Class SSLAuthenticator
- java.lang.Object
- 
- org.apache.catalina.util.LifecycleBase
- 
- org.apache.catalina.util.LifecycleMBeanBase
- 
- org.apache.catalina.valves.ValveBase
- 
- org.apache.catalina.authenticator.AuthenticatorBase
- 
- org.apache.catalina.authenticator.SSLAuthenticator
 
 
 
 
 
- 
- All Implemented Interfaces:
- javax.management.MBeanRegistration,- RegistrationListener,- Authenticator,- Contained,- JmxEnabled,- Lifecycle,- Valve
 
 public class SSLAuthenticator extends AuthenticatorBase An Authenticator and Valve implementation of authentication that utilizes SSL certificates to identify client users.- Author:
- Craig R. McClanahan
 
- 
- 
Nested Class Summary- 
Nested classes/interfaces inherited from class org.apache.catalina.authenticator.AuthenticatorBaseAuthenticatorBase.AllowCorsPreflight
 - 
Nested classes/interfaces inherited from interface org.apache.catalina.LifecycleLifecycle.SingleUse
 
- 
 - 
Field Summary- 
Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBasealwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, jaspicCallbackHandlerClass, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sendAuthInfoResponseHeaders, sessionIdGenerator, sm, sso
 - 
Fields inherited from class org.apache.catalina.valves.ValveBaseasyncSupported, container, containerLog, next
 - 
Fields inherited from class org.apache.catalina.util.LifecycleMBeanBasemserver
 - 
Fields inherited from interface org.apache.catalina.LifecycleAFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
 
- 
 - 
Constructor SummaryConstructors Constructor Description SSLAuthenticator()
 - 
Method SummaryAll Methods Instance Methods Concrete Methods Modifier and Type Method Description protected booleandoAuthenticate(Request request, HttpServletResponse response)Authenticate the user by checking for the existence of a certificate chain, validating it against the trust manager for the connector and then validating the user's identity against the configured Realm.protected java.lang.StringgetAuthMethod()protected java.security.cert.X509Certificate[]getRequestCertificates(Request request)Look for the X509 certificate chain in the Request under the keyjakarta.servlet.request.X509Certificate.protected booleanisPreemptiveAuthPossible(Request request)Can the authenticator perform preemptive authentication for the given request?protected voidstartInternal()Start this component and implement the requirements ofLifecycleBase.startInternal().- 
Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBaseallowCorsPreflightBypass, associate, authenticate, changeSessionID, checkForCachedAuthentication, doLogin, getAllowCorsPreflight, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getJaspicCallbackHandlerClass, getRealmName, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, isContinuationRequired, isSendAuthInfoResponseHeaders, login, logout, notify, reauthenticateFromSSO, register, register, setAllowCorsPreflight, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setJaspicCallbackHandlerClass, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, setSendAuthInfoResponseHeaders, stopInternal
 - 
Methods inherited from class org.apache.catalina.valves.ValveBasebackgroundProcess, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toString
 - 
Methods inherited from class org.apache.catalina.util.LifecycleMBeanBasedestroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister
 - 
Methods inherited from class org.apache.catalina.util.LifecycleBaseaddLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop
 
- 
 
- 
- 
- 
Method Detail- 
doAuthenticateprotected boolean doAuthenticate(Request request, HttpServletResponse response) throws java.io.IOException Authenticate the user by checking for the existence of a certificate chain, validating it against the trust manager for the connector and then validating the user's identity against the configured Realm.- Specified by:
- doAuthenticatein class- AuthenticatorBase
- Parameters:
- request- Request we are processing
- response- Response we are creating
- Returns:
- trueif the the user was authenticated, otherwise- false, in which case an authentication challenge will have been written to the response
- Throws:
- java.io.IOException- if an input/output error occurs
 
 - 
getAuthMethodprotected java.lang.String getAuthMethod() - Specified by:
- getAuthMethodin class- AuthenticatorBase
 
 - 
isPreemptiveAuthPossibleprotected boolean isPreemptiveAuthPossible(Request request) Description copied from class:AuthenticatorBaseCan the authenticator perform preemptive authentication for the given request?- Overrides:
- isPreemptiveAuthPossiblein class- AuthenticatorBase
- Parameters:
- request- The request to check for credentials
- Returns:
- trueif preemptive authentication is possible, otherwise- false
 
 - 
getRequestCertificatesprotected java.security.cert.X509Certificate[] getRequestCertificates(Request request) throws java.lang.IllegalStateException Look for the X509 certificate chain in the Request under the keyjakarta.servlet.request.X509Certificate. If not found, trigger extracting the certificate chain from the Coyote request.- Parameters:
- request- Request to be processed
- Returns:
- The X509 certificate chain if found, nullotherwise.
- Throws:
- java.lang.IllegalStateException
 
 - 
startInternalprotected void startInternal() throws LifecycleExceptionDescription copied from class:AuthenticatorBaseStart this component and implement the requirements ofLifecycleBase.startInternal().- Overrides:
- startInternalin class- AuthenticatorBase
- Throws:
- LifecycleException- if this component detects a fatal error that prevents this component from being used
 
 
- 
 
-