You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rampart-dev@ws.apache.org by "Stefan Vladov (JIRA)" <ji...@apache.org> on 2009/05/28 15:39:45 UTC

[jira] Commented: (RAMPART-215) policy with RequireClientCertificate="true" doesn't have any validations or include the client cert

    [ https://issues.apache.org/jira/browse/RAMPART-215?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12713980#action_12713980 ] 

Stefan Vladov commented on RAMPART-215:
---------------------------------------

Hi,

I noticed the fix enforcing client certificate usage and as we ran in the same issue a while ago I would like to note that it depends on the assumption that axis2 is running in a servlet container. Thus using the custom axis2 NIO SSL transport listener won't be handled correctly. Besides I'm not sure whether all available servlet containers populate the "javax.servlet.request.X509Certificate" attribute on the servlet request - tomcat and jetty do... I believe weblogic and websphere also use the key but as far as I know this is not part of the servlet specification, is it? Besides even if the tomcat/jetty did wish to populate the user certificate chain attribute if there is an apache in front of them it may not pass the client certificate...
I actually intended to ask if you are aware of any other way of obtaining the certificate, that I may be missing... If no, since it is not always possible to get hold of the client certificate (in case https client authentication was indeed used) I suggest this validation is made configurable with a parameter or sth.

Any comments are appreciated. 

> <sp:HttpsToken /> policy with RequireClientCertificate="true" doesn't have any validations or include the client cert
> ---------------------------------------------------------------------------------------------------------------------
>
>                 Key: RAMPART-215
>                 URL: https://issues.apache.org/jira/browse/RAMPART-215
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-policy
>            Reporter: Prabath Siriwardena
>            Assignee: Nandana Mihindukulasooriya
>


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.