org.apache.geronimo.tomcat
Class HttpsConnectorGBean

java.lang.Object
  org.apache.geronimo.tomcat.BaseGBean
      org.apache.geronimo.tomcat.ConnectorGBean
          org.apache.geronimo.tomcat.HttpsConnectorGBean

All Implemented Interfaces:

org.apache.geronimo.gbean.GBeanLifecycle, org.apache.geronimo.management.geronimo.NetworkConnector, org.apache.geronimo.management.geronimo.SecureConnector, org.apache.geronimo.management.geronimo.WebConnector, ObjectRetriever, TomcatSecureConnector, TomcatWebConnector

public class HttpsConnectorGBean
extends ConnectorGBean
implements TomcatSecureConnector

A wrapper around a connector for the HTTPS protocol for Tomcat. The functionality is not different than the standard ConnectorGBean, but there's an additional set of HTTPS attributes exposed.

Field Summary

static org.apache.geronimo.gbean.GBeanInfo

GBEAN_INFO

Fields inherited from class org.apache.geronimo.tomcat.ConnectorGBean

connector, CONNECTOR_CONTAINER_REFERENCE

Fields inherited from interface org.apache.geronimo.management.geronimo.SecureConnector

ALGORITHM_TYPE_IBM, ALGORITHM_TYPE_SUN, KEYSTORE_TYPE_JKS, KEYSTORE_TYPE_PKCS12, SECURE_PROTOCOL_TYPE_SSL, SECURE_PROTOCOL_TYPE_TLS

Constructor Summary

HttpsConnectorGBean(String name, String protocol, String host, int port, TomcatContainer container, org.apache.geronimo.system.serverinfo.ServerInfo serverInfo)

Method Summary

String	getAlgorithm() Gets the certificate algorithm used to access the keystore.
String	getCiphers() Gets a comma seperated list of the encryption ciphers that may be used.
static org.apache.geronimo.gbean.GBeanInfo	getGBeanInfo()
String	getKeystoreFileName() Gets the name of the keystore file that holds the server certificate (and by default, the trusted CA certificates used for client certificate authentication).
String	getKeystoreType() Gets the format of the entries in the keystore.
String	getSecureProtocol() Gets the protocol used for secure communication.
String	getTruststoreFileName() Gets the name of the keystore file that holds the trusted CA certificates used for client certificate authentication.
String	getTruststoreType() Gets the format of the entries in the keystore.
protected void	initializeParams(String protocol, Map params) Adds any special parameters before constructing the connector.
boolean	isClientAuthRequired() Checks whether clients are required to authenticate using client certificates in order to connect using this connector.
void	setAlgorithm(String algorithm) Sets the certificate algorithm used to access the keystore.
void	setCiphers(String ciphers) Sets a comma seperated list of the encryption ciphers that may be used.
void	setClientAuthRequired(boolean clientCert) Checks whether clients are required to authenticate using client certificates in order to connect using this connector.
void	setKeystoreFileName(String name) Sets the name of the keystore file that holds the server certificate (and by default, the trusted CA certificates used for client certificate authentication).
void	setKeystorePassword(String password) Sets the password used to access the keystore, and by default, used to access the server private key inside the keystore.
void	setKeystoreType(String type) Sets the format of the entries in the keystore.
void	setSecureProtocol(String protocol) Gets the protocol used for secure communication.
void	setTruststoreFileName(String name) Sets the name of the keystore file that holds the trusted CA certificates used for client certificate authentication.
void	setTruststorePassword(String password) Sets the password used to verify integrity of truststore.
void	setTruststoreType(String type) Sets the format of the entries in the keystore.
protected void	validateProtocol(String protocol) Ensures that this implementation can handle the requested protocol.

Methods inherited from class org.apache.geronimo.tomcat.ConnectorGBean

doFail, doStart, doStop, getAcceptQueueSize, getAllowTrace, getBufferSizeBytes, getCompressableMimeType, getCompression, getConnectionTimeoutMillis, getConnectUrl, getDefaultPort, getHost, getInternalObject, getLingerMillis, getListenAddress, getMaxHttpHeaderSizeBytes, getMaxKeepAliveRequests, getMaxPostSize, getMaxSavePostSize, getMaxSpareThreads, getMaxThreads, getMinSpareThreads, getName, getNoCompressionUserAgents, getPort, getProtocol, getProxyName, getProxyPort, getRedirectPort, getRestrictedUserAgents, getScheme, getServer, getSocketBuffer, getStrategy, getThreadPriority, getUriEncoding, getUseBodyEncodingForURI, getUseIPVHosts, getXpoweredBy, isEmptySessionPath, isHostLookupEnabled, isTcpNoDelay, isUploadTimeoutEnabled, setAcceptQueueSize, setAllowTrace, setBufferSizeBytes, setCompressableMimeType, setCompression, setConnectionTimeoutMillis, setEmptySessionPath, setHost, setHostLookupEnabled, setLingerMillis, setMaxHttpHeaderSizeBytes, setMaxKeepAliveRequests, setMaxPostSize, setMaxSavePostSize, setMaxSpareThreads, setMaxThreads, setMinSpareThreads, setNoCompressionUserAgents, setPort, setProxyName, setProxyPort, setRedirectPort, setRestrictedUserAgents, setScheme, setServer, setSocketBuffer, setStrategy, setTcpNoDelay, setThreadPriority, setUploadTimeoutEnabled, setUriEncoding, setUseBodyEncodingForURI, setUseIPVHosts, setXpoweredBy

Methods inherited from class org.apache.geronimo.tomcat.BaseGBean

setParameters

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.geronimo.management.geronimo.WebConnector

getAcceptQueueSize, getBufferSizeBytes, getConnectUrl, getLingerMillis, getMaxThreads, getRedirectPort, isTcpNoDelay, setAcceptQueueSize, setBufferSizeBytes, setLingerMillis, setMaxThreads, setRedirectPort, setTcpNoDelay

Methods inherited from interface org.apache.geronimo.management.geronimo.NetworkConnector

getHost, getListenAddress, getPort, getProtocol, setHost, setPort

Field Detail

GBEAN_INFO

public static final org.apache.geronimo.gbean.GBeanInfo GBEAN_INFO

Constructor Detail

HttpsConnectorGBean

public HttpsConnectorGBean(String name,
                           String protocol,
                           String host,
                           int port,
                           TomcatContainer container,
                           org.apache.geronimo.system.serverinfo.ServerInfo serverInfo)
                    throws Exception

Throws:

Exception

Method Detail

initializeParams

protected void initializeParams(String protocol,
                                Map params)

Adds any special parameters before constructing the connector.

Overrides:

initializeParams in class ConnectorGBean

Parameters:

protocol - Should be one of the constants from WebContainer.

params - The map of parameters that will be used to initialize the connector.

validateProtocol

protected void validateProtocol(String protocol)

Ensures that this implementation can handle the requested protocol.

Overrides:

validateProtocol in class ConnectorGBean

Parameters:

protocol -

getKeystoreFileName

public String getKeystoreFileName()

Gets the name of the keystore file that holds the server certificate (and by default, the trusted CA certificates used for client certificate authentication). This is relative to the Geronimo home directory.

Specified by:

getKeystoreFileName in interface org.apache.geronimo.management.geronimo.SecureConnector

setKeystoreFileName

public void setKeystoreFileName(String name)

Sets the name of the keystore file that holds the server certificate (and by default, the trusted CA certificates used for client certificate authentication). This is relative to the Geronimo home directory.

Specified by:

setKeystoreFileName in interface org.apache.geronimo.management.geronimo.SecureConnector

getTruststoreFileName

public String getTruststoreFileName()

Description copied from interface: TomcatSecureConnector

Gets the name of the keystore file that holds the trusted CA certificates used for client certificate authentication. This is relative to the Geronimo home directory.

Specified by:

getTruststoreFileName in interface TomcatSecureConnector

setTruststoreFileName

public void setTruststoreFileName(String name)

Description copied from interface: TomcatSecureConnector

Sets the name of the keystore file that holds the trusted CA certificates used for client certificate authentication. This is relative to the Geronimo home directory.

Specified by:

setTruststoreFileName in interface TomcatSecureConnector

setKeystorePassword

public void setKeystorePassword(String password)

Sets the password used to access the keystore, and by default, used to access the server private key inside the keystore. Not all connectors support configuring different passwords for those two features; if so, a separate PrivateKeyPassword should be defined in an implementation-specific connector interface.

Specified by:

setKeystorePassword in interface org.apache.geronimo.management.geronimo.SecureConnector

setTruststorePassword

public void setTruststorePassword(String password)

Description copied from interface: TomcatSecureConnector

Sets the password used to verify integrity of truststore.

Specified by:

setTruststorePassword in interface TomcatSecureConnector

getKeystoreType

public String getKeystoreType()

Gets the format of the entries in the keystore. The default format for Java keystores is JKS, though some connector implementations support PCKS12 (and possibly other formats).

Specified by:

getKeystoreType in interface org.apache.geronimo.management.geronimo.SecureConnector

setKeystoreType

public void setKeystoreType(String type)

Sets the format of the entries in the keystore. The default format for Java keystores is JKS, though some connector implementations support PCKS12 (and possibly other formats).

Specified by:

setKeystoreType in interface org.apache.geronimo.management.geronimo.SecureConnector

getTruststoreType

public String getTruststoreType()

Description copied from interface: TomcatSecureConnector

Gets the format of the entries in the keystore. The default format for Java keystores is JKS, though some connector implementations support PCKS12 (and possibly other formats).

Specified by:

getTruststoreType in interface TomcatSecureConnector

setTruststoreType

public void setTruststoreType(String type)

Description copied from interface: TomcatSecureConnector

Sets the format of the entries in the keystore. The default format for Java keystores is JKS, though some connector implementations support PCKS12 (and possibly other formats).

Specified by:

setTruststoreType in interface TomcatSecureConnector

getAlgorithm

public String getAlgorithm()

Gets the certificate algorithm used to access the keystore. This may be different for different JVM vendors, but should not usually be changed otherwise.

Specified by:

getAlgorithm in interface org.apache.geronimo.management.geronimo.SecureConnector

setAlgorithm

public void setAlgorithm(String algorithm)

Sets the certificate algorithm used to access the keystore. This may be different for different JVM vendors, but should not usually be changed otherwise.

Specified by:

setAlgorithm in interface org.apache.geronimo.management.geronimo.SecureConnector

getSecureProtocol

public String getSecureProtocol()

Gets the protocol used for secure communication. This should usually be TLS, though some JVM implementations (particularly some of IBM's) may not be compatible with popular browsers unless this is changed to SSL.

Specified by:

getSecureProtocol in interface org.apache.geronimo.management.geronimo.SecureConnector

setSecureProtocol

public void setSecureProtocol(String protocol)

Gets the protocol used for secure communication. This should usually be TLS, though some JVM implementations (particularly some of IBM's) may not be compatible with popular browsers unless this is changed to SSL. Don't change it if you're not having problems.

Specified by:

setSecureProtocol in interface org.apache.geronimo.management.geronimo.SecureConnector

isClientAuthRequired

public boolean isClientAuthRequired()

Checks whether clients are required to authenticate using client certificates in order to connect using this connector. If enabled, client certificates are validated using the trust store, which defaults to the same keystore file, keystore type, and keystore password as the regular keystore. Some connector implementations may allow you to configure those 3 values separately to use a different trust store.

Specified by:

isClientAuthRequired in interface org.apache.geronimo.management.geronimo.SecureConnector

setClientAuthRequired

public void setClientAuthRequired(boolean clientCert)

Checks whether clients are required to authenticate using client certificates in order to connect using this connector. If enabled, client certificates are validated using the trust store, which defaults to the same keystore file, keystore type, and keystore password as the regular keystore. Some connector implementations may allow you to configure those 3 values separately to use a different trust store.

Specified by:

setClientAuthRequired in interface org.apache.geronimo.management.geronimo.SecureConnector

getCiphers

public String getCiphers()

Gets a comma seperated list of the encryption ciphers that may be used. If not specified, then any available cipher may be used.

Specified by:

getCiphers in interface TomcatSecureConnector

setCiphers

public void setCiphers(String ciphers)

Sets a comma seperated list of the encryption ciphers that may be used. If not specified, then any available cipher may be used.

Specified by:

setCiphers in interface TomcatSecureConnector

getGBeanInfo

public static org.apache.geronimo.gbean.GBeanInfo getGBeanInfo()