Package akka.http.scaladsl.server.directives

Interface TlsDirectives

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      Directive<scala.Tuple1<java.security.cert.X509Certificate>> extractClientCertificate()
      Extract the client certificate, or reject the request with a TlsClientUnverifiedRejection.
      Directive<scala.Tuple1<javax.net.ssl.SSLSession>> extractSslSession()
      Extract the current SSLSession.
      Directive<scala.runtime.BoxedUnit> requireClientCertificateIdentity​(scala.util.matching.Regex cnRegex)
      Require the client to be authenticated, if not reject the request with a TlsClientUnverifiedRejection, also require the one of the client certificate ip or dns SANs (Subject Alternative Name) or if non exists, the CN (Common Name) to match the given regular expression, if not the request is rejected with a TlsClientIdentityRejection

    • Method Detail

      • extractSslSession

        Directive<scala.Tuple1<javax.net.ssl.SSLSession>> extractSslSession()
        Extract the current SSLSession.

        Note: Using this directives requires tls-session info parsing to be enabled: akka.http.server.parsing.tls-session-info-header = on

        Returns:
        (undocumented)

      • extractClientCertificate

        Directive<scala.Tuple1<java.security.cert.X509Certificate>> extractClientCertificate()
        Extract the client certificate, or reject the request with a TlsClientUnverifiedRejection.

        Using this directives requires tls-session info parsing to be enabled: akka.http.server.parsing.tls-session-info-header = on

        The SSLEngine for the server needs to be set up with setWantClientAuth(true) or setNeedClientAuth(true) or else every request will be failed.

        Returns:
        (undocumented)

      • requireClientCertificateIdentity

        Directive<scala.runtime.BoxedUnit> requireClientCertificateIdentity​(scala.util.matching.Regex cnRegex)
        Require the client to be authenticated, if not reject the request with a TlsClientUnverifiedRejection, also require the one of the client certificate ip or dns SANs (Subject Alternative Name) or if non exists, the CN (Common Name) to match the given regular expression, if not the request is rejected with a TlsClientIdentityRejection

        Using this directives requires tls-session info parsing to be enabled: akka.http.server.parsing.tls-session-info-header = on

        The SSLEngine for the server needs to be set up with setWantClientAuth(true) or setNeedClientAuth(true) or else every request will be failed.

        Parameters:
        cnRegex - (undocumented)
        Returns:
        (undocumented)