Hi Joakim,
Thanks! This worked great! - Erich
On 06/26/13 2:44 PM, Joakim Erdfelt wrote:
With jetty 9.0.4, just cast to
org.eclipse.jetty.websocket.servlet.ServletUpgradeRequest
<https://github.com/eclipse/jetty.project/blob/master/jetty-websocket/websocket-servlet/src/main/java/org/eclipse/jetty/websocket/servlet/ServletUpgradeRequest.java>
(new intermediary with 9.0.4)
It has a .getCertificates()
<https://github.com/eclipse/jetty.project/blob/master/jetty-websocket/websocket-servlet/src/main/java/org/eclipse/jetty/websocket/servlet/ServletUpgradeRequest.java#L118-L121>
call you can use.
Sorry about the javadoc being not yet updated, we are having some
account access issues to our documentation server atm.
(Also the reason we haven't announced 9.0.4 yet)
--
Joakim Erdfelt <[email protected] <mailto:[email protected]>>
webtide.com <http://www.webtide.com/>
Developer advice, services and support
from the Jetty & CometD experts
eclipse.org/jetty <http://eclipse.org/jetty/> - cometd.org
<http://cometd.org/>
On Wed, Jun 26, 2013 at 11:26 AM, Erich Bremer <[email protected]
<mailto:[email protected]>> wrote:
Hi Joakin,
I see you had to revert the changes to WebSocketCreator.java.
Any ETA to have access to the client certificate ala WebSockets
once again? - Erich
*
***
On 06/10/13 1:45 PM, Joakim Erdfelt wrote:
I went ahead and created 2 bugzillas based on this...
https://bugs.eclipse.org/bugs/show_bug.cgi?id=410370
WebSocketCreator.createWebSocket() should use servlet specific
parameters
https://bugs.eclipse.org/bugs/show_bug.cgi?id=410372
Make SSL client certificate information available to server
websockets
As for the changes, either of these would be interface changes.
We are planning a next 9.0 release this week, so we'll see what
it takes to get this implemented.
--
Joakim Erdfelt <[email protected] <mailto:[email protected]>>
webtide.com <http://www.webtide.com/>
Developer advice, services and support
from the Jetty & CometD experts
eclipse.org/jetty <http://eclipse.org/jetty/> - cometd.org
<http://cometd.org/>
On Mon, Jun 10, 2013 at 10:24 AM, Erich Bremer <[email protected]
<mailto:[email protected]>> wrote:
Hi Joakim,
WebSocketCreator is how I made the modification for my
program. It required making a few more modifications in
three other files, but it works fine. The difficulty for me
is having to make the changes each time Jetty get upgraded.
Yes, server-side is where I need it. My Jetty server needs
to get a handle on the cert to verify certain information.
Specifically, I've implemented WebID authentication for my
project (http://www.ebremer.com/nexus/WebIDauthentication).
Without the server being able to associate the cert from the
initial http session with it's upgraded websocket connection,
things get confused.
Question (sort of related)
In WebSocketServerFactory, there is a line in the method
acceptWebSocket:
Object websocketPojo =
creator.createWebSocket(sockreq,sockresp);
who's parameters are set a few lines before with:
ServletWebSocketRequest sockreq = new
ServletWebSocketRequest(request);
ServletWebSocketResponse sockresp = new
ServletWebSocketResponse(response);
where
ServletWebSocketRequest and ServletWebSocketResponse are
extended versions of UpgradeRequest and UpgradeResponse
respectively, but, in the class definition for
WebSocketCreator the method changes these parameters
createWebSocket(UpgradeRequest req, UpgradeResponse resp);
Why create sockreq and sockresp as ServletWebSocketRequest
and ServletWebSocketResponse just to cast them into
UpgradeRequest and UpgradeResponse? ServletWebSocketRequest
actually stores the http request in a private variable, and
that if exposed via a getter, could give access to the cert
in the user-defined WebSocketCreator.
- Erich
PS - any hope to get this cert support added in anytime soon,
or should I just keep making the modifications? - E
On 06/10/13 12:17 PM, Joakim Erdfelt wrote:
Interesting request.
Currently there is no support for that.
Wonder where a good place for that would be ...
Gut reaction is to make it available via the
WebSocketCreator, letting you capture and hold onto it at
websocket creation time.
That would make it server side specific functionality, which
is what i think you intend.
Another option would be to expose the SSL details via the
Session object, but what that would mean to the
websocket-client implementation of Session I don't know (yet)
--
Joakim Erdfelt <[email protected] <mailto:[email protected]>>
webtide.com <http://www.webtide.com/>
Developer advice, services and support
from the Jetty & CometD experts
eclipse.org/jetty <http://eclipse.org/jetty/> - cometd.org
<http://cometd.org/>
On Sun, Jun 9, 2013 at 8:40 AM, Erich Bremer
<[email protected] <mailto:[email protected]>> wrote:
Hi,
I have a case where I am encrypting a websockets
connection and requiring a client give it's certificate
during the initial http connection before upgrading to a
encrypted WebSockets connection. What is the easiest way
to get hold of the client certificate for a particular
websockets connection? I've only been able to do this
by modifying the core Jetty code by passing the
certificate to the websocket pojo in a modified
websocketfactory. I'm hoping there is an easier way,
thanks! - Erich
_______________________________________________
jetty-users mailing list
[email protected] <mailto:[email protected]>
https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[email protected] <mailto:[email protected]>
https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[email protected] <mailto:[email protected]>
https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[email protected] <mailto:[email protected]>
https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[email protected] <mailto:[email protected]>
https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/jetty-users
