Hi Jboss/Jetty team, Apologies for not submitting this through the patch manager. I wasn't sure where to put it, since jbossweb/jetty isn't a category.
I've attached a patch against jboss-3.0.6/jetty to add CLIENT-CERT authentication via HTTPS or AJP13. It also fixes a bug against the Jetty AJP13 Cert handling code. This patch uses the jbosssx api to expose the certificate chain to the JAAS login module as the credential of a SecurityAssocationCallback. It also fixes a bug in the Jetty AJP13 code which put the client cert into the request object as a string (it should be an X509Certificate[]). Cheers, Phil ---------------------------------------------------------------------- If you have received this e-mail in error or wish to read our e-mail disclaimer statement and monitoring policy, please refer to http://www.drkw.com/disc/email/ or contact the sender. ----------------------------------------------------------------------
jetty.patch
Description: Binary data
