Package org.opensaml.security.httpclient.impl

Class BasicHttpClientSecurityConfiguration

java.lang.Object
org.opensaml.security.httpclient.impl.BasicHttpClientSecurityConfiguration
All Implemented Interfaces:
HttpClientSecurityConfiguration
public class BasicHttpClientSecurityConfiguration extends Object implements HttpClientSecurityConfiguration
Basic implementation of HttpClientSecurityConfiguration.

  • Field Details

    • credentialsProvider

      @Nullable private org.apache.hc.client5.http.auth.CredentialsProvider credentialsProvider
      HttpClient credentials provider.

    • preemptiveBasicAuthMap

      @Nullable private Map<org.apache.hc.core5.http.HttpHost,org.apache.hc.client5.http.auth.UsernamePasswordCredentials> preemptiveBasicAuthMap
      Map of host specifications to basic-auth credentials to be applied preemptively.

    • tlsTrustEngine

      @Nullable private TrustEngine<? super X509Credential> tlsTrustEngine
      Optional trust engine used in evaluating server TLS credentials.

    • tlsProtocols

      @Nullable private List<String> tlsProtocols
      TLS Protocols.

    • tlsCipherSuites

      @Nullable private List<String> tlsCipherSuites
      TLS cipher suites.

    • hostnameVerifier

      @Nullable private HostnameVerifier hostnameVerifier
      The hostname verifier.

    • clientTLSCredential

      @Nullable private X509Credential clientTLSCredential
      The X509 credential used for client TLS.

    • serverTLSFailureFatal

      @Nullable private Boolean serverTLSFailureFatal
      Flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.

  • Constructor Details

    • BasicHttpClientSecurityConfiguration

      public BasicHttpClientSecurityConfiguration()

  • Method Details

    • getCredentialsProvider

      @Nullable public org.apache.hc.client5.http.auth.CredentialsProvider getCredentialsProvider()
      Get an instance of CredentialsProvider used for authentication by the HttpClient instance.
      Specified by:
      getCredentialsProvider in interface HttpClientSecurityConfiguration
      Returns:
      the credentials provider, or null

    • setCredentialsProvider

      @Nonnull public BasicHttpClientSecurityConfiguration setCredentialsProvider(@Nullable org.apache.hc.client5.http.auth.CredentialsProvider provider)
      Set an instance of CredentialsProvider used for authentication by the HttpClient instance.
      Parameters:
      provider - the credentials provider
      Returns:
      this object

    • getPreemptiveBasicAuthMap

      @Nullable @Unmodifiable @NotLive public Map<org.apache.hc.core5.http.HttpHost,org.apache.hc.client5.http.auth.UsernamePasswordCredentials> getPreemptiveBasicAuthMap()
      Get the map of rules for preemptive basic authentication using the supplied hosts and credentials.
      Specified by:
      getPreemptiveBasicAuthMap in interface HttpClientSecurityConfiguration
      Returns:
      basic-auth rule map or null
      Since:
      5.0.0

    • setPreemptiveBasicAuthMap

      @Nonnull public BasicHttpClientSecurityConfiguration setPreemptiveBasicAuthMap(@Nullable Map<org.apache.hc.core5.http.HttpHost,org.apache.hc.client5.http.auth.UsernamePasswordCredentials> map)
      Install a map of rules for preemptive basic authentication using the supplied hosts and credentials.

      Use of this feature requires that the eventual HttpClientContext used be built using HttpClientSecuritySupport.buildHttpClientContext(HttpClientSecurityParameters).

      Parameters:
      map - preemptive basic-auth map
      Returns:
      this object
      Since:
      5.0.0

    • setBasicCredentials

      @Nonnull public BasicHttpClientSecurityConfiguration setBasicCredentials(@Nullable org.apache.hc.client5.http.auth.UsernamePasswordCredentials credentials)
      A convenience method to set a (single) username and password used for BASIC authentication. To disable BASIC authentication pass null for the credentials instance.

      An AuthScope will be generated which specifies any host, port, scheme and realm.

      To specify multiple usernames and passwords for multiple host, port, scheme, and realm combinations, instead provide an instance of CredentialsProvider via setCredentialsProvider(CredentialsProvider).

      Parameters:
      credentials - the username and password credentials
      Returns:
      this object

    • setBasicCredentialsWithScope

      @Nonnull public BasicHttpClientSecurityConfiguration setBasicCredentialsWithScope(@Nullable org.apache.hc.client5.http.auth.UsernamePasswordCredentials credentials, @Nullable org.apache.hc.client5.http.auth.AuthScope scope)
      A convenience method to set a (single) username and password used for BASIC authentication. To disable BASIC authentication pass null for the credentials instance.

      If the authScope is null, an AuthScope will be generated which specifies any host, port, scheme and realm.

      To specify multiple usernames and passwords for multiple host, port, scheme, and realm combinations, instead provide an instance of CredentialsProvider via setCredentialsProvider(CredentialsProvider).

      Parameters:
      credentials - the username and password credentials
      scope - the HTTP client auth scope with which to scope the credentials, may be null
      Returns:
      this object

    • getTLSTrustEngine

      @Nullable public TrustEngine<? super X509Credential> getTLSTrustEngine()
      Sets the optional trust engine used in evaluating server TLS credentials.
      Specified by:
      getTLSTrustEngine in interface HttpClientSecurityConfiguration
      Returns:
      the trust engine instance to use, or null

    • setTLSTrustEngine

      @Nonnull public BasicHttpClientSecurityConfiguration setTLSTrustEngine(@Nullable TrustEngine<? super X509Credential> engine)
      Sets the optional trust engine used in evaluating server TLS credentials.
      Parameters:
      engine - the trust engine instance to use
      Returns:
      this object

    • getTLSProtocols

      @Nullable public List<String> getTLSProtocols()
      Get the optional list of TLS protocols.
      Specified by:
      getTLSProtocols in interface HttpClientSecurityConfiguration
      Returns:
      the TLS protocols, or null

    • setTLSProtocols

      @Nonnull public BasicHttpClientSecurityConfiguration setTLSProtocols(@Nullable Collection<String> protocols)
      Set the optional list of TLS protocols.
      Parameters:
      protocols - the TLS protocols or null
      Returns:
      this object

    • getTLSCipherSuites

      @Nullable public List<String> getTLSCipherSuites()
      Get the optional list of TLS cipher suites.
      Specified by:
      getTLSCipherSuites in interface HttpClientSecurityConfiguration
      Returns:
      the list of TLS cipher suites, or null

    • setTLSCipherSuites

      @Nonnull public BasicHttpClientSecurityConfiguration setTLSCipherSuites(@Nullable Collection<String> cipherSuites)
      Set the optional list of TLS cipher suites.
      Parameters:
      cipherSuites - the TLS cipher suites, or null
      Returns:
      this object

    • getHostnameVerifier

      @Nullable public HostnameVerifier getHostnameVerifier()
      Get the optional hostname verifier.
      Specified by:
      getHostnameVerifier in interface HttpClientSecurityConfiguration
      Returns:
      the hostname verifier, or null

    • setHostnameVerifier

      @Nonnull public BasicHttpClientSecurityConfiguration setHostnameVerifier(@Nullable HostnameVerifier verifier)
      Set the optional hostname verifier.
      Parameters:
      verifier - the hostname verifier, or null
      Returns:
      this object

    • getClientTLSCredential

      @Nullable public X509Credential getClientTLSCredential()
      Get the optional client TLS credential.
      Specified by:
      getClientTLSCredential in interface HttpClientSecurityConfiguration
      Returns:
      the client TLS credential, or null

    • setClientTLSCredential

      @Nonnull public BasicHttpClientSecurityConfiguration setClientTLSCredential(@Nullable X509Credential credential)
      Set the optional client TLS credential.
      Parameters:
      credential - the client TLS credential, or null
      Returns:
      this object

    • isServerTLSFailureFatal

      @Nullable public Boolean isServerTLSFailureFatal()
      Get the flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.

      Note: a Boolean is used here rather than boolean to explicitly allow a non-configured value, allowing consuming components to implement their own internal defaults.

      Specified by:
      isServerTLSFailureFatal in interface HttpClientSecurityConfiguration
      Returns:
      true if fatal, false if non-fatal, null if not explicitly configured

    • setServerTLSFailureFatal

      @Nonnull public BasicHttpClientSecurityConfiguration setServerTLSFailureFatal(@Nullable Boolean flag)
      Set the flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.

      Note: a Boolean is used here rather than boolean to explicitly allow a non-configured value, allowing consuming components to implement their own internal defaults.

      Parameters:
      flag - true if fatal, false if non-fatal, null if not explicitly configured
      Returns:
      this object