Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.qi4j.library.http
Interface SecureJettyConfiguration

All Superinterfaces:
Composite, ConfigurationComposite, EntityComposite, Identity, JettyConfiguration
public interface SecureJettyConfiguration
extends JettyConfiguration

Configuration for SecureJettyMixin. Only the three keystore related properties are mandatory, all the other ones have sensible defaults.

Nested Class Summary
 
Nested classes/interfaces inherited from interface org.qi4j.api.entity.Identity
Identity.IdentityMixin
 
Method Summary
 Property<java.lang.Boolean> allowRenegotiation()
          If SSL/TLS renegotiation is allowed.
 Property<java.lang.Boolean> cacheSslSessions()
          If SSL Session caching is enabled.
 Property<java.lang.String> certAlias()
          Alias of the SecureJettyService certificate.
 Property<java.lang.String> crlFilePath()
           
 Property<java.lang.Boolean> enableCRLDP()
           
 Property<java.lang.Boolean> enableOCSP()
           
 Property<java.lang.String> excludeCipherSuites()
           
 Property<java.lang.String> includeCipherSuites()
           
 Property<java.lang.String> keystorePassword()
           
 Property<java.lang.String> keystorePath()
           
 Property<java.lang.String> keystoreType()
           
 Property<java.lang.Integer> maxCertPathLength()
          Maximum number of intermediate certificates in the PKIX path.
 Property<java.lang.Boolean> needClientAuth()
          If the SecureJettyService needs client authentication.
 Property<java.lang.String> ocspResponderURL()
           
 Property<java.lang.String> secureRandomAlgorithm()
          The algorithm used by SecureRandom for SSL operations.
 Property<java.lang.String> truststorePassword()
           
 Property<java.lang.String> truststorePath()
           
 Property<java.lang.String> truststoreType()
           
 Property<java.lang.Boolean> validatePeerCerts()
          If client certificates PKIX validation MUST use either CRL or OCSP.
 Property<java.lang.Boolean> validateServerCert()
          If the SecureJettyService certificate MUST be PKIX validated.
 Property<java.lang.Boolean> wantClientAuth()
          If the SecureJettyService wants client authentication.
 
Methods inherited from interface org.qi4j.library.http.JettyConfiguration
contextPath, gracefullShutdownTimeout, hostName, lowResourceMaxIdleTime, maxFormContentSize, maxIdleTime, port, requestBufferSize, requestHeaderSize, resourcePath, responseBufferSize, responseHeaderSize, sendDateHeader, sendServerVersion, statistics, virtualHosts, welcomeFiles
 
Methods inherited from interface org.qi4j.api.entity.Identity
identity
 

Method Detail

keystoreType

Property<java.lang.String> keystoreType()
Returns:
Type of the keystore that contains the SecureJettyService certificate.

keystorePath

Property<java.lang.String> keystorePath()
Returns:
Path of the keystore that contains the SecureJettyService certificate.

keystorePassword

@UseDefaults
Property<java.lang.String> keystorePassword()
Returns:
Password of the keystore that contains the SecureJettyService certificate.

certAlias

@Optional
Property<java.lang.String> certAlias()
Alias of the SecureJettyService certificate. If not set, the first certificate found in the keystore is used.

Returns:
Alias of the SecureJettyService certificate.

truststoreType

@Optional
Property<java.lang.String> truststoreType()
Returns:
Type of the keystore that contains the certificates trusted by the SecureJettyService.

truststorePath

@Optional
Property<java.lang.String> truststorePath()
Returns:
Path of the keystore that contains the certificates trusted by the SecureJettyService.

truststorePassword

@UseDefaults
Property<java.lang.String> truststorePassword()
Returns:
Password of the keystore that contains the certificates trusted by the SecureJettyService.

wantClientAuth

@UseDefaults
Property<java.lang.Boolean> wantClientAuth()
If the SecureJettyService wants client authentication. Defaults to false. If set to true, the SecureJettyService will expose the fact that it can handle client certificate based authentication.

Returns:
If the SecureJettyService wants client authentication.

needClientAuth

@UseDefaults
Property<java.lang.Boolean> needClientAuth()
If the SecureJettyService needs client authentication. Defaults to false. If set to true, only mutually authentified connections will be accepted.

Returns:
If the SecureJettyService needs client authentication.

secureRandomAlgorithm

@Optional
Property<java.lang.String> secureRandomAlgorithm()
The algorithm used by SecureRandom for SSL operations. Default JVM algorithm is used if omitted.

Returns:
The algorithm used by SecureRandom for SSL operations.

includeCipherSuites

@Optional
Property<java.lang.String> includeCipherSuites()
Returns:
Coma separated list of included cipher suites.

excludeCipherSuites

@Optional
Property<java.lang.String> excludeCipherSuites()
Returns:
Coma separated list of excluded cipher suites.

cacheSslSessions

@Optional
Property<java.lang.Boolean> cacheSslSessions()
If SSL Session caching is enabled. SSL Session caching is enabled by default.

Returns:
If SSL Session caching is enabled.

allowRenegotiation

@UseDefaults
Property<java.lang.Boolean> allowRenegotiation()
If SSL/TLS renegotiation is allowed. Defaults to false. Setting this to true can open vulnerabilities, be sure of what you are doing.

Returns:
If SSL/TLS renegotiation is allowed.

maxCertPathLength

@Optional
Property<java.lang.Integer> maxCertPathLength()
Maximum number of intermediate certificates in the PKIX path. Set to -1 for unlimited. Defaulted to -1.

Returns:
Maximum number of intermediate certificates in the PKIX path

validateServerCert

@UseDefaults
Property<java.lang.Boolean> validateServerCert()
If the SecureJettyService certificate MUST be PKIX validated.

IMPORTANT:

Defaults to false.

Returns:
If the SecureJettyService certificate MUST be PKIX validated.

validatePeerCerts

@UseDefaults
Property<java.lang.Boolean> validatePeerCerts()
If client certificates PKIX validation MUST use either CRL or OCSP.

IMPORTANT:

Defaults to false.

Returns:
If client certificates PKIX validation MUST use either CRL or OCSP.

crlFilePath

@Optional
Property<java.lang.String> crlFilePath()
Returns:
The path of a local CRL file in PEM or DER format used during PKIX validations.

enableCRLDP

@UseDefaults
Property<java.lang.Boolean> enableCRLDP()
Returns:
If PKIX validations use the CRL Distribution Points declared in CA certificates.

enableOCSP

@UseDefaults
Property<java.lang.Boolean> enableOCSP()
Returns:
If PKIX validations use the OCSP protocol against responders declared in CA certificates.

ocspResponderURL

@Optional
Property<java.lang.String> ocspResponderURL()
Returns:
The URL of an OCSP responder to use during PKIX validations.
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD