io.undertow.security.impl

Class ClientCertAuthenticationMechanism

java.lang.Object

io.undertow.security.impl.ClientCertAuthenticationMechanism

All Implemented Interfaces:

AuthenticationMechanism

public class ClientCertAuthenticationMechanism
extends Object
implements AuthenticationMechanism

The Client Cert based authentication mechanism.

When authenticate is called the current request is checked to see if it a SSL request, this is further checked to identify if the client has been verified at the SSL level.

Author:

Darran Lofthouse

Nested Class Summary

Nested classes/interfaces inherited from interface io.undertow.security.api.AuthenticationMechanism

AuthenticationMechanism.AuthenticationMechanismOutcome, AuthenticationMechanism.ChallengeResult

Field Summary

Fields

Modifier and Type	Field and Description
static io.undertow.security.impl.ClientCertAuthenticationMechanism.Factory	FACTORY
static String	FORCE_RENEGOTIATION

Constructor Summary

Constructors

Constructor and Description
ClientCertAuthenticationMechanism()
ClientCertAuthenticationMechanism(boolean forceRenegotiation)
ClientCertAuthenticationMechanism(String mechanismName)
ClientCertAuthenticationMechanism(String mechanismName, boolean forceRenegotiation)

Method Summary

Methods

Modifier and Type	Method and Description
AuthenticationMechanism.AuthenticationMechanismOutcome	authenticate(HttpServerExchange exchange, SecurityContext securityContext) Perform authentication of the request.
AuthenticationMechanism.ChallengeResult	sendChallenge(HttpServerExchange exchange, SecurityContext securityContext) Send an authentication challenge to the remote client.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

FORCE_RENEGOTIATION

public static final String FORCE_RENEGOTIATION

See Also:

Constant Field Values

FACTORY

public static final io.undertow.security.impl.ClientCertAuthenticationMechanism.Factory FACTORY

Constructor Detail

ClientCertAuthenticationMechanism

public ClientCertAuthenticationMechanism()

ClientCertAuthenticationMechanism

public ClientCertAuthenticationMechanism(boolean forceRenegotiation)

ClientCertAuthenticationMechanism

public ClientCertAuthenticationMechanism(String mechanismName)

ClientCertAuthenticationMechanism

public ClientCertAuthenticationMechanism(String mechanismName,
                                 boolean forceRenegotiation)

Method Detail

authenticate

public AuthenticationMechanism.AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange,
                                                                  SecurityContext securityContext)

Description copied from interface: AuthenticationMechanism

Perform authentication of the request. Any potentially blocking work should be performed in the handoff executor provided

Specified by:

authenticate in interface AuthenticationMechanism

Parameters:

exchange - The exchange

Returns:

sendChallenge

public AuthenticationMechanism.ChallengeResult sendChallenge(HttpServerExchange exchange,
                                                    SecurityContext securityContext)

Description copied from interface: AuthenticationMechanism

Send an authentication challenge to the remote client.

The individual mechanisms should update the response headers and body of the message as appropriate however they should not set the response code, instead that should be indicated in the AuthenticationMechanism.ChallengeResult and the most appropriate overall response code will be selected.

Specified by:

sendChallenge in interface AuthenticationMechanism

Parameters:

exchange - The exchange

securityContext - The security context

Returns:

A AuthenticationMechanism.ChallengeResult indicating if a challenge was sent and the desired response code.