[jira] [Updated] (FELIX-4230) Enhance the Felix request SSL filter to provide the cert as a request attribute

Fri, 18 Oct 2013 05:27:14 -0700 

     [ 
https://issues.apache.org/jira/browse/FELIX-4230?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Felix Meschberger updated FELIX-4230:
-------------------------------------

    Description: 
The HTTP SSL Filter allows simulating an HTTPS request on a system sitting 
behind an SSL terminating proxy. The proxy forwards SSL information to the 
system and the filter resurrects the SSL behavior for the web application.

Apart from just resurrecting the fact that the original request was secure, it 
is sometimes also required to get at the client's certificate (if provided) 
used on the HTTPS session.

The expectation is that the SSL terminating proxy provides the certificate in 
linearized (line breaks replaced by single blanks) PEM format in the 
"X-Forwarded-SSL-Certificate" header. The filter will convert this header value 
in an X509Certificate[] array to be set as the 
"javax.servlet.request.X509Certificate" request attribute as defined by the 
servlet API specification.

> Enhance the Felix request SSL filter to provide the cert as a request 
> attribute
> -------------------------------------------------------------------------------
>
>                 Key: FELIX-4230
>                 URL: https://issues.apache.org/jira/browse/FELIX-4230
>             Project: Felix
>          Issue Type: Improvement
>          Components: HTTP Service
>    Affects Versions: http-2.2.0
>            Reporter: Timothee Maret
>             Fix For: http-2.2.2
>
>
> The HTTP SSL Filter allows simulating an HTTPS request on a system sitting 
> behind an SSL terminating proxy. The proxy forwards SSL information to the 
> system and the filter resurrects the SSL behavior for the web application.
> Apart from just resurrecting the fact that the original request was secure, 
> it is sometimes also required to get at the client's certificate (if 
> provided) used on the HTTPS session.
> The expectation is that the SSL terminating proxy provides the certificate in 
> linearized (line breaks replaced by single blanks) PEM format in the 
> "X-Forwarded-SSL-Certificate" header. The filter will convert this header 
> value in an X509Certificate[] array to be set as the 
> "javax.servlet.request.X509Certificate" request attribute as defined by the 
> servlet API specification.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to