diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-08-13 15:01:18 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-08-13 15:01:26 +0200 |
commit | 11682f96c58cd3ef457d81fa5f61f71a628be07d (patch) | |
tree | 76a3d4c7a9922d2aeb14a2c8acc5fd3e56cd7b81 /jdisc_http_service/src/main/resources | |
parent | e15d87688f4da812e93500598fa653164b47b9bd (diff) |
Add Jetty handler that enforces TLS client authentication at http layer
Diffstat (limited to 'jdisc_http_service/src/main/resources')
-rw-r--r-- | jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def index c6c6fad345b..9ffcc9c41b5 100644 --- a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def +++ b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def @@ -73,3 +73,11 @@ ssl.caCertificateFile string default="" # Client authentication mode. See SSLEngine.getNeedClientAuth()/getWantClientAuth() for details. ssl.clientAuth enum { DISABLED, WANT_AUTH, NEED_AUTH } default=DISABLED + +# Enforce TLS client authentication for https requests at the http layer. +# Intended to be used with connectors with optional client authentication enabled. +# 401 status code is returned for requests from non-authenticated clients. +tlsClientAuthEnforcer.enable bool default=false + +# Paths where client authentication should not be enforced. To be used in combination with NEED_AUTH. Typically used for health checks. +tlsClientAuthEnforcer.pathWhitelist[] string |