SslSelectChannelConnector doesn't recognize that it is secure

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 6.1.1
Fix Version/s: 6.1.2rc2
Component/s: Security and SSL
Labels:
None

Description

Calling ServletRequest.isSecure() always returns false when the connector is a SslSelectChannelConnector. I've delved into the code and it boils down to the fact that SslSelectChannelConnector does not override AbstractConnection.isConfidential(Request) and the default behavior in AbstractConnection is to return false.

Copying SslSocketConnector.isConfidential(Request) to SslSelectChannelConnector should fix the problem.

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

SslSelectChannelConnector.java.patch

28/Mar/07 3:51 PM

1 kB

Dane Foster

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

nik gonzalez added a comment - 28/Mar/07 8:11 PM

fixed in 6.1.2rc2

Show

nik gonzalez added a comment - 28/Mar/07 8:11 PM fixed in 6.1.2rc2

Hide

Permalink

nik gonzalez added a comment - 28/Mar/07 8:13 PM

this has been fixed in 6.1.2rc2. Thanks for the patch though

please check out from svn head or download 6.1.2rc2

Show

nik gonzalez added a comment - 28/Mar/07 8:13 PM this has been fixed in 6.1.2rc2. Thanks for the patch though please check out from svn head or download 6.1.2rc2

Hide

Permalink

Greg Wilkins added a comment - 28/Mar/07 11:41 PM

Nik,

can you update the VERSION.txt file

Show

Greg Wilkins added a comment - 28/Mar/07 11:41 PM Nik, can you update the VERSION.txt file

Hide

Permalink

nik gonzalez added a comment - 29/Mar/07 10:07 PM

its been updated already:

jetty-6.1.2rc2 - 27 March 2007
+ INTEGRAL/CONFIDENTIAL security constraints for SslSelectChannelConnector
...

but perhaps I should have been more specific so I'm changing this to:
+ isIntegral and isConfidential methods overridden in SslSelectChannelConnector

Show

nik gonzalez added a comment - 29/Mar/07 10:07 PM its been updated already: jetty-6.1.2rc2 - 27 March 2007 + INTEGRAL/CONFIDENTIAL security constraints for SslSelectChannelConnector ... but perhaps I should have been more specific so I'm changing this to: + isIntegral and isConfidential methods overridden in SslSelectChannelConnector

Hide

Permalink

Greg Wilkins added a comment - 29/Mar/07 11:18 PM

OK - you should have started the comment with ~~JETTY-286~~ and included in order with the other jira's

Can you fix and checkin

Show

Greg Wilkins added a comment - 29/Mar/07 11:18 PM OK - you should have started the comment with ~~JETTY-286~~ and included in order with the other jira's Can you fix and checkin

People

Assignee:

Unassigned

Reporter:

Dane Foster

Vote (0)

Watch (0)

Dates

Created:

28/Mar/07 3:51 PM

Updated:

29/Mar/07 11:18 PM

Resolved:

28/Mar/07 8:11 PM