tyrex.security.cert
public final class X509CertificateLoginModule extends Object implements LoginModule
This module will read the client certificates associated with the subject and determine whether at least one of them was issued by a trusted party. These certificates will further be validated and against a CRL list. The principal of all the validated certificates are added to the subject.
A login exception is reported only if the client certificate failed validation (indicates a forged certificate), has expired, or has been listed as revoked in the CRL.
This module should be used in one of two modes:
The following options are supported:
By using this module with no configuration options, the default key store for the JVM will be used (typically JKS) and all the trusted certificates in that key store will be used. If at least one client certificate is found that is trusted, the login will succeed. If no client certificate is found that is trusted, the login will fail.
Version: $Revision: 1.6 $ $Date: 2004/04/21 04:18:21 $
Field Summary | |
---|---|
static String | OPTION_CRL_CLASS
The CRL class (crl-class). |
static String | OPTION_KEY_STORE
The key store name (key-store). |
static String | OPTION_LOG_ERRORS
Log errors (log-errors). |
static String | OPTION_TRUSTED_CERTS
The trusted certificate list (trusted-certs). |
Method Summary | |
---|---|
boolean | abort() |
boolean | commit() |
void | initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options) |
boolean | login() |
boolean | logout() |