Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Done
-
master
-
None
-
None
Description
In order to limit access to trusted partners/users only, James should support TLS with certificate-based client authentication.
For this purpose, TLS configuration is extended with the desired authentication mode (none, optional, required), and the associated trust store to validate any received client certificates. Example:
<tls socketTLS="true" startTLS="false"> <keystore>file://conf/keystore</keystore> <keystoreType>JKS</keystoreType> <secret>yoursecret</secret> <clientAuth required="true"> <truststore>file://conf/truststore</truststore> <truststoreType>JKS</truststoreType> <truststoreSecret>yoursecret</truststoreSecret> </clientAuth> </tls>
This is implemented mostly in AbstractConfigurableAsyncServer and associated Netty infrastructure.
T-Shirt size M.
Attachments
Issue Links
- links to