felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Felix Meschberger (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (FELIX-4230) Enhance the Felix request SSL filter to provide the cert as a request attribute
Date Fri, 18 Oct 2013 12:26:41 GMT

     [ https://issues.apache.org/jira/browse/FELIX-4230?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Felix Meschberger updated FELIX-4230:
-------------------------------------

    Description: 
The HTTP SSL Filter allows simulating an HTTPS request on a system sitting behind an SSL terminating
proxy. The proxy forwards SSL information to the system and the filter resurrects the SSL
behavior for the web application.

Apart from just resurrecting the fact that the original request was secure, it is sometimes
also required to get at the client's certificate (if provided) used on the HTTPS session.

The expectation is that the SSL terminating proxy provides the certificate in linearized (line
breaks replaced by single blanks) PEM format in the "X-Forwarded-SSL-Certificate" header.
The filter will convert this header value in an X509Certificate[] array to be set as the "javax.servlet.request.X509Certificate"
request attribute as defined by the servlet API specification.

> Enhance the Felix request SSL filter to provide the cert as a request attribute
> -------------------------------------------------------------------------------
>
>                 Key: FELIX-4230
>                 URL: https://issues.apache.org/jira/browse/FELIX-4230
>             Project: Felix
>          Issue Type: Improvement
>          Components: HTTP Service
>    Affects Versions: http-2.2.0
>            Reporter: Timothee Maret
>             Fix For: http-2.2.2
>
>
> The HTTP SSL Filter allows simulating an HTTPS request on a system sitting behind an
SSL terminating proxy. The proxy forwards SSL information to the system and the filter resurrects
the SSL behavior for the web application.
> Apart from just resurrecting the fact that the original request was secure, it is sometimes
also required to get at the client's certificate (if provided) used on the HTTPS session.
> The expectation is that the SSL terminating proxy provides the certificate in linearized
(line breaks replaced by single blanks) PEM format in the "X-Forwarded-SSL-Certificate" header.
The filter will convert this header value in an X509Certificate[] array to be set as the "javax.servlet.request.X509Certificate"
request attribute as defined by the servlet API specification.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message