Operations: Server: How to Generate a Client Certificate
-
You can generate a client certificate using CreateClientCertificateOperation.
-
Learn the rationale needed to properly define client certificates in The RavenDB Security Authorization Approach
Syntax
public CreateClientCertificateOperation(String name,
Map<String, DatabaseAccess> permissions,
SecurityClearance clearance)
public CreateClientCertificateOperation(String name,
Map<String, DatabaseAccess> permissions,
SecurityClearance clearance,
String password)
public enum SecurityClearance {
UNAUTHENTICATED_CLIENTS,
CLUSTER_ADMIN,
CLUSTER_NODE,
OPERATOR,
VALID_USER
}
public enum DatabaseAccess {
READ,
READ_WRITE,
ADMIN
}
Parameters | ||
---|---|---|
name | String | Name of a certificate |
permissions | Map<String, DatabaseAccess> | Map with database to access level mapping |
clearance | SecurityClearance | Access level |
password | String | Optional certificate password, default: no password |
Return Value | |
---|---|
RawData | client certificate raw data |
Example I
// With user role set to Cluster Administrator or Operator the user of this certificate
// is going to have access to all databases
CreateClientCertificateOperation operation = new CreateClientCertificateOperation("admin",
null, SecurityClearance.OPERATOR);
CertificateRawData certificateRawData = store.maintenance().server().send(operation);
byte[] certificatesZipped = certificateRawData.getRawData();
Example II
// when security clearance is ValidUser, you need to specify per database permissions
CreateClientCertificateOperation operation = new CreateClientCertificateOperation("user1",
Collections.singletonMap("Northwind", DatabaseAccess.ADMIN),
SecurityClearance.VALID_USER,
"myPassword");
CertificateRawData certificateRawData = store.maintenance().server().send(operation);
byte[] certificateZipped = certificateRawData.getRawData();