server/WEB-INF/conf/access.bml

This file specifies settings that restrict network access to the Validation Responder. It can be used to override the default settings from:

Copy

server/WEB-INF/conf/access-defaults.bml

This configuration file can be used to specify the properties in the following subsection.

Property: secureOnly

Default	true
Description	This property specifies whether the Validation Responder Status Page should only be available through HTTPS. If this property is set to false, then it will allow access to the status interface through unencrypted HTTP. If it is set to true, then only HTTPS connections will be allowed.
Example	<property name="secureOnly" value="true"/>

Property: trustedClientCertificateRequired

Default	false
Description	When SSL is used, the Validation Responder can be configured to require a known client certificate to be used for authentication to the server. If this property is set to true, then clients will only be able to connect if their client SSL certificate matches one of the certificate files in the directory specified by the trustedClientCertificateDirectory property.
Example	<property name="trustedClientCertificateRequired" value="false"/>

Property: trustedClientCertificateDirectory

Default	/data/client-certs
Description	When SSL is used, the Validation Responder can be configured to require a known client certificate to be used for authentication to the server. If the trustedClientCertificateRequired property is set to true. Then, clients will only be able to connect if their client SSL certificate matches one of the certificate files in the directory specified by this property.
Example	<property name="trustedClientCertificateDirectory" value="../data/client-certs"/>

Default

/data/client-certs

Description

When SSL is used, the Validation Responder can be configured to require a known client certificate to be used for authentication to the server. If the trustedClientCertificateRequired property is set to true. Then, clients will only be able to connect if their client SSL certificate matches one of the certificate files in the directory specified by this property.

Example

<property name="trustedClientCertificateDirectory"

value="../data/client-certs"/>

Property: trustedInetAddressRequired

Default	false
Description	The Validation Responder can be configured so that it only responds to validation requests from known IP addresses. If this property is set to true, then the network requests will only be accepted from clients with IP addresses matching those in the trustedInetAddressList property.
Example	<property name="trustedInetAddressRequired" value="true"/>

Property: trustedInetAddressList

Default	none
Description	The Validation Responder can be configured so that it only responds to validation requests from known IP addresses. When the trustedInetAddressRequired property is set to true, network requests will only be accepted from clients with IP addresses matching those in this property. In the following example, requests will only be accepted from clients with IP addresses 127.0.0.1 and 192.168.2.43 or on subnet 192.168.3.x.
Example	<property name="trustedInetAddressList"> <bean class="java.util.Vector"> <add><string>127.0.0.1</string></add> <add><string>192.168.2.43</string></add> <add><string>192.168.3.0/24 </string></add> </bean> </property>

Default

none

Description

The Validation Responder can be configured so that it only responds to validation requests from known IP addresses. When the trustedInetAddressRequired property is set to true, network requests will only be accepted from clients with IP addresses matching those in this property. In the following example, requests will only be accepted from clients with IP addresses 127.0.0.1 and 192.168.2.43 or on subnet 192.168.3.x.

Example

</bean>

</property>