Package org.opensaml.security.httpclient.impl

Class BasicHttpClientSecurityConfiguration

  • All Implemented Interfaces:
    org.opensaml.security.httpclient.HttpClientSecurityConfiguration
    public class BasicHttpClientSecurityConfiguration
extends Object
implements org.opensaml.security.httpclient.HttpClientSecurityConfiguration
    Basic implementation of HttpClientSecurityConfiguration.

    • Field Detail

      • credentialsProvider

        @Nullable
private org.apache.http.client.CredentialsProvider credentialsProvider
        HttpClient credentials provider.

      • tlsTrustEngine

        @Nullable
private org.opensaml.security.trust.TrustEngine<? super org.opensaml.security.x509.X509Credential> tlsTrustEngine
        Optional trust engine used in evaluating server TLS credentials.

      • tlsProtocols

        @Nullable
private List<String> tlsProtocols
        TLS Protocols.

      • tlsCipherSuites

        @Nullable
private List<String> tlsCipherSuites
        TLS cipher suites.

      • hostnameVerifier

        @Nullable
private HostnameVerifier hostnameVerifier
        The hostname verifier.

      • clientTLSCredential

        @Nullable
private org.opensaml.security.x509.X509Credential clientTLSCredential
        The X509 credential used for client TLS.

      • serverTLSFailureFatal

        @Nullable
private Boolean serverTLSFailureFatal
        Flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.

    • Constructor Detail

      • BasicHttpClientSecurityConfiguration

        public BasicHttpClientSecurityConfiguration()

    • Method Detail

      • getCredentialsProvider

        @Nullable
public org.apache.http.client.CredentialsProvider getCredentialsProvider()
        Get an instance of CredentialsProvider used for authentication by the HttpClient instance.
        Specified by:
        getCredentialsProvider in interface org.opensaml.security.httpclient.HttpClientSecurityConfiguration
        Returns:
        the credentials provider, or null

      • setCredentialsProvider

        public void setCredentialsProvider​(@Nullable
                                   org.apache.http.client.CredentialsProvider provider)
        Set an instance of CredentialsProvider used for authentication by the HttpClient instance.
        Parameters:
        provider - the credentials provider

      • setBasicCredentials

        public void setBasicCredentials​(@Nullable
                                org.apache.http.auth.UsernamePasswordCredentials credentials)
        A convenience method to set a (single) username and password used for BASIC authentication. To disable BASIC authentication pass null for the credentials instance.

        An AuthScope will be generated which specifies any host, port, scheme and realm.

        To specify multiple usernames and passwords for multiple host, port, scheme, and realm combinations, instead provide an instance of CredentialsProvider via setCredentialsProvider(CredentialsProvider).

        Parameters:
        credentials - the username and password credentials

      • setBasicCredentialsWithScope

        public void setBasicCredentialsWithScope​(@Nullable
                                         org.apache.http.auth.UsernamePasswordCredentials credentials,
                                         @Nullable
                                         org.apache.http.auth.AuthScope scope)
        A convenience method to set a (single) username and password used for BASIC authentication. To disable BASIC authentication pass null for the credentials instance.

        If the authScope is null, an AuthScope will be generated which specifies any host, port, scheme and realm.

        To specify multiple usernames and passwords for multiple host, port, scheme, and realm combinations, instead provide an instance of CredentialsProvider via setCredentialsProvider(CredentialsProvider).

        Parameters:
        credentials - the username and password credentials
        scope - the HTTP client auth scope with which to scope the credentials, may be null

      • getTLSTrustEngine

        @Nullable
public org.opensaml.security.trust.TrustEngine<? super org.opensaml.security.x509.X509Credential> getTLSTrustEngine()
        Sets the optional trust engine used in evaluating server TLS credentials.
        Specified by:
        getTLSTrustEngine in interface org.opensaml.security.httpclient.HttpClientSecurityConfiguration
        Returns:
        the trust engine instance to use, or null

      • setTLSTrustEngine

        public void setTLSTrustEngine​(@Nullable
                              org.opensaml.security.trust.TrustEngine<? super org.opensaml.security.x509.X509Credential> engine)
        Sets the optional trust engine used in evaluating server TLS credentials.
        Parameters:
        engine - the trust engine instance to use

      • getTLSProtocols

        @Nullable
public List<String> getTLSProtocols()
        Get the optional list of TLS protocols.
        Specified by:
        getTLSProtocols in interface org.opensaml.security.httpclient.HttpClientSecurityConfiguration
        Returns:
        the TLS protocols, or null

      • setTLSProtocols

        public void setTLSProtocols​(@Nullable
                            Collection<String> protocols)
        Set the optional list of TLS protocols.
        Parameters:
        protocols - the TLS protocols or null

      • getTLSCipherSuites

        @Nullable
public List<String> getTLSCipherSuites()
        Get the optional list of TLS cipher suites.
        Specified by:
        getTLSCipherSuites in interface org.opensaml.security.httpclient.HttpClientSecurityConfiguration
        Returns:
        the list of TLS cipher suites, or null

      • setTLSCipherSuites

        public void setTLSCipherSuites​(@Nullable
                               Collection<String> cipherSuites)
        Set the optional list of TLS cipher suites.
        Parameters:
        cipherSuites - the TLS cipher suites, or null

      • getHostnameVerifier

        @Nullable
public HostnameVerifier getHostnameVerifier()
        Get the optional hostname verifier.
        Specified by:
        getHostnameVerifier in interface org.opensaml.security.httpclient.HttpClientSecurityConfiguration
        Returns:
        the hostname verifier, or null

      • setHostnameVerifier

        public void setHostnameVerifier​(@Nullable
                                HostnameVerifier verifier)
        Set the optional hostname verifier.
        Parameters:
        verifier - the hostname verifier, or null

      • getClientTLSCredential

        @Nullable
public org.opensaml.security.x509.X509Credential getClientTLSCredential()
        Get the optional client TLS credential.
        Specified by:
        getClientTLSCredential in interface org.opensaml.security.httpclient.HttpClientSecurityConfiguration
        Returns:
        the client TLS credential, or null

      • setClientTLSCredential

        public void setClientTLSCredential​(@Nullable
                                   org.opensaml.security.x509.X509Credential credential)
        Set the optional client TLS credential.
        Parameters:
        credential - the client TLS credential, or null

      • isServerTLSFailureFatal

        @Nullable
public Boolean isServerTLSFailureFatal()
        Get the flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.

        Note: a Boolean is used here rather than boolean to explicitly allow a non-configured value, allowing consuming components to implement their own internal defaults.

        Specified by:
        isServerTLSFailureFatal in interface org.opensaml.security.httpclient.HttpClientSecurityConfiguration
        Returns:
        true if fatal, false if non-fatal, null if not explicitly configured

      • setServerTLSFailureFatal

        public void setServerTLSFailureFatal​(@Nullable
                                     Boolean flag)
        Set the flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.

        Note: a Boolean is used here rather than boolean to explicitly allow a non-configured value, allowing consuming components to implement their own internal defaults.

        Parameters:
        flag - true if fatal, false if non-fatal, null if not explicitly configured