Client side default SSL context provider
source link: https://wildfly-security.github.io/wildfly-elytron/blog/client-default-ssl-context/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Client side default SSL context provider
Elytron client now provides a java security provider which can be used to register a JVM wide default SSLContext
. When this provider is registered with high enough priority and the method SSLContext.getDefault() is called, the provider instantiates and returns an SSLContext
based on an Elytron client configuration file. So all client libraries that use SSLContext.getDefault()
will use the Elytron client configuration without having to use Elytron client APIs in their code.
To register this org.wildfly.security.auth.client.WildFlyElytronClientDefaultSSLContextProvider
provider, a runtime dependency on wildfly-elytron-client
and wildfly-client-config
is needed. Then it can be registered the usual way, either statically or dynamically.
The provider loads the SSL context from either the current authentication context obtained from the classpath, or from the authentication context obtained from the file whose path is passed into the security provider either programmatically or as an argument in the java.security
file. Configuration file passed to the provider directly has precedence over the authentication context from the classpath.
The SSL context configured to match all rules is the one that will be initialized and returned by this provider, see below example:
<rule use-ssl-context="ssl-context-for-client-provider" />
myAuthenticationContext.withSsl(MatchRule.ALL, myDefaultSslContext);
To register the provider programmatically and optionally specify the path to an Elytron client configuration file, the following code can be used:
Security.insertProviderAt(new WildFlyElytronClientDefaultSSLContextProvider(CONFIG_FILE_PATH), 1);
Alternatively, the provider can be registered in the java.security
file and the path to an Elytron client configuration file can be optionally specified as shown below:
security.provider.1=org.wildfly.security.auth.client.WildFlyElytronClientDefaultSSLContextProvider CONFIG_FILE_PATH
When the provider is registered without a path to file, you can configure the authentication context and surround the SSLContext.getDefault()
call programmatically, eg.:
myAuthenticationContext.run(() -> {
SSLContext.getDefault();
}
Example
You can take a look at the example here.
Summary
New JVM wide default SSL context provider was added to the Elytron client in the WildFly 26.1 release. When you have an SSL context matching all rules configured in Elytron client and you register the WildFlyElytronClientDefaultSSLContextProvider
provider with high enough priority, then all client libraries that use SSLContext.getDefault()
will use make use of it.
Recommend
-
108
Posted byu/deliteplays5 years agoClient-side sec...
-
11
Adding Context Menus for Jazz Objects to the RTC Eclipse Client Posted on February 21, 2014 ...
-
26
How to set Default Vagrant Provider to Virtualbox on Linux; Fedora,Debian,UbuntuSearch ComputingForGeeks
-
7
Configuring Okta as a Client Provider in MuleSoft Anypoint Platform ...
-
7
consider LibreSSL as default OpenSSL provider again consider LibreSSL as default OpenSSL provider again This should not be considered...
-
2
The Problem Vue has lots of tools out of the box that makes our life easier, e.g Vuex and Vue-router. But, it still relies too much on magical connections, which makes code hard to understand. In order to help IDE and future me...
-
14
Set Default Vagrant Provider to Virtualbox on Linux; Fedora,Debian,UbuntuI have been using Vagrant to manage my Virtual Machines for a long time now. Vagrant provides you with such cool Virtual Machines control system. While trying to create...
-
2
Upcoming client side default SSL context provider Currently it is possible to configure SSL contexts in the Elytron client configuration which can be used by interacting with...
-
5
← PreviousMeet Gesa Musiol: Growing Her Career in Customer Success at MongoDB Gesa Musiol has experienced exponential career growth since joining MongoDB two years ago. Through multiple...
-
8
Enhancing Security in Ruby on Rails - SSL Enforcement by Default Oct 10, 2023 •
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK