Presto Administration : Presto Security : Authentication with Digital Certificates/SSL : Configure Additional Certificate Validation
Configure Additional Certificate Validation
You can have certificate authentication perform additional validation beyond simple user ID checks.
1. Implement the additional validation logic in a class that implements the com.jackbe.jbp.sas.security.x509.x509CertValidator interface.
To do this, add the following JARs and classes to your classpath:
*Classes in the web-apps-home/presto/WEB-INF/classes folder.
*The web-apps-home/presto/WEB-INF/lib/presto_common.jar file.
See the Custom Certificate Validation API for details on implementing this interface.
Then add your custom class to the classpath in one of these folder:
*The external configuration folder, if any, for the Presto Server. See Setting Up an External Presto Configuration Folder for more information.
Important:  
Deploying additional resources, such as custom validation classes, to an external configuration folder simplifies future deployments or Presto Server clusters.
*web-apps-home/presto/WEB-INF/classes. This is the default location, but is not recommended as it complicates Presto Server deployments.
*web-apps-home/presto/WEB-INF/lib. TThis is the default location, but is not recommended as it complicates Presto Server deployments.
2. Using any text or XML editor, edit the applicationContext-security-authn-x509.xml file in the web-apps-home/presto/WEB-INF/classes directory.
3. Find the x509 Authentication Provider (<bean id="x509AuthenticationProvider" >) and:
a. Find the <property name="validators"> element.
b. Add a <list> child and add a <bean> child with your implementation class name.
For example:
<bean id="x509AuthenticationProvider">
...
<property name="validators">
<list>
<bean/>
</list>
</property>
....
</bean>
4. Save your changes to this file.
Copyright © 2006-2015 Software AG, Darmstadt, Germany.

Product LogoContact Support   |   Community   |   Feedback