Jetty

SSL information is not passed to the request in the SslSelectChannelConnector

Details

  • Type: Bug Bug
  • Status: Resolved Resolved
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: None
  • Fix Version/s: 7.0.0pre0
  • Component/s: None
  • Labels:
    None
  • Environment:
    Using the latest version from subversion.
  • Patch Submitted:
    Yes
  • Number of attachments :
    0

Description

Method SslSelectChannelConnector.customize(EndPoint endpoint, Request request) is never called from org.mortbay.jetty.HttpConnection, thus, the various attributes such as "javax.servlet.request.X509Certificate" are never set.

Here is a patch:

— a/modules/server/jetty-ssl/src/main/java/org/mortbay/jetty/security/SslSocketConnector.java
+++ b/modules/server/jetty-ssl/src/main/java/org/mortbay/jetty/security/SslSocketConnector.java
@@ -242,7 +242,7 @@ public class SslSocketConnector extends SocketConnector

  • This should be a {@link SocketEndPoint}

    wrapping a

    {@link SSLSocket}

    .

  • @param request HttpRequest to be customised.
    */
  • public void customize(EndPoint endpoint, Request request)
    + public void customize(org.mortbay.io.EndPoint endpoint, Request request)
    throws IOException
    {
    super.customize(endpoint, request);

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Greg Wilkins added a comment -

customize is called from HttpConnection.handleRequest.

I just checked wit h6.1.9 and both SslSocketConnector and SslSelectChannelConnector call customize
and the javax.servlet.request.cipher_suite and javax.servlet.request.key_size attributes are set.

However, the javax.servlet.request.X509Certificate is not set because a javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated exception is thrown..... unless of course your client does provide a certificate.

So I'm closing this for now. Please re-open if I'm missing something?

Show
Greg Wilkins added a comment - customize is called from HttpConnection.handleRequest. I just checked wit h6.1.9 and both SslSocketConnector and SslSelectChannelConnector call customize and the javax.servlet.request.cipher_suite and javax.servlet.request.key_size attributes are set. However, the javax.servlet.request.X509Certificate is not set because a javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated exception is thrown..... unless of course your client does provide a certificate. So I'm closing this for now. Please re-open if I'm missing something?
Hide
Permalink
Bruno Harbulot added a comment -

I should have been clearer in the initial report. (I have tried with a client certificate.)

The problem is that EnpPoint is not the class that is expected, because it's one with the same name declared elsewhere.

In HttpConnection.handleRequest, there is a call to:

  • Connector.customize(org.mortbay.io.EndPoint endpoint, Request request)

However, in SslSocketConnector.customize(EndPoint endpoint, Request request) is in fact:
customize(org.mortbay.jetty.nio.SelectChannelConnector.EndPoint, Request request)

EndPoint resolves to that inner class of SelectChannelConnector instead of org.mortbay.io.EndPoint.

Thus, customize is overloaded and not overridden, and never actually called from within HttpConnection.handleRequest. The small patch I submitted only consists of declaring the full name, including package name.

Show
Bruno Harbulot added a comment - I should have been clearer in the initial report. (I have tried with a client certificate.) The problem is that EnpPoint is not the class that is expected, because it's one with the same name declared elsewhere. In HttpConnection.handleRequest, there is a call to: Connector.customize(org.mortbay.io.EndPoint endpoint, Request request) However, in SslSocketConnector.customize(EndPoint endpoint, Request request) is in fact: customize(org.mortbay.jetty.nio.SelectChannelConnector.EndPoint, Request request) EndPoint resolves to that inner class of SelectChannelConnector instead of org.mortbay.io.EndPoint. Thus, customize is overloaded and not overridden, and never actually called from within HttpConnection.handleRequest. The small patch I submitted only consists of declaring the full name, including package name.
Hide
Permalink
Bruno Harbulot added a comment -

(see comment I've just added after the issue was closed)

Show
Bruno Harbulot added a comment - (see comment I've just added after the issue was closed)
Hide
Permalink
Bruno Harbulot added a comment -

I think this is a issue that has been introduced after 6.1.9.

When I check the full signature using "javap org.mortbay.jetty.security.SslSelectChannelConnector",

using the file in "jetty-sslengine-6.1.9.jar", I get the correct signature:
public void customize(org.mortbay.io.EndPoint, org.mortbay.jetty.Request) throws java.io.IOException;

using the file in "~/.m2/repository/org/mortbay/jetty/jetty-ssl/7.0-SNAPSHOT/jetty-ssl-7.0-20080402.074908-1.jar", I get:
public void customize(org.mortbay.jetty.nio.SelectChannelConnector$EndPoint, org.mortbay.jetty.Request) throws java.io.IOException;

In the current snapshot, it's using the wrong class.

Show
Bruno Harbulot added a comment - I think this is a issue that has been introduced after 6.1.9. When I check the full signature using "javap org.mortbay.jetty.security.SslSelectChannelConnector", using the file in "jetty-sslengine-6.1.9.jar", I get the correct signature: public void customize(org.mortbay.io.EndPoint, org.mortbay.jetty.Request) throws java.io.IOException; using the file in "~/.m2/repository/org/mortbay/jetty/jetty-ssl/7.0-SNAPSHOT/jetty-ssl-7.0-20080402.074908-1.jar", I get: public void customize(org.mortbay.jetty.nio.SelectChannelConnector$EndPoint, org.mortbay.jetty.Request) throws java.io.IOException; In the current snapshot, it's using the wrong class.
Hide
Permalink
Greg Wilkins added a comment -

Ah thanks for the clarification! I missed that.

fixed in svn now.

Show
Greg Wilkins added a comment - Ah thanks for the clarification! I missed that. fixed in svn now.
Hide
Permalink
Bruno Harbulot added a comment -

Cheers! Sorry I should have given more details initially.

Show
Bruno Harbulot added a comment - Cheers! Sorry I should have given more details initially.

People

  • Assignee:
    Greg Wilkins
    Reporter:
    Bruno Harbulot
Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved: