/** * Authenticates the call using the X.509 client certificate. The * verification of the credentials is normally done by the SSL layer, via * the TrustManagers. * * It uses the certificate chain in the request's * "org.restlet.https.clientCertificates" attribute, adds the principal * returned from this chain by {@link #getPrincipals(List)} to the request's * ClientInfo and set the user to the result of {@link #getUser(Principal)} * if that user is non-null. * * If no client certificate is available, then a 401 status is set. */ @Override protected boolean authenticate(Request request, Response response) { List<Certificate> certchain = request.getClientInfo().getCertificates(); List<Principal> principals = getPrincipals(certchain); if ((principals != null) && (principals.size() > 0)) { request.getClientInfo().getPrincipals().addAll(principals); User user = getUser(principals.get(0)); if (user != null) { request.getClientInfo().setUser(user); } return true; } else { response.setStatus(Status.CLIENT_ERROR_UNAUTHORIZED); return false; } }
/** * Creates a root Router to dispatch call to server resources. */ @Override public Restlet createInboundRoot() { Router router = new Router(getContext()); router.attach("/accounts/{accountId}/mails/{mailId}", MailServerResource.class); // Create the authenticator based on client TLS certificates Authenticator authenticator = new CertificateAuthenticator(getContext()); // Chain the authenticator with the router authenticator.setNext(router); return authenticator; } }