WebLogic Server 6.1 API Reference: Interface CertAuthenticator

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

BEA Systems, Inc.

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

WebLogic Server 6.1 API Reference

weblogic.security.acl
Interface CertAuthenticator

public interface CertAuthenticator

This interface is used to perform certificate-based user authentication. Certificate-based authentication can be performed when a remote client makes a two-way-authenticated secure T3 connection to the server, in which case the client's certificate chain can be used to authenticate the remote user. This removes the need for the client to explicitly provide a username and password.

You can use this interface to map from a certificate to a user name according to whatever scheme is appropriate for your needs.

To specify an instance of this interface to be used by the server, set the SSL.CertAuthenticator field on the SSL tab in the Administration Console to the name of a class that implements this interface. The server will access this instance through static methods in the CertAuthentication class.

Classes implementing this interface must have a public no-arg constructor.

Author:: Copyright (c) 1999-2000 by BEA Systems, Inc. All Rights Reserved.
Copyright © 2001 BEA Systems, Inc. All Rights Reserved.
See Also:: CertAuthentication.authenticate(java.lang.String, java.util.Vector, boolean)

Method Summary
`User`	`authenticate(java.lang.String userName, Certificate[] certs, boolean ssl)` Authenticate a user based on a certificate chain they have presented.

Method Detail

authenticate

public User authenticate(java.lang.String userName,
                         Certificate[] certs,
                         boolean ssl)

Authenticate a user based on a certificate chain they have presented. If the user is authenticated successfully, this method returns the user with its WebLogic username optionally derived from the certificate, otherwise it returns null.

Parameters:: userName - name presented by the user, if any. May be null. Can be used or ignored, depending on the needs of the security implementor.; certs - certificate change presented by the user. An array of length at least 1. The first certificate is the leaf (i.e. end user's) certificate. If the length is greater than 1, the array is a certificate chain, with the last element being the root CA.; ssl - true if the certificates to check were presented by the client during a successful two-way SSL handshake.
Returns:: user derived from certificate, if authentication succeeded, or null if failed