4.4.3. X509-based Credential Handler
This credential handlers supports a X509 certificates based authentication.
Credentials can be updated as follows:
User user = BasicModel.getUser(identityManager, "jsmith"); java.security.cert.X509Certificate clientCert = // get user certificate identityManager.updateCredential(user, clientCert);
In order to validate a credential you need to the following code:
User user = BasicModel.getUser(identityManager, "jsmith"); java.security.cert.X509Certificate clientCert = // get user certificate X509CertificateCredentials credential = new X509CertificateCredentials(clientCert); identityManager.validateCredentials(credential); if (Status.VALID.equals(credential.getStatus()) { // successful validation } else { // invalid credential }
In some cases, you just want to trust the provided certificate and only check the existence of the principal:
User user = BasicModel.getUser(identityManager, "jsmith"); java.security.cert.X509Certificate clientCert = // get user certificate X509CertificateCredentials credential = new X509CertificateCredentials(clientCert); // trust the certificate and only check the principal existence credential.setTrusted(true); identityManager.validateCredentials(credential); if (Status.VALID.equals(credential.getStatus()) { // successful validation } else { // invalid credential }