Package org.restlet.security
Class CertificateAuthenticator
- java.lang.Object
-
- org.restlet.Restlet
-
- org.restlet.routing.Filter
-
- org.restlet.security.Authenticator
-
- org.restlet.security.CertificateAuthenticator
-
- All Implemented Interfaces:
Uniform
public class CertificateAuthenticator extends Authenticator
Authenticator based on the SSL client certificate. If a client certificate is presented, and accepted by your SSL certificate truststore, it adds the Principal of its subject to the list of principals in the request's ClientInfo. It also sets the user to be a new User based on this Principal.getPrincipals(List)andgetUser(Principal)can be overridden to change the default behavior.- Author:
- Bruno Harbulot (bruno/distributedmatter.net)
-
-
Constructor Summary
Constructors Constructor Description CertificateAuthenticator(Context context)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected booleanauthenticate(Request request, Response response)Authenticates the call using the X.509 client certificate.protected java.util.List<java.security.Principal>getPrincipals(java.util.List<java.security.cert.Certificate> certificateChain)Extracts the Principal of the subject to use from a chain of certificate.protected UsergetUser(java.security.Principal principal)Creates a new User based on the subject's X500Principal.-
Methods inherited from class org.restlet.security.Authenticator
authenticated, beforeHandle, getEnroler, isMultiAuthenticating, isOptional, setEnroler, setMultiAuthenticating, setOptional, unauthenticated
-
Methods inherited from class org.restlet.routing.Filter
afterHandle, doHandle, getNext, handle, hasNext, setNext, setNext, start, stop
-
Methods inherited from class org.restlet.Restlet
createFinder, finalize, getApplication, getAuthor, getContext, getDescription, getFinderClass, getLogger, getName, getOwner, handle, handle, handle, isStarted, isStopped, setAuthor, setContext, setDescription, setFinderClass, setName, setOwner
-
-
-
-
Constructor Detail
-
CertificateAuthenticator
public CertificateAuthenticator(Context context)
- Parameters:
context-
-
-
Method Detail
-
getPrincipals
protected java.util.List<java.security.Principal> getPrincipals(java.util.List<java.security.cert.Certificate> certificateChain)
Extracts the Principal of the subject to use from a chain of certificate. By default, this is the X500Principal of the subject subject of the first certificate in the chain.- Parameters:
certificateChain- chain of client certificates.- Returns:
- Principal of the client certificate or null if the chain is empty.
- See Also:
X509Certificate,X500Principal
-
getUser
protected User getUser(java.security.Principal principal)
Creates a new User based on the subject's X500Principal. By default, the user name is the subject distinguished name, formatted accorded to RFC 2253. Some may choose to extract the Common Name only, for example.- Parameters:
principal- subject's Principal (most likely X500Principal).- Returns:
- User instance corresponding to this principal or null.
-
authenticate
protected boolean authenticate(Request request, Response response)
Authenticates the call using the X.509 client certificate. The verification of the credentials is normally done by the SSL layer, via the TrustManagers. It uses the certificate chain in the request's "org.restlet.https.clientCertificates" attribute, adds the principal returned from this chain bygetPrincipals(List)to the request's ClientInfo and set the user to the result ofgetUser(Principal)if that user is non-null. If no client certificate is available, then a 401 status is set.- Specified by:
authenticatein classAuthenticator- Parameters:
request- The request sent.response- The response to update.- Returns:
- True if the authentication succeeded.
-
-