Package org.opensaml.security.httpclient

Class HttpClientSecurityParameters

java.lang.Object
org.opensaml.security.httpclient.HttpClientSecurityParameters
public class HttpClientSecurityParameters extends Object
Parameters related to HttpClient request security features.

  • Field Details

    • credentialsProvider

      @Nullable private org.apache.hc.client5.http.auth.CredentialsProvider credentialsProvider
      HttpClient credentials provider.

    • preemptiveBasicAuthMap

      @Nullable private Map<org.apache.hc.core5.http.HttpHost,org.apache.hc.client5.http.auth.UsernamePasswordCredentials> preemptiveBasicAuthMap
      Map of host specifications to basic-auth credentials to be applied preemptively.

    • authCache

      @Nullable private org.apache.hc.client5.http.auth.AuthCache authCache
      HttpClient AuthCache to allow pre-emptive authentication.

    • tlsTrustEngine

      @Nullable private TrustEngine<? super X509Credential> tlsTrustEngine
      Optional trust engine used in evaluating server TLS credentials.

    • tlsCriteriaSet

      @Nullable private CriteriaSet tlsCriteriaSet
      Optional criteria set used in evaluating server TLS credentials.

    • tlsProtocols

      @Nullable private List<String> tlsProtocols
      TLS Protocols.

    • tlsCipherSuites

      @Nullable private List<String> tlsCipherSuites
      TLS cipher suites.

    • hostnameVerifier

      @Nullable private HostnameVerifier hostnameVerifier
      The hostname verifier.

    • clientTLSCredential

      @Nullable private X509Credential clientTLSCredential
      The X509 credential used for client TLS.

    • serverTLSFailureFatal

      @Nullable private Boolean serverTLSFailureFatal
      Flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.

  • Constructor Details

    • HttpClientSecurityParameters

      public HttpClientSecurityParameters()

  • Method Details

    • getCredentialsProvider

      @Nullable public org.apache.hc.client5.http.auth.CredentialsProvider getCredentialsProvider()
      Get an instance of CredentialsProvider used for authentication by the HttpClient instance.
      Returns:
      the credentials provider, or null

    • setCredentialsProvider

      @Nonnull public HttpClientSecurityParameters setCredentialsProvider(@Nullable org.apache.hc.client5.http.auth.CredentialsProvider provider)
      Set an instance of CredentialsProvider used for authentication by the HttpClient instance.
      Parameters:
      provider - the credentials provider
      Returns:
      this object

    • setPreemptiveBasicAuthMap

      @Nonnull public HttpClientSecurityParameters setPreemptiveBasicAuthMap(@Nullable Map<org.apache.hc.core5.http.HttpHost,org.apache.hc.client5.http.auth.UsernamePasswordCredentials> map)
      Install a map of rules for preemptive basic authentication using the supplied hosts and credentials.

      Use of this feature requires that the eventual HttpClientContext used be built using HttpClientSecuritySupport.buildHttpClientContext(HttpClientSecurityParameters).

      Parameters:
      map - preemptive basic-auth map
      Returns:
      this object
      Since:
      5.0.0

    • getPreemptiveBasicAuthMap

      @Nullable @Unmodifiable @NotLive public Map<org.apache.hc.core5.http.HttpHost,org.apache.hc.client5.http.auth.UsernamePasswordCredentials> getPreemptiveBasicAuthMap()
      Get the map of rules for preemptive basic authentication using the supplied hosts and credentials.
      Returns:
      basic-auth rule map or null
      Since:
      5.0.0

    • getAuthCache

      @Nullable public org.apache.hc.client5.http.auth.AuthCache getAuthCache()
      Get an instance of AuthCache used for authentication by the HttpClient instance.
      Returns:
      the cache, or null
      Since:
      3.4.0

    • setAuthCache

      @Deprecated @Nonnull public HttpClientSecurityParameters setAuthCache(@Nullable org.apache.hc.client5.http.auth.AuthCache cache)
      Deprecated.
      use setPreemptiveBasicAuthMap(Map)
      Set an instance of AuthCache used for authentication by the HttpClient instance.
      Parameters:
      cache - the auth cache
      Returns:
      this object
      Since:
      3.4.0

    • setBasicCredentials

      @Deprecated public void setBasicCredentials(@Nullable org.apache.hc.client5.http.auth.UsernamePasswordCredentials credentials)
      Deprecated.
      use setPreemptiveBasicAuthMap(Map) or setCredentialsProvider(CredentialsProvider)
      A convenience method to set a (single) username and password used for BASIC authentication. To disable BASIC authentication pass null for the credentials instance.

      An AuthScope will be generated which specifies any host, port, scheme and realm.

      To specify multiple usernames and passwords for multiple host, port, scheme, and realm combinations, instead provide an instance of CredentialsProvider via setCredentialsProvider(CredentialsProvider).

      Parameters:
      credentials - the username and password credentials

    • setBasicCredentialsWithScope

      @Deprecated @Nonnull public HttpClientSecurityParameters setBasicCredentialsWithScope(@Nullable org.apache.hc.client5.http.auth.UsernamePasswordCredentials credentials, @Nullable org.apache.hc.client5.http.auth.AuthScope scope)
      Deprecated.
      use setPreemptiveBasicAuthMap(Map) or setCredentialsProvider(CredentialsProvider)
      A convenience method to set a (single) username and password used for BASIC authentication. To disable BASIC authentication pass null for the credentials instance.

      If the authScope is null, an AuthScope will be generated which specifies any host, port, scheme and realm.

      To specify multiple usernames and passwords for multiple host, port, scheme, and realm combinations, instead provide an instance of CredentialsProvider via setCredentialsProvider(CredentialsProvider).

      Parameters:
      credentials - the username and password credentials
      scope - the HTTP client auth scope with which to scope the credentials, may be null
      Returns:
      this object

    • getTLSTrustEngine

      @Nullable public TrustEngine<? super X509Credential> getTLSTrustEngine()
      Sets the optional trust engine used in evaluating server TLS credentials.
      Returns:
      the trust engine instance to use, or null

    • setTLSTrustEngine

      @Nonnull public HttpClientSecurityParameters setTLSTrustEngine(@Nullable TrustEngine<? super X509Credential> engine)
      Sets the optional trust engine used in evaluating server TLS credentials.
      Parameters:
      engine - the trust engine instance to use
      Returns:
      this object

    • getTLSCriteriaSet

      @Nullable public CriteriaSet getTLSCriteriaSet()
      Get the optional criteria set used in evaluating server TLS credentials.
      Returns:
      the criteria set instance to use

    • setTLSCriteriaSet

      @Nonnull public HttpClientSecurityParameters setTLSCriteriaSet(@Nullable CriteriaSet criteriaSet)
      Set the optional criteria set used in evaluating server TLS credentials.
      Parameters:
      criteriaSet - the new criteria set instance to use
      Returns:
      this object

    • getTLSProtocols

      @Nullable public List<String> getTLSProtocols()
      Get the optional list of TLS protocols.
      Returns:
      the TLS protocols, or null

    • setTLSProtocols

      @Nonnull public HttpClientSecurityParameters setTLSProtocols(@Nullable Collection<String> protocols)
      Set the optional list of TLS protocols.
      Parameters:
      protocols - the TLS protocols or null
      Returns:
      this object

    • getTLSCipherSuites

      @Nullable public List<String> getTLSCipherSuites()
      Get the optional list of TLS cipher suites.
      Returns:
      the list of TLS cipher suites, or null

    • setTLSCipherSuites

      @Nonnull public HttpClientSecurityParameters setTLSCipherSuites(@Nullable Collection<String> cipherSuites)
      Set the optional list of TLS cipher suites.
      Parameters:
      cipherSuites - the TLS cipher suites, or null
      Returns:
      this object

    • getHostnameVerifier

      @Nullable public HostnameVerifier getHostnameVerifier()
      Get the optional hostname verifier.
      Returns:
      the hostname verifier, or null

    • setHostnameVerifier

      @Nonnull public HttpClientSecurityParameters setHostnameVerifier(@Nullable HostnameVerifier verifier)
      Set the optional hostname verifier.
      Parameters:
      verifier - the hostname verifier, or null
      Returns:
      this object

    • getClientTLSCredential

      @Nullable public X509Credential getClientTLSCredential()
      Get the optional client TLS credential.
      Returns:
      the client TLS credential, or null

    • setClientTLSCredential

      @Nonnull public HttpClientSecurityParameters setClientTLSCredential(@Nullable X509Credential credential)
      Set the optional client TLS credential.
      Parameters:
      credential - the client TLS credential, or null
      Returns:
      this object

    • isServerTLSFailureFatal

      @Nullable public Boolean isServerTLSFailureFatal()
      Get the flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.

      Note: a Boolean is used here rather than boolean to explicitly allow a non-configured value, allowing consuming components to implement their own internal defaults.

      Returns:
      true if fatal, false if non-fatal, null if not explicitly configured

    • setServerTLSFailureFatal

      @Nonnull public HttpClientSecurityParameters setServerTLSFailureFatal(@Nullable Boolean flag)
      Set the flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.

      Note: a Boolean is used here rather than boolean to explicitly allow a non-configured value, allowing consuming components to implement their own internal defaults.

      Parameters:
      flag - true if fatal, false if non-fatal, null if not explicitly configured
      Returns:
      this object