Skip to main content
Version: 4.25.x.x LTS

Utilities

nevisAuth comes with many utilities and helper classes. They provide a common interface or standard procedure that can serve various nevisAuth components.

AuthHttpClient

Many AuthStates establish outgoing connections to HTTP/S servers, e.g., HTTP authentication plug-in "). To streamline and simplify the client-side configuration, a common code base is encapsulated. It extends Apache's httpclient and can be configured via the properties of the AuthState, as described in the next table:

TopicDescription
Properties(general)host (string, -)The host to which the client will connect. If it is null, no credentials can be provided. If it is not null, the client will set it as default host.
port (int, 80)The port to which the client will connect.
protocol (string, http)Values: "http" or "https". The client tries to derive it from the configured host, if not specified. Default value: http
Properties(authentication)username (string, -)The user name used for authentication at the HTTP server.
password (string, -)The password used for authentication at the HTTP server.
credType ({USERNAME_PASSWRORD, NT}, -)The type of authentication that should be attempted. Either NT or USERNAME_PASSWORD.
realm (string, -)The realm used for the NT authentication.
workstation (string, -)The workstation used for the NT authentication.
Properties(proxy)proxyHost (string, -)The proxy host through which the connection should be tunneled.
proxyPort (int, 8080)The proxy port through which the connection should be tunneled.
proxyUsername (string, -)The user name used for authentication at the proxy.
proxyPassword (string, -)The password used for authentication at the proxy.
proxyCredType ({NT, USERNAME_PASSWORD}, -)The type of authentication of the proxy that should be attempted. Either NT or USERNAME_PASSWORD.
proxyRealm (string, -)The realm used for the NT authentication at the proxy.
proxyWorkstation (string, -)The workstation used for the NT authentication at the proxy.
Properties(connections)http.socket.timeout (int, 30000)The read time-out on the socket, in milliseconds.
http.connection.timeout (int, 10000)The connection time-out, in milliseconds.
http.connection-manager.max-per-host (int, 100)The number of connections allowed to one host.
http.connection-manager.max-total (int, 100)The total number of connections allowed.
Properties(certificates)truststore (string, -)The path to the trustStore. The truststore must contain the public keys needed to validate the certificate presented by the HTTP server.If no path is provided, the system property javax.net.ssl.trustStore is used.
truststorePasswd (string, -)The password of the trustStore.If no password is provided, the system property javax.net.ssl.trustStorePassword is used.
truststoreType (string, -)The type of the trustStore.If no type is provided, the system property javax.net.ssl.trustStoreType is used.
keystore (string, -)The path to the keyStore. Used to provide two-way SSL. The keystore contains the certificate that will be used by the HTTP client.If no path is provided, the system property javax.net.ssl.keyStore is used.
keystorePasswd (string, -)The password of the keyStore.If no password is provided, the system property javax.net.ssl.keyStorePassword is used.
keystoreType (string, -)The type of the keyStore.If no type is provided, the system property javax.net.ssl.keyStoreType is used.
checkHostname (boolean, true)Defines whether to verify (check) the hostname in the certificate presented by the HTTP server against the HTTP server hostname.By default, the hostname verification is enabled ("true") and the hostname will be checked. If you set this property to "false", the hostname verification will not take place.

TokenAuthHttpClient

The TokenAuthHttpClient is an AuthHttpClient enhanced with capabilities to generate SecTokens and to enable communication with SecToken-secured HTTPs services. In addition to the parameters available from the AuthHttpClient, the TokenAuthHttpClient evaluates parameters starting with "token":

TopicDescription
Properties(general)token.userId (string, -)The user ID that should be used for the generation of the SecToken.
token.profileId (string, -)The profile ID that should be used for the generation of the SecToken.
token.roles (string, -)A list of roles separated by ",". The user roles that should be used for the generation of the SecToken.

AuthSSLContextFactory

An interface for creating SSLContexts has been created for the same purpose as the AuthHttpClient above: to provide a simple factory for SSLContext objects.

AuthHttpClient uses the SSLContextFactory to create contexts for HTTPS connections. The following table lists the relevant properties for configuring the factory.

TopicDescription
PropertiessslContextType (string, "TLS")The SSLContext type can be one of the following: SSL, SSLV2, SSLV3, TLS, TLSV1, TLSV1.1, TLSV1.2.
truststore (string, -)The path to the truststore. If no truststore object exists and the truststore property has not been configured, the system property javax.net.ssl.trustStore is used.
truststorePasswd (string, -)The password for the truststore. If this property was not configured, the system property javax.net.ssl.trustStorePassword is used.
truststoreType (string, -)The type of the truststore, e.g., "JKS". If this property was not configured, the system property javax.net.ssl.trustStoreType is used.
keystore (string, -)The path to the keystore. If no keystore object exists and the keystore property has not been configured, the system property javax.net.ssl.keyStore is used.
keystorePasswd (string, -)The password for the keystore. If this property was not configured, the system property javax.net.ssl.keyStorePassword is used.
keystoreType (string, -)The type of the keystore, e.g., "JKS". If this property was not configured, the system property javax.net.ssl.keyStoreType is used.
trustmanagerAlgorithm (string, -)The name of the algorithm of the trust manager. The algorithm property will be used as a default value if trustmanagerAlgorithm is not defined and algorithm is defined. Otherwise, the default of the javax.net.ssl.TrustManagerFactory is used.
keymanagerAlgorithm (string, -)The name of the algorithm of the key manager. The algorithm property will be used as a default value if keymanagerAlgorithm is not defined and algorithm is defined. Otherwise, the default of the javax.net.ssl.KeyManagerFactory is used.
algorithm (string, -)Can be used instead if trustmanagerAlgorithm and keymanagerAlgorithm are equal.
KeyStoretrustStoreInstead of using the path to the truststore property, a truststore object can be handed to the AuthSSLContextFactory.
keyStoreInstead of using the path to the keystore property, a keystore object can be handed to the AuthSSLContextFactory.
Logging"AuthSocket"

SMTPClient

The SMTPClient utility implements an SMTP client and can be used to send e-mail messages. It is configured with an optional username and password and a set of properties. The provided username and password will be used if the SMTP Server requires user authentication. The set of properties is used to set up an SMTP session which the SMTPClient holds. I.e., the set of properties is expected to contain JavaMail API properties as documented in https://javamail.java.net/nonav/docs/api/. In particular, this includes the properties documented in https://javamail.java.net/nonav/docs/api/com/sun/mail/smtp/package-summary.html. If not set explicitly, default values are set for the properties mail.smtp[s].connectiontimeout, mail.smtp[s].timeout and mail.smtp[s].writetimeout.

If used by an AuthState, the SMTPClient can be configured via the properties of the AuthState.

TopicDescription
Propertiesmail.* (string)JavaMailAPI properties as defined inhttps://javamail.java.net/nonav/docs/api/and in particularhttps://javamail.java.net/nonav/docs/api/com/sun/mail/smtp/package-summary.html

Example SMTPClient using SMTP as the transport protocol can be obtained with the following properties

mail.smtp.host = "mail.yourprovider.ch"
mail.smtp.port = "25"
mail.transport.protocol = "smtp"

SMTPClient using SMTPS as the transport protocol can be obtained with the following properties:

mail.smtps.host = "mail.yourprovider.ch"
mail.smtps.port = "465"
mail.transport.protocol = "smtps"