Class SSLAuthenticator

All Implemented Interfaces:
RegistrationListener, MBeanRegistration, Authenticator, Contained, JmxEnabled, Lifecycle, Valve

public class SSLAuthenticator extends AuthenticatorBase
An Authenticator and Valve implementation of authentication that utilizes SSL certificates to identify client users.
Author:
Craig R. McClanahan
  • Constructor Details

    • SSLAuthenticator

      public SSLAuthenticator()
  • Method Details

    • doAuthenticate

      protected boolean doAuthenticate(Request request, HttpServletResponse response) throws IOException
      Authenticate the user by checking for the existence of a certificate chain, validating it against the trust manager for the connector and then validating the user's identity against the configured Realm.
      Specified by:
      doAuthenticate in class AuthenticatorBase
      Parameters:
      request - Request we are processing
      response - Response we are creating
      Returns:
      true if the the user was authenticated, otherwise false, in which case an authentication challenge will have been written to the response
      Throws:
      IOException - if an input/output error occurs
    • getAuthMethod

      protected String getAuthMethod()
      Description copied from class: AuthenticatorBase
      Return the authentication method, which is vendor-specific and not defined by HttpServletRequest.
      Specified by:
      getAuthMethod in class AuthenticatorBase
      Returns:
      the authentication method, which is vendor-specific and not defined by HttpServletRequest.
    • isPreemptiveAuthPossible

      protected boolean isPreemptiveAuthPossible(Request request)
      Description copied from class: AuthenticatorBase
      Can the authenticator perform preemptive authentication for the given request?
      Overrides:
      isPreemptiveAuthPossible in class AuthenticatorBase
      Parameters:
      request - The request to check for credentials
      Returns:
      true if preemptive authentication is possible, otherwise false
    • getRequestCertificates

      protected X509Certificate[] getRequestCertificates(Request request) throws IllegalStateException
      Look for the X509 certificate chain in the Request under the key jakarta.servlet.request.X509Certificate. If not found, trigger extracting the certificate chain from the Coyote request.
      Parameters:
      request - Request to be processed
      Returns:
      The X509 certificate chain if found, null otherwise.
      Throws:
      IllegalStateException
    • startInternal

      protected void startInternal() throws LifecycleException
      Description copied from class: ValveBase
      Start this component and implement the requirements of LifecycleBase.startInternal().
      Overrides:
      startInternal in class AuthenticatorBase
      Throws:
      LifecycleException - if this component detects a fatal error that prevents this component from being used