Hi Joakim,
WebSocketCreator is how I made the modification for my program. It
required making a few more modifications in three other files, but it
works fine. The difficulty for me is having to make the changes each
time Jetty get upgraded. Yes, server-side is where I need it. My Jetty
server needs to get a handle on the cert to verify certain information.
Specifically, I've implemented WebID authentication for my project
(http://www.ebremer.com/nexus/WebIDauthentication). Without the server
being able to associate the cert from the initial http session with it's
upgraded websocket connection, things get confused.
Question (sort of related)
In WebSocketServerFactory, there is a line in the method acceptWebSocket:
Object websocketPojo = creator.createWebSocket(sockreq,sockresp);
who's parameters are set a few lines before with:
ServletWebSocketRequest sockreq = new
ServletWebSocketRequest(request);
ServletWebSocketResponse sockresp = new
ServletWebSocketResponse(response);
where
ServletWebSocketRequest and ServletWebSocketResponse are extended
versions of UpgradeRequest and UpgradeResponse respectively, but, in the
class definition for WebSocketCreator the method changes these parameters
createWebSocket(UpgradeRequest req, UpgradeResponse resp);
Why create sockreq and sockresp as ServletWebSocketRequest and
ServletWebSocketResponse just to cast them into UpgradeRequest and
UpgradeResponse? ServletWebSocketRequest actually stores the http
request in a private variable, and that if exposed via a getter, could
give access to the cert in the user-defined WebSocketCreator.
- Erich
PS - any hope to get this cert support added in anytime soon, or should
I just keep making the modifications? - E
On 06/10/13 12:17 PM, Joakim Erdfelt wrote:
Interesting request.
Currently there is no support for that.
Wonder where a good place for that would be ...
Gut reaction is to make it available via the WebSocketCreator, letting
you capture and hold onto it at websocket creation time.
That would make it server side specific functionality, which is what i
think you intend.
Another option would be to expose the SSL details via the Session
object, but what that would mean to the websocket-client
implementation of Session I don't know (yet)
--
Joakim Erdfelt <[email protected] <mailto:[email protected]>>
webtide.com <http://www.webtide.com/>
Developer advice, services and support
from the Jetty & CometD experts
eclipse.org/jetty <http://eclipse.org/jetty/> - cometd.org
<http://cometd.org/>
On Sun, Jun 9, 2013 at 8:40 AM, Erich Bremer <[email protected]
<mailto:[email protected]>> wrote:
Hi,
I have a case where I am encrypting a websockets connection
and requiring a client give it's certificate during the initial
http connection before upgrading to a encrypted WebSockets
connection. What is the easiest way to get hold of the client
certificate for a particular websockets connection? I've only
been able to do this by modifying the core Jetty code by passing
the certificate to the websocket pojo in a modified
websocketfactory. I'm hoping there is an easier way, thanks! - Erich
_______________________________________________
jetty-users mailing list
[email protected] <mailto:[email protected]>
https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/jetty-users
