com.entrust.toolkit.credentials

Class UserConfigSettings

java.lang.Object

com.entrust.toolkit.credentials.UserConfigSettings

public class UserConfigSettings
extends java.lang.Object

Contains a set of parameters that are used to configure the operation and behaviour of an Entrust User.

Since:

7.1 SP1 Patch

See Also:

User

Field Summary

Fields

Modifier and Type	Field and Description
static UserConfigSettings	DEFAULT_USER_CONFIG_SETTINGS Default user configuration settings; these settings will automatically be used with any user for which user configuration settings were not manually defined.

Constructor Summary

Constructors

Constructor and Description
UserConfigSettings() The constructor; creates a new UserConfigSettings object that contains the default configuration settings.

Method Summary

Modifier and Type	Method and Description
long	getCRLInvalidSearchTimeout() Returns the CRL invalid search timeout.
int	getHttpCRLReceiveTimeout() Returns the HTTP CRL receive timeout.
int	getHttpReceiveTimeout() Returns the HTTP receive timeout.
int	getLDAPReceiveTimeout() Deprecated. The configuration settings available to classes that implement the LdapDirectory interface should be used.
UserRevocationInfo	getRevocationInfo()
ValidationConfig	getValidationConfig()
boolean	isRSInternalDirCreateEnabled() Checks whether or not automatic internal JNDIDirectory creation for CRL lookups from CDPs containing LDAP URLs is enabled.
void	setCRLInvalidSearchTimeout(long invalidSearchTimeout) Sets the CRL invalid search timeout.
void	setHttpCRLReceiveTimeout(int timeout) Sets the receive timeout.
void	setHttpReceiveTimeout(int timeout) Sets the receive timeout.
void	setLDAPReceiveTimeout(int timeout) Deprecated. The configuration settings available to classes that implement the LdapDirectory interface should be used. For example, when a JNDIDirectory object is used, it contains a JNDIDirectory.setConnectionTimeout(int) method that may be used to configure a timeout value.
void	setRevocationInfo(UserRevocationInfo revInfo) Sets the UserRevocationInfo object which is used to configure the Revocation parameters.
void	setRSInternalDirCreateEnabled(boolean enabled) Enables/Disables automatic internal JNDIDirectory creation for CRL lookups from CDPs containing LDAP URLs.
void	setValidationConfig(ValidationConfig validationConfig) Sets the ValidationConfig object which is used to configure the Validation Configuration parameters.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_USER_CONFIG_SETTINGS

public static final UserConfigSettings DEFAULT_USER_CONFIG_SETTINGS

Default user configuration settings; these settings will automatically be used with any user for which user configuration settings were not manually defined. These are the per-application (global) user configuration settings; they are overridden when per-user user configuration settings are provided.

Constructor Detail

UserConfigSettings

public UserConfigSettings()

The constructor; creates a new UserConfigSettings object that contains the default configuration settings.

All user configuration setting values are initialized from DEFAULT_USER_CONFIG_SETTINGS

Method Detail

setRSInternalDirCreateEnabled

public void setRSInternalDirCreateEnabled(boolean enabled)

Enables/Disables automatic internal JNDIDirectory creation for CRL lookups from CDPs containing LDAP URLs.

During revocation checking, when a CDP is encountered that contains an LDAP URL which includes a hostname, the CRL can either be looked-up from the user's Directory or a JNDIDirectory can automatically be created internally and used for the lookup (based on the information in the LDAP URL). Under circumstances where the calling application requires rigid control over all Directory access, automatic internal JNDIDirectory creation is undesirable (for instance, some applications may require all LDAP calls to be tunnelled via HTTP or HTTPS).

By default, this value is set to true.

Parameters:

enabled - indicates whether or not automatic internal JNDIDirectory creation for CRL lookups from CDPs containing LDAP URLs is enabled

isRSInternalDirCreateEnabled

public boolean isRSInternalDirCreateEnabled()

Checks whether or not automatic internal JNDIDirectory creation for CRL lookups from CDPs containing LDAP URLs is enabled.

Returns:

true if automatic internal JNDIDirectory creation for CRL lookups from CDPs containing LDAP URLs is enabled; false otherwise

See Also:

setRSInternalDirCreateEnabled(boolean)

setCRLInvalidSearchTimeout

public void setCRLInvalidSearchTimeout(long invalidSearchTimeout)

Sets the CRL invalid search timeout.

During revocation checking, when searching for CRLs at a given CRL distribution point (DP), it is possible that valid and appropriate CRLs will not be found. This is an invalid CRL search; an invalid CRL search occurs when valid and appropriate CRLs could not be found for given DP in any of the configured CRL revocation stores (Cache, LDAP, HTTP, and Archive). Invalid CRL searches typically result from problems with the LDAP CRL revocation store, for example, when the LDAP Directory goes down or returns no data, corrupt data, improperly formatted CRLs, or invalid CRLs. Repeating an invalid search causes increased LDAP traffic, circumventing the benefit of the CRL cache. For this reason, it is desirable to not repeat invalid searches for a set period of time.

The CRL invalid search timeout is used to configure the amount of time following the detection of an invalid CRL search during which the same invalid CRL search will not be repeated. The CRL search timeout improves performance in cases where invalid CRLs are encountered but revocation checking can still succeed. The CRL invalid search timeout feature can be disabled by setting the timeout to a zero or negative value.

Parameters:

invalidSearchTimeout - the CRL invalid search timeout in milliseconds

Since:

7.1 SP1 Patch

getCRLInvalidSearchTimeout

public long getCRLInvalidSearchTimeout()

Returns the CRL invalid search timeout.

Returns:

the CRL invalid search timeout in milliseconds

Since:

7.1 SP1 Patch

See Also:

setCRLInvalidSearchTimeout(long)

setHttpCRLReceiveTimeout

public void setHttpCRLReceiveTimeout(int timeout)

Sets the receive timeout.

The receive timeout is the maximum amount of time in milliseconds that will be spent attempting to retrieve a CRL from an HTTP URL. This ensures that attempts to retrieve CRLs from this revocation store will never hang indefinitely, even if there is a problem communicating with the HTTP Server.

The receive timeout cannot be set to a value less than 0; any attempt to do so will result in the receive timeout being set to 0 which means the timeout will be indefinite. The default value is 10 seconds.

getHttpCRLReceiveTimeout

public int getHttpCRLReceiveTimeout()

Returns the HTTP CRL receive timeout.

The receive timeout is the maximum amount of time in milliseconds that will be spent attempting to retrieve a CRL from an HTTP URL. This ensures that attempts to retrieve CRLs from this revocation store will never hang indefinitely, even if there is a problem communicating with the HTTP Server. The default value is 10 seconds or 10000 milliseconds.

Returns:

the receive timeout (milliseconds)

setHttpReceiveTimeout

public void setHttpReceiveTimeout(int timeout)

Sets the receive timeout.

The receive timeout is the maximum amount of time in milliseconds that will be spent attempting to retrieve data from an HTTP URL. This ensures that attempts to retrieve data will never hang indefinitely, even if there is a problem communicating with the HTTP Server.

The receive timeout cannot be set to a value less than 0; any attempt to do so will result in the receive timeout being set to 0 which means the timeout will be indefinite.

getHttpReceiveTimeout

public int getHttpReceiveTimeout()

Returns the HTTP receive timeout.

The receive timeout is the maximum amount of time in milliseconds that will be spent attempting to retrieve data from an HTTP URL. This ensures that attempts to retrieve data will never hang indefinitely, even if there is a problem communicating with the HTTP Server.

Returns:

the receive timeout (milliseconds)

setLDAPReceiveTimeout

public void setLDAPReceiveTimeout(int timeout)

Deprecated. The configuration settings available to classes that implement the LdapDirectory interface should be used. For example, when a JNDIDirectory object is used, it contains a JNDIDirectory.setConnectionTimeout(int) method that may be used to configure a timeout value.

Sets the receive timeout for LDAP connections.

getLDAPReceiveTimeout

public int getLDAPReceiveTimeout()

Deprecated. The configuration settings available to classes that implement the LdapDirectory interface should be used.

Returns the LDAP receive timeout used for LDAP connections

Returns:

the LDAP receive timeout (milliseconds)

See Also:

setLDAPReceiveTimeout(int)

setRevocationInfo

public void setRevocationInfo(UserRevocationInfo revInfo)

Sets the UserRevocationInfo object which is used to configure the Revocation parameters.

Parameters:

revInfo -

getRevocationInfo

public UserRevocationInfo getRevocationInfo()

Returns:

the UserRevocationInfo object. This object represents the Revocation configuration parameters

setValidationConfig

public void setValidationConfig(ValidationConfig validationConfig)

Sets the ValidationConfig object which is used to configure the Validation Configuration parameters.

Parameters:

validationConfig - The validation configuration object

getValidationConfig

public ValidationConfig getValidationConfig()

Returns:

the ValidationConfig object. This object represents the Validation configuration parameters