Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * Licensed to the Apache Software Foundation (ASF) under one or more
   * contributor license agreements.  See the NOTICE file distributed with
   * this work for additional information regarding copyright ownership.
   * The ASF licenses this file to You under the Apache License, Version 2.0
   * (the "License"); you may not use this file except in compliance with
   * the License.  You may obtain a copy of the License at
   * 
   *      http://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 
 
 package org.apache.catalina.authenticator;
 
 
 import static org.jboss.web.CatalinaMessages.MESSAGES;
 
 
 
An Authenticator and Valve implementation of authentication that utilizes SSL certificates to identify client users.

Author(s):
Craig R. McClanahan
Version:
$Revision: 1703 $ $Date: 2011-04-13 15:25:47 +0200 (Wed, 13 Apr 2011) $
 
 
 public class SSLAuthenticator
     extends AuthenticatorBase {
 
 
     // ------------------------------------------------------------- Properties
 

    
Descriptive information about this implementation.
 
     protected static final String info =
         "org.apache.catalina.authenticator.SSLAuthenticator/1.0";


    
Return descriptive information about this Valve implementation.
 
     public String getInfo() {
 
         return ();
 
     }
 
 
     // --------------------------------------------------------- Public Methods
 

    
Authenticate the user by checking for the existence of a certificate chain, and optionally asking a trust manager to validate that we trust this user.

Parameters:
request Request we are processing
response Response we are creating
config Login configuration describing how authentication should be performed
Throws:
java.io.IOException if an input/output error occurs
 
     public boolean authenticate(Request request,
                                 HttpServletResponse response,
                                 LoginConfig config)
         throws IOException {
 
         // Have we already authenticated someone?
         Principal principal = request.getUserPrincipal();
         //String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
         if (principal != null) {
             // Associate the session with any existing SSO session in order
             // to get coordinated session invalidation at logout
             String ssoId = (Stringrequest.getNote(.);
             if (ssoId != null)
                 associate(ssoIdrequest.getSessionInternal(true));
             return (true);
         }
        // NOTE: We don't try to reauthenticate using any existing SSO session,
        // because that will only work if the original authentication was
        // BASIC or FORM, which are less secure than the CLIENT_CERT auth-type
        // specified for this webapp
        //
        // Uncomment below to allow previous FORM or BASIC authentications
        // to authenticate users for this webapp
        // TODO make this a configurable attribute (in SingleSignOn??)
        /*
        // Is there an SSO session against which we can try to reauthenticate?
        if (ssoId != null) {
            if (log.isDebugEnabled())
                log.debug("SSO Id " + ssoId + " set; attempting " +
                          "reauthentication");
            // Try to reauthenticate using data cached by SSO.  If this fails,
            // either the original SSO logon was of DIGEST or SSL (which
            // we can't reauthenticate ourselves because there is no
            // cached username and password), or the realm denied
            // the user's reauthentication for some reason.
            // In either case we have to prompt the user for a logon
            if (reauthenticateFromSSO(ssoId, request))
                return true;
        }
        */
        // Retrieve the certificate chain for this client
        X509Certificate certs[] = request.getCertificateChain();
        if ((certs == null) || (certs.length < 1)) {
            if (getContainer().getLogger().isDebugEnabled())
                getContainer().getLogger().debug("  No certificates included with this request");
            response.sendError(.,
                               .missingRequestCertificate());
            return (false);
        }
        // Authenticate the specified certificate chain
        principal = .getRealm().authenticate(certs);
        if (principal == null) {
            if (getContainer().getLogger().isDebugEnabled())
                getContainer().getLogger().debug("  Realm.authenticate() returned false");
            response.sendError(.,
                               .certificateAuthenticationFailure());
            return (false);
        }
        // Cache the principal (if requested) and record this authentication
        register(requestresponseprincipal.,
                 nullnull);
        return (true);
    }
    // ------------------------------------------------------ Lifecycle Methods


    
Initialize the database we will be using for client verification and certificate validation (if any).

Throws:
org.apache.catalina.LifecycleException if this component detects a fatal error that prevents this component from being used
    public void start() throws LifecycleException {
        super.start();
    }


    
Finalize the database we used for client verification and certificate validation (if any).

Throws:
org.apache.catalina.LifecycleException if this component detects a fatal error that prevents this component from being used
    public void stop() throws LifecycleException {
        super.stop();
    }
New to GrepCode? Check out our FAQ X