X509SubjectComponentMapper
public interface UserNameMapper
You can use this interface to map from a certificate to a user name according to whatever scheme is appropriate for your needs. You can also use this interface to map from a X.501 distinguished name to a user name.
To specify an instance of this interface to be used by the default, identity asserter, set the UserNameMapperClassName field on the Default Identity Asserter tab in the Administration Console to the name of a class that implements this interface.
Classes implementing this interface must have a public no-arg constructor.
Modifier and Type | Method | Description |
---|---|---|
java.lang.String |
mapCertificateToUserName(java.security.cert.X509Certificate[] certs,
boolean ssl) |
Maps a certificate to a username based on a certificate chain presented.
|
java.lang.String |
mapDistinguishedNameToUserName(byte[] distinguishedName) |
Map a X.501 distinguished name to a username based on the distinguished name
attributes and values.
|
java.lang.String mapCertificateToUserName(java.security.cert.X509Certificate[] certs, boolean ssl)
certs
- certificate chain presented by the client. An array
of length at least 1. The first certificate is the leaf
(i.e. end user's) certificate. If the length is greater
than 1, the array is a certificate chain, with the last element
being the root CA.ssl
- true if the certificates to check were presented by the
client during a successful two-way SSL handshake.java.lang.String mapDistinguishedNameToUserName(byte[] distinguishedName)
distinguishedName
- ASN.1 encoding of a X.501 distinguished name.