public class AuthorizedKeysAuthenticator extends ModifiableFileWatcher implements PublickeyAuthenticator
PublickeyAuthenticator
while automatically re-loading the keys if the file has changed when a
new authentication request is received. Note: by default, the only
validation of the username is that it is not null
/empty - see
isValidUsername(String, ServerSession)
Modifier and Type | Field and Description |
---|---|
static String |
STD_AUTHORIZED_KEYS_FILENAME
Standard OpenSSH authorized keys file name
|
options, STRICTLY_PROHIBITED_FILE_PERMISSION
log
Constructor and Description |
---|
AuthorizedKeysAuthenticator(Path file) |
AuthorizedKeysAuthenticator(Path file,
LinkOption... options) |
Modifier and Type | Method and Description |
---|---|
boolean |
authenticate(String username,
PublicKey key,
ServerSession session)
Check the validity of a public key.
|
protected PublickeyAuthenticator |
createDelegateAuthenticator(String username,
ServerSession session,
Path path,
Collection<AuthorizedKeyEntry> entries,
PublicKeyEntryResolver fallbackResolver) |
static Path |
getDefaultAuthorizedKeysFile() |
protected PublicKeyEntryResolver |
getFallbackPublicKeyEntryResolver() |
protected boolean |
isValidUsername(String username,
ServerSession session) |
static List<AuthorizedKeyEntry> |
readDefaultAuthorizedKeys(OpenOption... options)
Reads read the contents of the default OpenSSH
authorized_keys file |
protected Collection<AuthorizedKeyEntry> |
reloadAuthorizedKeys(Path path,
String username,
ServerSession session) |
protected PublickeyAuthenticator |
resolvePublickeyAuthenticator(String username,
ServerSession session) |
checkReloadRequired, exists, getPath, lastModified, resetReloadAttributes, size, toPathResource, toPathResource, toString, updateReloadAttributes, validateStrictConfigFilePermissions
getSimplifiedLogger
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
fromAuthorizedEntries
public static final String STD_AUTHORIZED_KEYS_FILENAME
public AuthorizedKeysAuthenticator(Path file)
public AuthorizedKeysAuthenticator(Path file, LinkOption... options)
public boolean authenticate(String username, PublicKey key, ServerSession session)
PublickeyAuthenticator
authenticate
in interface PublickeyAuthenticator
username
- the usernamekey
- the keysession
- the server sessionprotected boolean isValidUsername(String username, ServerSession session)
protected PublickeyAuthenticator resolvePublickeyAuthenticator(String username, ServerSession session) throws IOException, GeneralSecurityException
IOException
GeneralSecurityException
protected PublickeyAuthenticator createDelegateAuthenticator(String username, ServerSession session, Path path, Collection<AuthorizedKeyEntry> entries, PublicKeyEntryResolver fallbackResolver) throws IOException, GeneralSecurityException
IOException
GeneralSecurityException
protected PublicKeyEntryResolver getFallbackPublicKeyEntryResolver()
protected Collection<AuthorizedKeyEntry> reloadAuthorizedKeys(Path path, String username, ServerSession session) throws IOException, GeneralSecurityException
IOException
GeneralSecurityException
public static Path getDefaultAuthorizedKeysFile()
Path
location of the OpenSSH authorized keys filepublic static List<AuthorizedKeyEntry> readDefaultAuthorizedKeys(OpenOption... options) throws IOException
authorized_keys
fileoptions
- The OpenOption
s to use when reading the fileList
of all the AuthorizedKeyEntry
-ies found there -
or empty if file does not existIOException
- If failed to read keys from fileCopyright © 2008–2022 The Apache Software Foundation. All rights reserved.