Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.jasig.cas.adaptors.x509.authentication.handler.support
Class X509CredentialsAuthenticationHandler

java.lang.Object
  extended by org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler
      extended by org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler
All Implemented Interfaces:
AuthenticationHandler, NamedAuthenticationHandler
public class X509CredentialsAuthenticationHandler
extends AbstractPreAndPostProcessingAuthenticationHandler

Authentication Handler that accepts X509 Certificiates, determines their validity and ensures that they were issued by a trusted issuer. (targeted at X509v3) Optionally checks KeyUsage extension in the user certificate (container should do that too). Note that this handler trusts the servlet container to do some initial checks like path validation. Deployers can supply an optional pattern to match subject dns against to further restrict certificates in case they are not using their own issuer. It's also possible to specify a maximum pathLength for the SUPPLIED certificates. (note that this does not include a pathLength check for the root certificate) [PathLength is 0 for the CA certficate that issues the end-user certificate]

Since:
3.0.4
Version:
$Revision: 20191 $ $Date: 2010-03-14 00:05:58 -0500 (Sun, 14 Mar 2010) $
Author:
Scott Battaglia, Jan Van der Velpen

Constructor Summary
X509CredentialsAuthenticationHandler()
           
 
Method Summary
protected  boolean doAuthentication(Credentials credentials)
           
 void setCheckKeyUsage(boolean checkKeyUsage)
           
 void setMaxPathLength(int maxPathLength)
           
 void setMaxPathLengthAllowUnspecified(boolean maxPathLength_allowUnspecified)
           
 void setRequireKeyUsage(boolean requireKeyUsage)
           
 void setSubjectDnPattern(String subjectDnPattern)
           
 void setTrustedIssuerDnPattern(String trustedIssuerDnPattern)
           
 boolean supports(Credentials credentials)
           
 
Methods inherited from class org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler
authenticate, getName, postAuthenticate, preAuthenticate, setName
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

X509CredentialsAuthenticationHandler

public X509CredentialsAuthenticationHandler()
Method Detail

doAuthentication

protected final boolean doAuthentication(Credentials credentials)
                                  throws AuthenticationException
Specified by:
doAuthentication in class AbstractPreAndPostProcessingAuthenticationHandler
Throws:
AuthenticationException

setTrustedIssuerDnPattern

public void setTrustedIssuerDnPattern(String trustedIssuerDnPattern)

setMaxPathLength

public void setMaxPathLength(int maxPathLength)
Parameters:
maxPathLength - The maxPathLength to set.

setMaxPathLengthAllowUnspecified

public void setMaxPathLengthAllowUnspecified(boolean maxPathLength_allowUnspecified)
Parameters:
maxPathLength_allowUnspecified - Allow CA certs to have unlimited intermediate certs (default=false).

setCheckKeyUsage

public void setCheckKeyUsage(boolean checkKeyUsage)
Parameters:
checkKeyUsage - The checkKeyUsage to set.

setRequireKeyUsage

public void setRequireKeyUsage(boolean requireKeyUsage)
Parameters:
requireKeyUsage - The requireKeyUsage to set.

setSubjectDnPattern

public void setSubjectDnPattern(String subjectDnPattern)

supports

public boolean supports(Credentials credentials)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2010 Jasig. All Rights Reserved.