diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2017-09-21 12:57:41 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2017-09-21 12:57:41 +0200 |
commit | add0eefcc5bc009ade396d9e993ff08a42e33a37 (patch) | |
tree | 700c05ee0ebeaada76bfd6a726013918b07c9f98 /jdisc_http_service | |
parent | 51335316fec412440ecc62ba64137be462e3a75d (diff) |
Expose config for configuring SSL to want client auth
Diffstat (limited to 'jdisc_http_service')
-rw-r--r-- | jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java | 9 | ||||
-rw-r--r-- | jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def | 4 |
2 files changed, 10 insertions, 3 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java index af83a159b2d..49a78aff684 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java @@ -135,7 +135,14 @@ public class ConnectorFactory { Ssl sslConfig = connectorConfig.ssl(); final SslContextFactory factory = new SslContextFactory(); - factory.setNeedClientAuth(sslConfig.needClientAuth()); + switch (sslConfig.clientAuth()) { + case NEED_AUTH: + factory.setNeedClientAuth(true); + break; + case WANT_AUTH: + factory.setWantClientAuth(true); + break; + } if (!sslConfig.excludeProtocol().isEmpty()) { final String[] prots = new String[sslConfig.excludeProtocol().size()]; diff --git a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def index 45821b92f0f..0a4cfc5680f 100644 --- a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def +++ b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def @@ -78,5 +78,5 @@ ssl.sslKeyManagerFactoryAlgorithm string default="SunX509" # The SSL protocol passed to SSLContext.getInstance() ssl.protocol string default="TLS" -# Whether connector requires client authentication. See SSLEngine.getNeedClientAuth() for details. -ssl.needClientAuth bool default=false +# Client authentication mode. See SSLEngine.getNeedClientAuth()/getWantClientAuth() for details. +ssl.clientAuth enum { DISABLED, WANT_AUTH, NEED_AUTH } default=DISABLED |