BEA Systems, Inc.

WebLogic Server 8.1 API Reference
Interface CertAuthenticator

Deprecated. Deprecated in WebLogic Server 7.0. Replaced by Pluggable Security Infrastructure IdentityAsserter.

public interface CertAuthenticator

This interface is used to perform certificate-based user authentication. Certificate-based authentication can be performed when a remote client makes a two-way-authenticated secure T3 connection to the server, in which case the client's certificate chain can be used to authenticate the remote user. This removes the need for the client to explicitly provide a username and password.

You can use this interface to map from a certificate to a user name according to whatever scheme is appropriate for your needs.

To specify an instance of this interface to be used by the server, set the SSL.CertAuthenticator field on the SSL tab in the Administration Console to the name of a class that implements this interface. The server will access this instance through static methods in the CertAuthentication class.

Classes implementing this interface must have a public no-arg constructor.

Copyright © 2004 BEA Systems, Inc. All Rights Reserved.
See Also:
CertAuthentication.authenticate(java.lang.String, java.util.Vector, boolean)

Method Summary
 User authenticate(java.lang.String userName, Certificate[] certs, boolean ssl)
          Deprecated. Authenticate a user based on a certificate chain they have presented.

Method Detail


public User authenticate(java.lang.String userName,
                         Certificate[] certs,
                         boolean ssl)
Authenticate a user based on a certificate chain they have presented. If the user is authenticated successfully, this method returns the user with its WebLogic username optionally derived from the certificate, otherwise it returns null.

userName - name presented by the user, if any. May be null. Can be used or ignored, depending on the needs of the security implementor.
certs - certificate change presented by the user. An array of length at least 1. The first certificate is the leaf (i.e.  end user's) certificate. If the length is greater than 1, the array is a certificate chain, with the last element being the root CA.
ssl - true if the certificates to check were presented by the client during a successful two-way SSL handshake.
user derived from certificate, if authentication succeeded, or null if failed

Documentation is available at