Configure Additional Certificate Validation
You can have certificate authentication perform additional validation beyond simple user ID checks.
1. Implement the additional validation logic in a class that implements the com.jackbe.jbp.sas.security.x509.x509CertValidator interface.
To do this, add the following JARs and classes to your classpath:
Classes in the
web-apps-home/mashzone/WEB-INF/classes folder.
The
web-apps-home/mashzone/WEB-INF/lib/presto_common.jar file.
See the Custom Certificate Validation API for details on implementing this interface.
Then add your custom class to the classpath in one of these folder:
Important: | Deploying additional resources, such as custom validation classes, to an external configuration folder simplifies future deployments or Business Analytics Server clusters. |
web-apps-home/mashzone/WEB-INF/classes. This is the default location, but is not recommended as it complicates
Business Analytics Server deployments.
web-apps-home/mashzone/WEB-INF/lib. TThis is the default location, but is not recommended as it complicates
Business Analytics Server deployments.
2. Using any text or XML editor, edit the applicationContext-security-authn-x509.xml file in the web-apps-home/mashzone/WEB-INF/classes directory.
3. Find the x509 Authentication Provider (<bean id="x509AuthenticationProvider" >) and:
a. Find the <property name="validators"> element.
b. Add a <list> child and add a <bean> child with your implementation class name.
For example:
<bean id="x509AuthenticationProvider">
...
<property name="validators">
<list>
<bean/>
</list>
</property>
....
</bean>
4. Save your changes to this file.