File Doc Category Size Date Package
SSLAuthenticator.java API Doc Glassfish v2 API 7283 Fri May 04 22:31:54 BST 2007 org.apache.catalina.authenticator

SSLAuthenticator

java.lang.Object
- AuthenticatorBase

public class SSLAuthenticator extends AuthenticatorBase

An Authenticator and Valve implementation of authentication that utilizes SSL certificates to identify client users.

author: Craig R. McClanahan
version: $Revision: 1.5 $ $Date: 2007/05/05 05:31:53 $

Fields Summary
protected static final String
info
Descriptive information about this implementation.
Constructors Summary
Methods Summary
public boolean authenticate(org.apache.catalina.HttpRequest request, org.apache.catalina.HttpResponse response, org.apache.catalina.deploy.LoginConfig config)
Authenticate the user by checking for the existence of a certificate chain, and optionally asking a trust manager to validate that we trust this user.
param
request Request we are processing
param
response Response we are creating
param
login Login configuration describing how authentication should be performed
exception
IOException if an input/output error occurs
// Have we already authenticated someone? Principal principal = ((HttpServletRequest) request.getRequest()).getUserPrincipal(); if (principal != null) { if (debug >= 1) log("Already authenticated '" + principal.getName() + "'"); return (true); } // Retrieve the certificate chain for this client HttpServletResponse hres = (HttpServletResponse) response.getResponse(); if (debug >= 1) log(" Looking up certificates"); X509Certificate certs[] = (X509Certificate[]) request.getRequest().getAttribute(Globals.CERTIFICATES_ATTR); if ((certs == null) || (certs.length < 1)) { certs = (X509Certificate[]) request.getRequest().getAttribute(Globals.SSL_CERTIFICATE_ATTR); } if ((certs == null) || (certs.length < 1)) { if (debug >= 1) log(" No certificates included with this request"); /* S1AS 4878272 hres.sendError(HttpServletResponse.SC_BAD_REQUEST, sm.getString("authenticator.certificates")); */ // BEGIN S1AS 4878272 hres.sendError(HttpServletResponse.SC_BAD_REQUEST); response.setDetailMessage(sm.getString("authenticator.certificates")); // END S1AS 4878272 return (false); } // Authenticate the specified certificate chain principal = context.getRealm().authenticate(certs); if (principal == null) { if (debug >= 1) log(" Realm.authenticate() returned false"); /* S1AS 4878272 hres.sendError(HttpServletResponse.SC_UNAUTHORIZED, sm.getString("authenticator.unauthorized")); */ // BEGIN S1AS 4878272 hres.sendError(HttpServletResponse.SC_UNAUTHORIZED); response.setDetailMessage(sm.getString("authenticator.unauthorized")); // END S1AS 4878272 return (false); } // Cache the principal (if requested) and record this authentication register(request, response, principal, Constants.CERT_METHOD, null, null); String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE); if (ssoId != null) { getSession(request, true); } return (true);
public java.lang.String getInfo()
Return descriptive information about this Valve implementation.
return (this.info);
public void start()
Initialize the database we will be using for client verification and certificate validation (if any).
exception
LifecycleException if this component detects a fatal error that prevents this component from being used
super.start();
public void stop()
Finalize the database we used for client verification and certificate validation (if any).
exception
LifecycleException if this component detects a fatal error that prevents this component from being used
super.stop();