org.apache.geronimo.management.geronimo
Interface SecureConnector

All Superinterfaces:
NetworkConnector, WebConnector
All Known Subinterfaces:
JettySecureConnector, TomcatSecureConnector
All Known Implementing Classes:
HTTPSSelectChannelConnector, HTTPSSocketConnector

public interface SecureConnector
extends WebConnector

Common configuration settings for connectors that use SSL/TLS to conduct secure communications with clients. http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html http://mortbay.org/javadoc/org/mortbay/http/SslListener.html


Field Summary
static String ALGORITHM_TYPE_IBM
           
static String ALGORITHM_TYPE_SUN
           
static String KEYSTORE_TYPE_JKS
           
static String KEYSTORE_TYPE_PKCS12
           
static String SECURE_PROTOCOL_TYPE_SSL
           
static String SECURE_PROTOCOL_TYPE_TLS
           
 
Method Summary
 String getAlgorithm()
          Gets the certificate algorithm used to access the keystore.
 String getKeystoreFileName()
          Gets the name of the keystore file that holds the server certificate (and by default, the trusted CA certificates used for client certificate authentication).
 String getKeystoreType()
          Gets the format of the entries in the keystore.
 String getSecureProtocol()
          Gets the protocol used for secure communication.
 boolean isClientAuthRequired()
          Checks whether clients are required to authenticate using client certificates in order to connect using this connector.
 void setAlgorithm(String algorithm)
          Sets the certificate algorithm used to access the keystore.
 void setClientAuthRequired(boolean clientCert)
          Checks whether clients are required to authenticate using client certificates in order to connect using this connector.
 void setKeystoreFileName(String name)
          Sets the name of the keystore file that holds the server certificate (and by default, the trusted CA certificates used for client certificate authentication).
 void setKeystorePassword(String password)
          Sets the password used to access the keystore, and by default, used to access the server private key inside the keystore.
 void setKeystoreType(String type)
          Sets the format of the entries in the keystore.
 void setSecureProtocol(String protocol)
          Gets the protocol used for secure communication.
 
Methods inherited from interface org.apache.geronimo.management.geronimo.WebConnector
getAcceptQueueSize, getBufferSizeBytes, getConnectUrl, getHeaderBufferSizeBytes, getLingerMillis, getMaxThreads, getRedirectPort, isTcpNoDelay, setAcceptQueueSize, setBufferSizeBytes, setHeaderBufferSizeBytes, setLingerMillis, setMaxThreads, setRedirectPort, setTcpNoDelay
 
Methods inherited from interface org.apache.geronimo.management.geronimo.NetworkConnector
getHost, getListenAddress, getPort, getProtocol, setHost, setPort
 

Field Detail

KEYSTORE_TYPE_JKS

static final String KEYSTORE_TYPE_JKS
See Also:
Constant Field Values

KEYSTORE_TYPE_PKCS12

static final String KEYSTORE_TYPE_PKCS12
See Also:
Constant Field Values

ALGORITHM_TYPE_SUN

static final String ALGORITHM_TYPE_SUN
See Also:
Constant Field Values

ALGORITHM_TYPE_IBM

static final String ALGORITHM_TYPE_IBM
See Also:
Constant Field Values

SECURE_PROTOCOL_TYPE_TLS

static final String SECURE_PROTOCOL_TYPE_TLS
See Also:
Constant Field Values

SECURE_PROTOCOL_TYPE_SSL

static final String SECURE_PROTOCOL_TYPE_SSL
See Also:
Constant Field Values
Method Detail

getKeystoreFileName

String getKeystoreFileName()
Gets the name of the keystore file that holds the server certificate (and by default, the trusted CA certificates used for client certificate authentication). This is relative to the Geronimo home directory.


setKeystoreFileName

void setKeystoreFileName(String name)
Sets the name of the keystore file that holds the server certificate (and by default, the trusted CA certificates used for client certificate authentication). This is relative to the Geronimo home directory.


setKeystorePassword

void setKeystorePassword(String password)
Sets the password used to access the keystore, and by default, used to access the server private key inside the keystore. Not all connectors support configuring different passwords for those two features; if so, a separate PrivateKeyPassword should be defined in an implementation-specific connector interface.


getKeystoreType

String getKeystoreType()
Gets the format of the entries in the keystore. The default format for Java keystores is JKS, though some connector implementations support PCKS12 (and possibly other formats).


setKeystoreType

void setKeystoreType(String type)
Sets the format of the entries in the keystore. The default format for Java keystores is JKS, though some connector implementations support PCKS12 (and possibly other formats).


getAlgorithm

String getAlgorithm()
Gets the certificate algorithm used to access the keystore. This may be different for different JVM vendors, but should not usually be changed otherwise.


setAlgorithm

void setAlgorithm(String algorithm)
Sets the certificate algorithm used to access the keystore. This may be different for different JVM vendors, but should not usually be changed otherwise.


getSecureProtocol

String getSecureProtocol()
Gets the protocol used for secure communication. This should usually be TLS, though some JVM implementations (particularly some of IBM's) may not be compatible with popular browsers unless this is changed to SSL.


setSecureProtocol

void setSecureProtocol(String protocol)
Gets the protocol used for secure communication. This should usually be TLS, though some JVM implementations (particularly some of IBM's) may not be compatible with popular browsers unless this is changed to SSL. Don't change it if you're not having problems.


isClientAuthRequired

boolean isClientAuthRequired()
Checks whether clients are required to authenticate using client certificates in order to connect using this connector. If enabled, client certificates are validated using the trust store, which defaults to the same keystore file, keystore type, and keystore password as the regular keystore. Some connector implementations may allow you to configure those 3 values separately to use a different trust store. todo: confirm that Jetty defaults to keystore not JVM default trust store


setClientAuthRequired

void setClientAuthRequired(boolean clientCert)
Checks whether clients are required to authenticate using client certificates in order to connect using this connector. If enabled, client certificates are validated using the trust store, which defaults to the same keystore file, keystore type, and keystore password as the regular keystore. Some connector implementations may allow you to configure those 3 values separately to use a different trust store. todo: confirm that Jetty defaults to keystore not JVM default trust store



Copyright © 2003-2008 The Apache Geronimo development community. All Rights Reserved.