Package org.opensaml.security.httpclient

Class HttpClientSecurityParameters

java.lang.Object
org.opensaml.security.httpclient.HttpClientSecurityParameters
public class HttpClientSecurityParameters extends Object
Parameters related to HttpClient request security features.

  • Field Details

    • credentialsProvider

      @Nullable private org.apache.http.client.CredentialsProvider credentialsProvider
      HttpClient credentials provider.

    • authCache

      @Nullable private org.apache.http.client.AuthCache authCache
      HttpClient AuthCache to allow pre-emptive authentication.

    • tlsTrustEngine

      @Nullable private TrustEngine<? super X509Credential> tlsTrustEngine
      Optional trust engine used in evaluating server TLS credentials.

    • tlsCriteriaSet

      @Nullable private CriteriaSet tlsCriteriaSet
      Optional criteria set used in evaluating server TLS credentials.

    • tlsProtocols

      @Nullable private List<String> tlsProtocols
      TLS Protocols.

    • tlsCipherSuites

      @Nullable private List<String> tlsCipherSuites
      TLS cipher suites.

    • hostnameVerifier

      @Nullable private HostnameVerifier hostnameVerifier
      The hostname verifier.

    • clientTLSCredential

      @Nullable private X509Credential clientTLSCredential
      The X509 credential used for client TLS.

    • serverTLSFailureFatal

      @Nullable private Boolean serverTLSFailureFatal
      Flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.

  • Constructor Details

    • HttpClientSecurityParameters

      public HttpClientSecurityParameters()

  • Method Details

    • getCredentialsProvider

      @Nullable public org.apache.http.client.CredentialsProvider getCredentialsProvider()
      Get an instance of CredentialsProvider used for authentication by the HttpClient instance.
      Returns:
      the credentials provider, or null

    • setCredentialsProvider

      public void setCredentialsProvider(@Nullable org.apache.http.client.CredentialsProvider provider)
      Set an instance of CredentialsProvider used for authentication by the HttpClient instance.
      Parameters:
      provider - the credentials provider

    • getAuthCache

      @Nullable public org.apache.http.client.AuthCache getAuthCache()
      Get an instance of AuthCache used for authentication by the HttpClient instance.
      Returns:
      the cache, or null
      Since:
      3.4.0

    • setAuthCache

      public void setAuthCache(@Nullable org.apache.http.client.AuthCache cache)
      Set an instance of AuthCache used for authentication by the HttpClient instance.
      Parameters:
      cache - the auth cache
      Since:
      3.4.0

    • setBasicCredentials

      public void setBasicCredentials(@Nullable org.apache.http.auth.UsernamePasswordCredentials credentials)
      A convenience method to set a (single) username and password used for BASIC authentication. To disable BASIC authentication pass null for the credentials instance.

      An AuthScope will be generated which specifies any host, port, scheme and realm.

      To specify multiple usernames and passwords for multiple host, port, scheme, and realm combinations, instead provide an instance of CredentialsProvider via setCredentialsProvider(CredentialsProvider).

      Parameters:
      credentials - the username and password credentials

    • setBasicCredentialsWithScope

      public void setBasicCredentialsWithScope(@Nullable org.apache.http.auth.UsernamePasswordCredentials credentials, @Nullable org.apache.http.auth.AuthScope scope)
      A convenience method to set a (single) username and password used for BASIC authentication. To disable BASIC authentication pass null for the credentials instance.

      If the authScope is null, an AuthScope will be generated which specifies any host, port, scheme and realm.

      To specify multiple usernames and passwords for multiple host, port, scheme, and realm combinations, instead provide an instance of CredentialsProvider via setCredentialsProvider(CredentialsProvider).

      Parameters:
      credentials - the username and password credentials
      scope - the HTTP client auth scope with which to scope the credentials, may be null

    • getTLSTrustEngine

      @Nullable public TrustEngine<? super X509Credential> getTLSTrustEngine()
      Sets the optional trust engine used in evaluating server TLS credentials.
      Returns:
      the trust engine instance to use, or null

    • setTLSTrustEngine

      public void setTLSTrustEngine(@Nullable TrustEngine<? super X509Credential> engine)
      Sets the optional trust engine used in evaluating server TLS credentials.
      Parameters:
      engine - the trust engine instance to use

    • getTLSCriteriaSet

      @Nullable public CriteriaSet getTLSCriteriaSet()
      Get the optional criteria set used in evaluating server TLS credentials.
      Returns:
      the criteria set instance to use

    • setTLSCriteriaSet

      public void setTLSCriteriaSet(@Nullable CriteriaSet criteriaSet)
      Set the optional criteria set used in evaluating server TLS credentials.
      Parameters:
      criteriaSet - the new criteria set instance to use

    • getTLSProtocols

      @Nullable public List<String> getTLSProtocols()
      Get the optional list of TLS protocols.
      Returns:
      the TLS protocols, or null

    • setTLSProtocols

      public void setTLSProtocols(@Nullable Collection<String> protocols)
      Set the optional list of TLS protocols.
      Parameters:
      protocols - the TLS protocols or null

    • getTLSCipherSuites

      @Nullable public List<String> getTLSCipherSuites()
      Get the optional list of TLS cipher suites.
      Returns:
      the list of TLS cipher suites, or null

    • setTLSCipherSuites

      public void setTLSCipherSuites(@Nullable Collection<String> cipherSuites)
      Set the optional list of TLS cipher suites.
      Parameters:
      cipherSuites - the TLS cipher suites, or null

    • getHostnameVerifier

      @Nullable public HostnameVerifier getHostnameVerifier()
      Get the optional hostname verifier.
      Returns:
      the hostname verifier, or null

    • setHostnameVerifier

      public void setHostnameVerifier(@Nullable HostnameVerifier verifier)
      Set the optional hostname verifier.
      Parameters:
      verifier - the hostname verifier, or null

    • getClientTLSCredential

      @Nullable public X509Credential getClientTLSCredential()
      Get the optional client TLS credential.
      Returns:
      the client TLS credential, or null

    • setClientTLSCredential

      public void setClientTLSCredential(@Nullable X509Credential credential)
      Set the optional client TLS credential.
      Parameters:
      credential - the client TLS credential, or null

    • isServerTLSFailureFatal

      @Nullable public Boolean isServerTLSFailureFatal()
      Get the flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.

      Note: a Boolean is used here rather than boolean to explicitly allow a non-configured value, allowing consuming components to implement their own internal defaults.

      Returns:
      true if fatal, false if non-fatal, null if not explicitly configured

    • setServerTLSFailureFatal

      public void setServerTLSFailureFatal(@Nullable Boolean flag)
      Set the flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.

      Note: a Boolean is used here rather than boolean to explicitly allow a non-configured value, allowing consuming components to implement their own internal defaults.

      Parameters:
      flag - true if fatal, false if non-fatal, null if not explicitly configured