Re: [jetty-users] getting hold of the client certificate during an encrypted websockets connection

Mon, 10 Jun 2013 10:55:06 -0700 

Awesome! - E

On 06/10/13 1:45 PM, Joakim Erdfelt wrote:

I went ahead and created 2 bugzillas based on this...

https://bugs.eclipse.org/bugs/show_bug.cgi?id=410370
WebSocketCreator.createWebSocket() should use servlet specific parameters

https://bugs.eclipse.org/bugs/show_bug.cgi?id=410372
Make SSL client certificate information available to server websockets

As for the changes, either of these would be interface changes.
We are planning a next 9.0 release this week, so we'll see what it takes to get this implemented. 


--
Joakim Erdfelt <[email protected] <mailto:[email protected]>>
webtide.com <http://www.webtide.com/>
Developer advice, services and support
from the Jetty & CometD experts
eclipse.org/jetty <http://eclipse.org/jetty/> - cometd.org <http://cometd.org/>
On Mon, Jun 10, 2013 at 10:24 AM, Erich Bremer <[email protected] <mailto:[email protected]>> wrote: 

    Hi Joakim,

        WebSocketCreator is how I made the modification for my
    program.  It required making a few more modifications in three
    other files, but it works fine.  The difficulty for me is having
    to make the changes each time Jetty get upgraded.  Yes,
    server-side is where I need it.  My Jetty server needs to get a
    handle on the cert to verify certain information.  Specifically,
    I've implemented WebID authentication for my project
    (http://www.ebremer.com/nexus/WebIDauthentication). Without the
    server being able to associate the cert from the initial http
    session with it's upgraded websocket connection, things get confused.

    Question (sort of related)
    In WebSocketServerFactory, there is a line in the method
    acceptWebSocket:

        Object websocketPojo = creator.createWebSocket(sockreq,sockresp);

    who's parameters are set a few lines before with:

            ServletWebSocketRequest sockreq = new
    ServletWebSocketRequest(request);
            ServletWebSocketResponse sockresp = new
    ServletWebSocketResponse(response);

    where
        ServletWebSocketRequest and ServletWebSocketResponse are
    extended versions of UpgradeRequest and UpgradeResponse
    respectively, but, in the class definition for WebSocketCreator
    the method changes these parameters

        createWebSocket(UpgradeRequest req, UpgradeResponse resp);

    Why create sockreq and sockresp as ServletWebSocketRequest and
    ServletWebSocketResponse just to cast them into UpgradeRequest and
    UpgradeResponse?  ServletWebSocketRequest actually stores the http
    request in a private variable, and that if exposed via a getter,
    could give access to the cert in the user-defined WebSocketCreator.

            - Erich

    PS - any hope to get this cert support added in anytime soon, or
    should I just keep making the modifications?  - E




    On 06/10/13 12:17 PM, Joakim Erdfelt wrote:

    Interesting request.
    Currently there is no support for that.

    Wonder where a good place for that would be ...

    Gut reaction is to make it available via the WebSocketCreator,
    letting you capture and hold onto it at websocket creation time.
    That would make it server side specific functionality, which is
    what i think you intend.

    Another option would be to expose the SSL details via the Session
    object, but what that would mean to the websocket-client
    implementation of Session I don't know (yet)


    --
    Joakim Erdfelt <[email protected] <mailto:[email protected]>>
    webtide.com <http://www.webtide.com/>
    Developer advice, services and support
    from the Jetty & CometD experts
    eclipse.org/jetty <http://eclipse.org/jetty/> - cometd.org
    <http://cometd.org/>


    On Sun, Jun 9, 2013 at 8:40 AM, Erich Bremer <[email protected]
    <mailto:[email protected]>> wrote:

        Hi,

            I have a case where I am encrypting a websockets
        connection and requiring a client give it's certificate
        during the initial http connection before upgrading to a
        encrypted WebSockets connection. What is the easiest way to
        get hold of the client certificate for a particular
        websockets connection?  I've only been able to do this by
        modifying the core Jetty code by passing the certificate to
        the websocket pojo in a modified websocketfactory.  I'm
        hoping there is an easier way, thanks!  - Erich
        _______________________________________________
        jetty-users mailing list
        [email protected] <mailto:[email protected]>
        https://dev.eclipse.org/mailman/listinfo/jetty-users




    _______________________________________________
    jetty-users mailing list
    [email protected]  <mailto:[email protected]>
    https://dev.eclipse.org/mailman/listinfo/jetty-users



    _______________________________________________
    jetty-users mailing list
    [email protected] <mailto:[email protected]>
    https://dev.eclipse.org/mailman/listinfo/jetty-users




_______________________________________________
jetty-users mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/jetty-users



_______________________________________________
jetty-users mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/jetty-users

Reply via email to