With jetty 9.0.4, just cast to org.eclipse.jetty.websocket.servlet.ServletUpgradeRequest<https://github.com/eclipse/jetty.project/blob/master/jetty-websocket/websocket-servlet/src/main/java/org/eclipse/jetty/websocket/servlet/ServletUpgradeRequest.java>(new intermediary with 9.0.4) It has a .getCertificates()<https://github.com/eclipse/jetty.project/blob/master/jetty-websocket/websocket-servlet/src/main/java/org/eclipse/jetty/websocket/servlet/ServletUpgradeRequest.java#L118-L121>call you can use.
Sorry about the javadoc being not yet updated, we are having some account access issues to our documentation server atm. (Also the reason we haven't announced 9.0.4 yet) -- Joakim Erdfelt <[email protected]> webtide.com <http://www.webtide.com/> Developer advice, services and support from the Jetty & CometD experts eclipse.org/jetty - cometd.org On Wed, Jun 26, 2013 at 11:26 AM, Erich Bremer <[email protected]> wrote: > Hi Joakin, > > I see you had to revert the changes to WebSocketCreator.java. Any > ETA to have access to the client certificate ala WebSockets once again? - > Erich > * > *** > On 06/10/13 1:45 PM, Joakim Erdfelt wrote: > > I went ahead and created 2 bugzillas based on this... > > https://bugs.eclipse.org/bugs/show_bug.cgi?id=410370 > WebSocketCreator.createWebSocket() should use servlet specific parameters > > https://bugs.eclipse.org/bugs/show_bug.cgi?id=410372 > Make SSL client certificate information available to server websockets > > As for the changes, either of these would be interface changes. > We are planning a next 9.0 release this week, so we'll see what it takes > to get this implemented. > > > -- > Joakim Erdfelt <[email protected]> > webtide.com <http://www.webtide.com/> > Developer advice, services and support > from the Jetty & CometD experts > eclipse.org/jetty - cometd.org > > > On Mon, Jun 10, 2013 at 10:24 AM, Erich Bremer <[email protected]> wrote: > >> Hi Joakim, >> >> WebSocketCreator is how I made the modification for my program. It >> required making a few more modifications in three other files, but it works >> fine. The difficulty for me is having to make the changes each time Jetty >> get upgraded. Yes, server-side is where I need it. My Jetty server needs >> to get a handle on the cert to verify certain information. Specifically, >> I've implemented WebID authentication for my project ( >> http://www.ebremer.com/nexus/WebIDauthentication). Without the server >> being able to associate the cert from the initial http session with it's >> upgraded websocket connection, things get confused. >> >> Question (sort of related) >> In WebSocketServerFactory, there is a line in the method acceptWebSocket: >> >> Object websocketPojo = creator.createWebSocket(sockreq,sockresp); >> >> who's parameters are set a few lines before with: >> >> ServletWebSocketRequest sockreq = new >> ServletWebSocketRequest(request); >> ServletWebSocketResponse sockresp = new >> ServletWebSocketResponse(response); >> >> where >> ServletWebSocketRequest and ServletWebSocketResponse are extended >> versions of UpgradeRequest and UpgradeResponse respectively, but, in the >> class definition for WebSocketCreator the method changes these parameters >> >> createWebSocket(UpgradeRequest req, UpgradeResponse resp); >> >> Why create sockreq and sockresp as ServletWebSocketRequest and >> ServletWebSocketResponse just to cast them into UpgradeRequest and >> UpgradeResponse? ServletWebSocketRequest actually stores the http request >> in a private variable, and that if exposed via a getter, could give access >> to the cert in the user-defined WebSocketCreator. >> >> - Erich >> >> PS - any hope to get this cert support added in anytime soon, or should I >> just keep making the modifications? - E >> >> >> >> >> On 06/10/13 12:17 PM, Joakim Erdfelt wrote: >> >> Interesting request. >> Currently there is no support for that. >> >> Wonder where a good place for that would be ... >> >> Gut reaction is to make it available via the WebSocketCreator, letting >> you capture and hold onto it at websocket creation time. >> That would make it server side specific functionality, which is what i >> think you intend. >> >> Another option would be to expose the SSL details via the Session >> object, but what that would mean to the websocket-client implementation of >> Session I don't know (yet) >> >> >> -- >> Joakim Erdfelt <[email protected]> >> webtide.com <http://www.webtide.com/> >> Developer advice, services and support >> from the Jetty & CometD experts >> eclipse.org/jetty - cometd.org >> >> >> On Sun, Jun 9, 2013 at 8:40 AM, Erich Bremer <[email protected]> wrote: >> >>> Hi, >>> >>> I have a case where I am encrypting a websockets connection and >>> requiring a client give it's certificate during the initial http connection >>> before upgrading to a encrypted WebSockets connection. What is the easiest >>> way to get hold of the client certificate for a particular websockets >>> connection? I've only been able to do this by modifying the core Jetty >>> code by passing the certificate to the websocket pojo in a modified >>> websocketfactory. I'm hoping there is an easier way, thanks! - Erich >>> _______________________________________________ >>> jetty-users mailing list >>> [email protected] >>> https://dev.eclipse.org/mailman/listinfo/jetty-users >>> >> >> >> >> _______________________________________________ >> jetty-users mailing >> [email protected]https://dev.eclipse.org/mailman/listinfo/jetty-users >> >> >> >> _______________________________________________ >> jetty-users mailing list >> [email protected] >> https://dev.eclipse.org/mailman/listinfo/jetty-users >> >> > > > _______________________________________________ > jetty-users mailing > [email protected]https://dev.eclipse.org/mailman/listinfo/jetty-users > > > > _______________________________________________ > jetty-users mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/jetty-users > >
_______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
