aboutsummaryrefslogtreecommitdiffstats
path: root/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@verizonmedia.com>2019-08-13 15:01:18 +0200
committerBjørn Christian Seime <bjorncs@verizonmedia.com>2019-08-13 15:01:26 +0200
commit11682f96c58cd3ef457d81fa5f61f71a628be07d (patch)
tree76a3d4c7a9922d2aeb14a2c8acc5fd3e56cd7b81 /jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def
parente15d87688f4da812e93500598fa653164b47b9bd (diff)
Add Jetty handler that enforces TLS client authentication at http layer
Diffstat (limited to 'jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def')
-rw-r--r--jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def8
1 files changed, 8 insertions, 0 deletions
diff --git a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def
index c6c6fad345b..9ffcc9c41b5 100644
--- a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def
+++ b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def
@@ -73,3 +73,11 @@ ssl.caCertificateFile string default=""
# Client authentication mode. See SSLEngine.getNeedClientAuth()/getWantClientAuth() for details.
ssl.clientAuth enum { DISABLED, WANT_AUTH, NEED_AUTH } default=DISABLED
+
+# Enforce TLS client authentication for https requests at the http layer.
+# Intended to be used with connectors with optional client authentication enabled.
+# 401 status code is returned for requests from non-authenticated clients.
+tlsClientAuthEnforcer.enable bool default=false
+
+# Paths where client authentication should not be enforced. To be used in combination with NEED_AUTH. Typically used for health checks.
+tlsClientAuthEnforcer.pathWhitelist[] string