Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ClientCertAuthenticator is not taking account SslContext configuration #5933

Closed
olamy opened this issue Feb 1, 2021 · 1 comment · Fixed by #5934
Closed

ClientCertAuthenticator is not taking account SslContext configuration #5933

olamy opened this issue Feb 1, 2021 · 1 comment · Fixed by #5934

Comments

@olamy
Copy link
Member

olamy commented Feb 1, 2021

Jetty version
10.0.x (but might a 9.4.x issue as well)

Description
Using CLIENT-CERT as login with a configured trustStore via ssl.ini.

  <login-config>
    <auth-method>CLIENT-CERT</auth-method>
  </login-config>

The used ClientCertAuthenticator instance is not using the configuration from the instance SslContextFactory instance.
@olamy olamy mentioned this issue Feb 1, 2021
Closed
@sbordet
Copy link
Contributor

sbordet commented Feb 1, 2021

@lachlan-roberts do you want to tackle this?

Ideally, web applications that need this kind of authentication will need to setup a custom Jetty context XML file, where the configure the authenticator.

However, we want to have a good default if that custom XML is not there.

The idea is that, in DefaultAuthenticatorFactory.getAuthenticator(...) we create a ClientCertAuthenticator passing to the constructor the SslContextFactory.Server that we extract from the Server parameter.

If there is more than 1 SslContextFactory.Server, do nothing; otherwise pass it to ClientCertAuthenticator.

olamy added a commit that referenced this issue Feb 2, 2021
@olamy
Issue #5933 ClientCertAuthenticator is not using SslContextFactory fr…
4051b63 
…om server

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
olamy added a commit that referenced this issue Feb 5, 2021
@olamy
Issue #5933 ClientCertAuthenticator is not using SslContextFactory fr…
32672d4 
…om server

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
@gregw gregw mentioned this issue Feb 8, 2021
Merged
@gregw gregw linked a pull request Feb 8, 2021 that will close this issue
Issue #5933 ClientCertAuthenticator is not using SslContextFactory from server #5934
Merged
gregw added a commit that referenced this issue Feb 9, 2021
@gregw
Issue #5933 ClientCertAuthenticator is not using SslContextFactory
f2c9056 
Added SslClientCertAuthenticator
Co-authored-by: olivier lamy <oliver.lamy@gmail.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>
olamy added a commit that referenced this issue Feb 10, 2021
@olamy @gregw
Issue #5933 ClientCertAuthenticator is not using SslContextFactory (#…
68790d8 
…5934)

Added SslClientCertAuthenticator
Co-authored-by: olivier lamy <oliver.lamy@gmail.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>

Co-authored-by: gregw <gregw@webtide.com>
@sbordet sbordet mentioned this issue May 17, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Issue #5933 ClientCertAuthenticator is not using SslContextFactory from server jetty/jetty.project
2 participants
@olamy @sbordet