I went ahead and created 2 bugzillas based on this... https://bugs.eclipse.org/bugs/show_bug.cgi?id=410370 WebSocketCreator.createWebSocket() should use servlet specific parameters
https://bugs.eclipse.org/bugs/show_bug.cgi?id=410372 Make SSL client certificate information available to server websockets As for the changes, either of these would be interface changes. We are planning a next 9.0 release this week, so we'll see what it takes to get this implemented. -- Joakim Erdfelt <[email protected]> webtide.com <http://www.webtide.com/> Developer advice, services and support from the Jetty & CometD experts eclipse.org/jetty - cometd.org On Mon, Jun 10, 2013 at 10:24 AM, Erich Bremer <[email protected]> wrote: > Hi Joakim, > > WebSocketCreator is how I made the modification for my program. It > required making a few more modifications in three other files, but it works > fine. The difficulty for me is having to make the changes each time Jetty > get upgraded. Yes, server-side is where I need it. My Jetty server needs > to get a handle on the cert to verify certain information. Specifically, > I've implemented WebID authentication for my project ( > http://www.ebremer.com/nexus/WebIDauthentication). Without the server > being able to associate the cert from the initial http session with it's > upgraded websocket connection, things get confused. > > Question (sort of related) > In WebSocketServerFactory, there is a line in the method acceptWebSocket: > > Object websocketPojo = creator.createWebSocket(sockreq,sockresp); > > who's parameters are set a few lines before with: > > ServletWebSocketRequest sockreq = new > ServletWebSocketRequest(request); > ServletWebSocketResponse sockresp = new > ServletWebSocketResponse(response); > > where > ServletWebSocketRequest and ServletWebSocketResponse are extended > versions of UpgradeRequest and UpgradeResponse respectively, but, in the > class definition for WebSocketCreator the method changes these parameters > > createWebSocket(UpgradeRequest req, UpgradeResponse resp); > > Why create sockreq and sockresp as ServletWebSocketRequest and > ServletWebSocketResponse just to cast them into UpgradeRequest and > UpgradeResponse? ServletWebSocketRequest actually stores the http request > in a private variable, and that if exposed via a getter, could give access > to the cert in the user-defined WebSocketCreator. > > - Erich > > PS - any hope to get this cert support added in anytime soon, or should I > just keep making the modifications? - E > > > > > On 06/10/13 12:17 PM, Joakim Erdfelt wrote: > > Interesting request. > Currently there is no support for that. > > Wonder where a good place for that would be ... > > Gut reaction is to make it available via the WebSocketCreator, letting > you capture and hold onto it at websocket creation time. > That would make it server side specific functionality, which is what i > think you intend. > > Another option would be to expose the SSL details via the Session > object, but what that would mean to the websocket-client implementation of > Session I don't know (yet) > > > -- > Joakim Erdfelt <[email protected]> > webtide.com <http://www.webtide.com/> > Developer advice, services and support > from the Jetty & CometD experts > eclipse.org/jetty - cometd.org > > > On Sun, Jun 9, 2013 at 8:40 AM, Erich Bremer <[email protected]> wrote: > >> Hi, >> >> I have a case where I am encrypting a websockets connection and >> requiring a client give it's certificate during the initial http connection >> before upgrading to a encrypted WebSockets connection. What is the easiest >> way to get hold of the client certificate for a particular websockets >> connection? I've only been able to do this by modifying the core Jetty >> code by passing the certificate to the websocket pojo in a modified >> websocketfactory. I'm hoping there is an easier way, thanks! - Erich >> _______________________________________________ >> jetty-users mailing list >> [email protected] >> https://dev.eclipse.org/mailman/listinfo/jetty-users >> > > > > _______________________________________________ > jetty-users mailing > [email protected]https://dev.eclipse.org/mailman/listinfo/jetty-users > > > > _______________________________________________ > jetty-users mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/jetty-users > >
_______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
