Package org.opensaml.security.httpclient.impl

Class BasicHttpClientSecurityConfiguration

    • Field Detail

      • credentialsProvider

        @Nullable
private org.apache.http.client.CredentialsProvider credentialsProvider
        HttpClient credentials provider.

      • tlsTrustEngine

        @Nullable
private TrustEngine<? super X509Credential> tlsTrustEngine
        Optional trust engine used in evaluating server TLS credentials.

      • tlsProtocols

        @Nullable
private List<String> tlsProtocols
        TLS Protocols.

      • tlsCipherSuites

        @Nullable
private List<String> tlsCipherSuites
        TLS cipher suites.

      • hostnameVerifier

        @Nullable
private HostnameVerifier hostnameVerifier
        The hostname verifier.

      • clientTLSCredential

        @Nullable
private X509Credential clientTLSCredential
        The X509 credential used for client TLS.

      • serverTLSFailureFatal

        @Nullable
private Boolean serverTLSFailureFatal
        Flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.

    • Constructor Detail

      • BasicHttpClientSecurityConfiguration

        public BasicHttpClientSecurityConfiguration()

    • Method Detail

      • getCredentialsProvider

        @Nullable
public org.apache.http.client.CredentialsProvider getCredentialsProvider()
        Get an instance of CredentialsProvider used for authentication by the HttpClient instance.
        Specified by:
        getCredentialsProvider in interface HttpClientSecurityConfiguration
        Returns:
        the credentials provider, or null

      • setCredentialsProvider

        public void setCredentialsProvider​(@Nullable
                                   org.apache.http.client.CredentialsProvider provider)
        Set an instance of CredentialsProvider used for authentication by the HttpClient instance.
        Parameters:
        provider - the credentials provider

      • setBasicCredentials

        public void setBasicCredentials​(@Nullable
                                org.apache.http.auth.UsernamePasswordCredentials credentials)
        A convenience method to set a (single) username and password used for BASIC authentication. To disable BASIC authentication pass null for the credentials instance.

        An AuthScope will be generated which specifies any host, port, scheme and realm.

        To specify multiple usernames and passwords for multiple host, port, scheme, and realm combinations, instead provide an instance of CredentialsProvider via setCredentialsProvider(CredentialsProvider).

        Parameters:
        credentials - the username and password credentials

      • setBasicCredentialsWithScope

        public void setBasicCredentialsWithScope​(@Nullable
                                         org.apache.http.auth.UsernamePasswordCredentials credentials,
                                         @Nullable
                                         org.apache.http.auth.AuthScope scope)
        A convenience method to set a (single) username and password used for BASIC authentication. To disable BASIC authentication pass null for the credentials instance.

        If the authScope is null, an AuthScope will be generated which specifies any host, port, scheme and realm.

        To specify multiple usernames and passwords for multiple host, port, scheme, and realm combinations, instead provide an instance of CredentialsProvider via setCredentialsProvider(CredentialsProvider).

        Parameters:
        credentials - the username and password credentials
        scope - the HTTP client auth scope with which to scope the credentials, may be null

      • setTLSTrustEngine

        public void setTLSTrustEngine​(@Nullable
                              TrustEngine<? super X509Credential> engine)
        Sets the optional trust engine used in evaluating server TLS credentials.
        Parameters:
        engine - the trust engine instance to use

      • setTLSProtocols

        public void setTLSProtocols​(@Nullable
                            Collection<String> protocols)
        Set the optional list of TLS protocols.
        Parameters:
        protocols - the TLS protocols or null

      • setTLSCipherSuites

        public void setTLSCipherSuites​(@Nullable
                               Collection<String> cipherSuites)
        Set the optional list of TLS cipher suites.
        Parameters:
        cipherSuites - the TLS cipher suites, or null

      • setHostnameVerifier

        public void setHostnameVerifier​(@Nullable
                                HostnameVerifier verifier)
        Set the optional hostname verifier.
        Parameters:
        verifier - the hostname verifier, or null

      • setClientTLSCredential

        public void setClientTLSCredential​(@Nullable
                                   X509Credential credential)
        Set the optional client TLS credential.
        Parameters:
        credential - the client TLS credential, or null

      • isServerTLSFailureFatal

        @Nullable
public Boolean isServerTLSFailureFatal()
        Get the flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.

        Note: a Boolean is used here rather than boolean to explicitly allow a non-configured value, allowing consuming components to implement their own internal defaults.

        Specified by:
        isServerTLSFailureFatal in interface HttpClientSecurityConfiguration
        Returns:
        true if fatal, false if non-fatal, null if not explicitly configured

      • setServerTLSFailureFatal

        public void setServerTLSFailureFatal​(@Nullable
                                     Boolean flag)
        Set the flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.

        Note: a Boolean is used here rather than boolean to explicitly allow a non-configured value, allowing consuming components to implement their own internal defaults.

        Parameters:
        flag - true if fatal, false if non-fatal, null if not explicitly configured