveAuthPossible(Request request)

Description copied from class: AuthenticatorBase

Can the authenticator perform preemptive authentication for the given request?

Overrides:

isPreemptiveAuthPossible in class AuthenticatorBase

Parameters:

request - The request to check for credentials

Returns:

true if preemptive authentication is possible, otherwise false

getRequestCertificates

protected java.security.cert.X509Certificate[] getRequestCertificates(Request request)
                                                               throws java.lang.IllegalStateException

Look for the X509 certificate chain in the Request under the key jakarta.servlet.request.X509Certificate. If not found, trigger extracting the certificate chain from the Coyote request.

Parameters:

request - Request to be processed

Returns:

The X509 certificate chain if found, null otherwise.

Throws:

java.lang.IllegalStateException

startInternal

protected void startInternal()
                      throws LifecycleException

Description copied from class: ValveBase

Start this component and implement the requirements of LifecycleBase.startInternal().

Overrides:

startInternal in class AuthenticatorBase

Throws:

LifecycleException - if this component detects a fatal error that prevents this component from being used