X509CertificateLoginModule (Tyrex JavaDoc)

Overview

Package

Class

Tree

Deprecated

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

tyrex.security.cert
Class X509CertificateLoginModule

java.lang.Object
  tyrex.security.cert.X509CertificateLoginModule

All Implemented Interfaces:: javax.security.auth.spi.LoginModule

public final class X509CertificateLoginModule
extends java.lang.Object
implements javax.security.auth.spi.LoginModule

Implements an X509 certificate validation login module.

This module will read the client certificates associated with the subject and determine whether at least one of them was issued by a trusted party. These certificates will further be validated and against a CRL list. The principal of all the validated certificates are added to the subject.

A login exception is reported only if the client certificate failed validation (indicates a forged certificate), has expired, or has been listed as revoked in the CRL.

This module should be used in one of two modes:

Optional - if a trusted certificate is found, the certificate's principal will be associated with the subject
Required - if no trusted certificate is found, authentication will fail

The following options are supported:

key-store The name of the trusted certificate key store (if missing defaults to "JKS")
trusted-certs A comma separated list of all the trusted certificates (if missing, uses all trusted certificates in the key store)
crl-class The name of a class implementing an X509 CRL
log-errors If set, configuration errors are logged to the console

By using this module with no configuration options, the default key store for the JVM will be used (typically JKS) and all the trusted certificates in that key store will be used. If at least one client certificate is found that is trusted, the login will succeed. If no client certificate is found that is trusted, the login will fail.

Version:: $Revision: 1.6 $ $Date: 2004/04/21 04:18:21 $
Author:: Assaf Arkin

Field Summary
`static java.lang.String`	`OPTION_CRL_CLASS` The CRL class (`crl-class`).
`static java.lang.String`	`OPTION_KEY_STORE` The key store name (`key-store`).
`static java.lang.String`	`OPTION_LOG_ERRORS` Log errors (`log-errors`).
`static java.lang.String`	`OPTION_TRUSTED_CERTS` The trusted certificate list (`trusted-certs`).

Constructor Summary
`X509CertificateLoginModule()`

Method Summary
`boolean`	`abort()`
`boolean`	`commit()`
`void`	`initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler handler, java.util.Map sharedState, java.util.Map options)`
`boolean`	`login()`
`boolean`	`logout()`

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

OPTION_KEY_STORE

public static final java.lang.String OPTION_KEY_STORE

The key store name (key-store). If this option is not specified, the default key store is used (typically JKS).

See Also:: Constant Field Values

OPTION_TRUSTED_CERTS

public static final java.lang.String OPTION_TRUSTED_CERTS

The trusted certificate list (trusted-certs). If this option is not specified, all the trusted certificates in the key store are used.

See Also:: Constant Field Values

OPTION_CRL_CLASS

public static final java.lang.String OPTION_CRL_CLASS

The CRL class (crl-class). If this option is specified the named class is used to obtain an X590 CRL implementation.

See Also:: Constant Field Values

OPTION_LOG_ERRORS

public static final java.lang.String OPTION_LOG_ERRORS

Log errors (log-errors). If this option is specified, initialization errors are logged to the console.

See Also:: Constant Field Values

Constructor Detail