Commit abb9013e authored by Guus der Kinderen's avatar Guus der Kinderen

OF-892: Different mutual authentication requirements for different types of connections.

parent ca2d61ef
......@@ -88,6 +88,8 @@ public final class HttpBindManager {
public static final String HTTP_BIND_THREADS = "httpbind.client.processing.threads";
public static final String HTTP_BIND_AUTH_PER_CLIENTCERT_POLICY = "httpbind.client.cert.policy";
public static final int HTTP_BIND_THREADS_DEFAULT = 8;
private static final String HTTP_BIND_FORWARDED = "httpbind.forwarded.enabled";
......@@ -258,7 +260,7 @@ public final class HttpBindManager {
sslContextFactory.setKeyStoreType(SSLConfig.getStoreType());
// Set policy for checking client certificates
String certPol = JiveGlobals.getProperty("xmpp.client.cert.policy", "disabled");
String certPol = JiveGlobals.getProperty(HTTP_BIND_AUTH_PER_CLIENTCERT_POLICY, "disabled");
if(certPol.equals("needed")) {
sslContextFactory.setNeedClientAuth(true);
sslContextFactory.setWantClientAuth(true);
......
......@@ -23,6 +23,7 @@ import org.dom4j.Element;
import org.jivesoftware.openfire.Connection;
import org.jivesoftware.openfire.PacketRouter;
import org.jivesoftware.openfire.auth.UnauthorizedException;
import org.jivesoftware.openfire.session.ConnectionSettings;
import org.jivesoftware.openfire.session.LocalClientSession;
import org.jivesoftware.util.JiveGlobals;
import org.xmlpull.v1.XmlPullParser;
......@@ -111,7 +112,7 @@ public class ClientStanzaHandler extends StanzaHandler {
void startTLS() throws Exception {
Connection.ClientAuth policy;
try {
policy = Connection.ClientAuth.valueOf(JiveGlobals.getProperty("xmpp.client.cert.policy", "disabled"));
policy = Connection.ClientAuth.valueOf(JiveGlobals.getProperty(ConnectionSettings.Client.AUTH_PER_CLIENTCERT_POLICY, "disabled"));
} catch (IllegalArgumentException e) {
policy = Connection.ClientAuth.disabled;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment