Class SSLAuthenticator
java.lang.Object
org.apache.catalina.util.LifecycleBase
org.apache.catalina.util.LifecycleMBeanBase
org.apache.catalina.valves.ValveBase
org.apache.catalina.authenticator.AuthenticatorBase
org.apache.catalina.authenticator.SSLAuthenticator
- All Implemented Interfaces:
- RegistrationListener,- MBeanRegistration,- Authenticator,- Contained,- JmxEnabled,- Lifecycle,- Valve
An Authenticator and Valve implementation of authentication that utilizes SSL certificates to identify
 client users.
- Author:
- Craig R. McClanahan
- 
Nested Class SummaryNested classes/interfaces inherited from class org.apache.catalina.authenticator.AuthenticatorBaseAuthenticatorBase.AllowCorsPreflightNested classes/interfaces inherited from interface org.apache.catalina.LifecycleLifecycle.SingleUse
- 
Field SummaryFields inherited from class org.apache.catalina.authenticator.AuthenticatorBasealwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, jaspicCallbackHandlerClass, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sendAuthInfoResponseHeaders, sessionIdGenerator, sm, ssoFields inherited from class org.apache.catalina.valves.ValveBaseasyncSupported, container, containerLog, nextFields inherited from interface org.apache.catalina.LifecycleAFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
- 
Constructor SummaryConstructors
- 
Method SummaryModifier and TypeMethodDescriptionprotected booleandoAuthenticate(Request request, HttpServletResponse response) Authenticate the user by checking for the existence of a certificate chain, validating it against the trust manager for the connector and then validating the user's identity against the configured Realm.protected StringReturn the authentication method, which is vendor-specific and not defined by HttpServletRequest.protected X509Certificate[]getRequestCertificates(Request request) Look for the X509 certificate chain in the Request under the keyjakarta.servlet.request.X509Certificate.protected booleanisPreemptiveAuthPossible(Request request) Can the authenticator perform preemptive authentication for the given request?protected voidStart this component and implement the requirements ofLifecycleBase.startInternal().Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBaseallowCorsPreflightBypass, associate, authenticate, changeSessionID, checkForCachedAuthentication, doLogin, getAllowCorsPreflight, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getJaspicCallbackHandlerClass, getRealmName, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, isContinuationRequired, isSendAuthInfoResponseHeaders, login, logout, notify, reauthenticateFromSSO, register, register, setAllowCorsPreflight, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setJaspicCallbackHandlerClass, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, setSendAuthInfoResponseHeaders, stopInternalMethods inherited from class org.apache.catalina.valves.ValveBasebackgroundProcess, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toStringMethods inherited from class org.apache.catalina.util.LifecycleMBeanBasedestroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregisterMethods inherited from class org.apache.catalina.util.LifecycleBaseaddLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop
- 
Constructor Details- 
SSLAuthenticatorpublic SSLAuthenticator()
 
- 
- 
Method Details- 
doAuthenticateAuthenticate the user by checking for the existence of a certificate chain, validating it against the trust manager for the connector and then validating the user's identity against the configured Realm.- Specified by:
- doAuthenticatein class- AuthenticatorBase
- Parameters:
- request- Request we are processing
- response- Response we are creating
- Returns:
- trueif the the user was authenticated, otherwise- false, in which case an authentication challenge will have been written to the response
- Throws:
- IOException- if an input/output error occurs
 
- 
getAuthMethodDescription copied from class:AuthenticatorBaseReturn the authentication method, which is vendor-specific and not defined by HttpServletRequest.- Specified by:
- getAuthMethodin class- AuthenticatorBase
- Returns:
- the authentication method, which is vendor-specific and not defined by HttpServletRequest.
 
- 
isPreemptiveAuthPossibleDescription copied from class:AuthenticatorBaseCan the authenticator perform preemptive authentication for the given request?- Overrides:
- isPreemptiveAuthPossiblein class- AuthenticatorBase
- Parameters:
- request- The request to check for credentials
- Returns:
- trueif preemptive authentication is possible, otherwise- false
 
- 
getRequestCertificatesLook for the X509 certificate chain in the Request under the keyjakarta.servlet.request.X509Certificate. If not found, trigger extracting the certificate chain from the Coyote request.- Parameters:
- request- Request to be processed
- Returns:
- The X509 certificate chain if found, nullotherwise.
- Throws:
- IllegalStateException
 
- 
startInternalDescription copied from class:ValveBaseStart this component and implement the requirements ofLifecycleBase.startInternal().- Overrides:
- startInternalin class- AuthenticatorBase
- Throws:
- LifecycleException- if this component detects a fatal error that prevents this component from being used
 
 
-