A new patch has been uploaded. Unfortunately, Jira does not seem to
allow me to remove the old one.
Most of the changes Eoghan suggested have been incorporated. In
particular
* Scratched the idea of a ContextInfo type, since no one took the bait
* Added a TLSessionInfo struct (or the best Java has) to carry TLS
Session data
to the org.apache.cxf.security.transport namespace (API package)
* Supported in the Jetty and servlet http transports (http and http2)
(We gotta fix that!)
* Refactored Message and Exchange interfaces (and Impls) to now extend
from a common base type -- not strictly needed, but definitely a
tidy cleanup
in the API
Patch is off rev 516352.
If someone could quickly review and install the patch, I'd be much
obliged.
I have no ontological commitments to the proposed changes -- mostly
just the idea, so please feel free to morph the proposal to the idiom
du jour (As long as I can extract the needed information out of the
transport!).
Thanks!
-Fred
Here's a listing of the changes, as seen from my snapshot:
05:20:09 spock:~/src/apache/cxf/cxf-445> svn status
M rt/transports/http/src/main/java/org/apache/cxf/transport/http/
JettyHTTPDestination.java
M rt/transports/http/src/main/java/org/apache/cxf/transport/
servlet/ServletController.java
M rt/transports/http2/src/test/java/org/apache/cxf/transport/
http/JettyHTTPDestinationTest.java
M rt/transports/http2/src/main/java/org/apache/cxf/transport/
http/JettyHTTPDestination.java
M rt/transports/http2/src/main/java/org/apache/cxf/transport/
servlet/ServletController.java
M api/src/main/java/org/apache/cxf/message/Exchange.java
M api/src/main/java/org/apache/cxf/message/ExchangeImpl.java
M api/src/main/java/org/apache/cxf/message/Message.java
A api/src/main/java/org/apache/cxf/message/StringMap.java
M api/src/main/java/org/apache/cxf/message/MessageImpl.java
A api/src/main/java/org/apache/cxf/message/StringMapImpl.java
A api/src/main/java/org/apache/cxf/security
A api/src/main/java/org/apache/cxf/security/transport
A api/src/main/java/org/apache/cxf/security/transport/
TLSSessionInfo.java
On Mar 6, 2007, at 7:04 AM, Glynn, Eoghan wrote:
Similarly for the servlet transport, though instead of a
straight copy, in this case you'd be using a different
mechanism for retrieving the cipher suite and peer cert (e.g.
for Tomcat, probably the
org.apache.tomcat.util.net.SSLSupport mechanism, dunno about
other containers).
Actually scratch that point about the tomcat SSLSupport API.
Obviously we'd want to keep the servlet transport agnostic to the
underlying servlet container, so instead you'd be looking at
pulling out
this info from the ServletRequest using the standard attributes ...
String ciphers = (String)req.getAttribute
("javax.net.ssl.cipher_suite");
X509Certificate certs[] =
(X509Certificate[])req.getAttribute
("javax.net.ssl.peer_certificates");
Cheers,
Eoghan
