Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

ClientCertAuthenticator is not taking account SslContext configuration #5933

Closed
olamy opened this issue Feb 1, 2021 · 1 comment · Fixed by #5934
Closed

ClientCertAuthenticator is not taking account SslContext configuration #5933

olamy opened this issue Feb 1, 2021 · 1 comment · Fixed by #5934

Comments

@olamy
Copy link
Member

olamy commented Feb 1, 2021

Jetty version
10.0.x (but might a 9.4.x issue as well)

Description
Using CLIENT-CERT as login with a configured trustStore via ssl.ini.

  <login-config>
    <auth-method>CLIENT-CERT</auth-method>
  </#-config>

The used ClientCertAuthenticator instance is not using the configuration from the instance SslContextFactory instance.
@olamy olamy mentioned this issue Feb 1, 2021
Closed
@sbordet
Copy link
Contributor

sbordet commented Feb 1, 2021

@lachlan-roberts do you want to tackle this?

Ideally, web applications that need this kind of authentication will need to setup a custom Jetty context XML file, where the configure the authenticator.

However, we want to have a good default if that custom XML is not there.

The idea is that, in DefaultAuthenticatorFactory.getAuthenticator(...) we create a ClientCertAuthenticator passing to the constructor the SslContextFactory.Server that we extract from the Server parameter.

If there is more than 1 SslContextFactory.Server, do nothing; otherwise pass it to ClientCertAuthenticator.

olamy added a commit that referenced this issue Feb 2, 2021
@olamy
Issue #5933 ClientCertAuthenticator is not using SslContextFactory fr…
4051b63 
…om server

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
olamy added a commit that referenced this issue Feb 5, 2021
@olamy
Issue #5933 ClientCertAuthenticator is not using SslContextFactory fr…
32672d4 
…om server

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
@gregw gregw mentioned this issue Feb 8, 2021
Merged
@gregw gregw linked a pull request Feb 8, 2021 that will close this issue
Issue #5933 ClientCertAuthenticator is not using SslContextFactory from server #5934
Merged
gregw added a commit that referenced this issue Feb 9, 2021
@gregw
Issue #5933 ClientCertAuthenticator is not using SslContextFactory
f2c9056 
Added SslClientCertAuthenticator
Co-authored-by: olivier lamy <oliver.lamy@gmail.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>
olamy added a commit that referenced this issue Feb 10, 2021
@olamy @gregw
Issue #5933 ClientCertAuthenticator is not using SslContextFactory (#…
68790d8 
…5934)

Added SslClientCertAuthenticator
Co-authored-by: olivier lamy <oliver.lamy@gmail.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>

Co-authored-by: gregw <gregw@webtide.com>
@sbordet sbordet mentioned this issue May 17, 2021
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Issue #5933 ClientCertAuthenticator is not using SslContextFactory from server jetty/jetty.project
2 participants
@olamy @sbordet