stackoom
  简体   繁体   中英

How to work with client certificates on Jetty SPDY with ALPN?

 原文  2014-09-22 10:44:14       java/ ssl/ jetty/ spdy/ alpn

Question

I have problem with client certifiacates when I use SPDY with Jetty.

It works when I work with NPN and start Jetty SPDY server with: 

SSLconnector = new HTTPSPDYServerConnector(server, sslContextFactory);

As a baseRequest.getHttpChannel() it uses org.eclipse.jetty.spdy.server.http.HttpChannelOverSPDY and I can read SSL properties like SSL_SESSION_ID and client certificates with code like: 

// ... HttpServletRequest request
java.security.cert.X509Certificate client_certs[] = (java.security.cert.X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");

But NPN is not an option in Java8 (see my question How to run Jetty with SPDY using ALPN? ). In Java8 I have to use ALPN protocol like: 

sslContextFactory.setWantClientAuth(w3srv_config.want_client_auth);
// ...
HttpConfiguration httpConfig = new HttpConfiguration();

SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, "alpn");
ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory("spdy/3", "http/1.1");
alpn.setDefaultProtocol("http/1.1");
HTTPSPDYServerConnectionFactory spdy = new HTTPSPDYServerConnectionFactory(SPDY.V3, httpConfig);
HttpConnectionFactory http = new HttpConnectionFactory(httpConfig);

SSLconnector = new ServerConnector(server, new ConnectionFactory[]{ssl, alpn, spdy, http});
//...

With this code I got null when I want to get any SSL related javax.servlet.request.* . Its baseRequest.getHttpChannel() is org.eclipse.jetty.server.HttpConnection$HttpChannelOverHttp .

What I have to change to work with client certificates?

1 answers

solution1
 1 ACCPTED  2014-09-22 11:59:09

The javax.servlet.request.* properties you are looking for are set by Jetty's SecureRequestCustomizer , which you need to add to the httpConfig object you create in your code example above.

I am guessing that your NPN configuration is slightly different, or you use some utility method in Jetty that does this for you with NPN but not with ALPN.

Just doing: 

HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.addCustomizer(new SecureRequestCustomizer());

should be enough to fix your issue.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to run Jetty with SPDY using ALPN? Embedded Jetty with client certificates How to run Jetty with SPDY on JDK8? How to get NodeJS to proxy Client Certificates like Jetty Proxy SPDY “Hello server” with Jetty Jetty: is it possible to use SPDY/3.1? ClassNotFoundException: org/eclipse/jetty/alpn/ALPN, but I have access to this class java.lang.ClassNotFoundException: org/eclipse/jetty/alpn/ALPN ALPN callback dropped: SPDY and HTTP/2 are disabled. Is alpn-boot on the boot class path? How to use Jetty with Let's Encrypt certificates?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM