Configure Additional Certificate Validation

You can have certificate authentication perform additional validation beyond simple user ID checks.

1. Implement the additional validation logic in a class that implements the com.jackbe.jbp.sas.security.x509.x509CertValidator interface.

To do this, add the following JARs and classes to your classpath:

Classes in the web-apps-home/mashzone/WEB-INF/classes folder.

The web-apps-home/mashzone/WEB-INF/lib/presto_common.jar file.

See the Custom Certificate Validation API for details on implementing this interface.

Then add your custom class to the classpath in one of these folder:

The external configuration folder, if any, for the MashZone NextGen Server. See Setting Up an External MashZone NextGen Configuration Folder for more information.

Important: Deploying additional resources, such as custom validation classes, to an external configuration folder simplifies future deployments or MashZone NextGen Server clusters.

web-apps-home/mashzone/WEB-INF/classes. This is the default location, but is not recommended as it complicates MashZone NextGen Server deployments.

web-apps-home/mashzone/WEB-INF/lib. TThis is the default location, but is not recommended as it complicates MashZone NextGen Server deployments.

2. Using any text or XML editor, edit the applicationContext-security-authn-x509.xml file in the web-apps-home/mashzone/WEB-INF/classes directory.

3. Find the x509 Authentication Provider (<bean id="x509AuthenticationProvider" >) and:

a. Find the <property name="validators"> element.

b. Add a <list> child and add a <bean> child with your implementation class name.

For example:

4. Save your changes to this file.