Jetty

BayeuxClient support for SSL

Details

  • Type: Improvement Improvement
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 7.0.0.pre5, 6.1.14
  • Fix Version/s: None
  • Component/s: Bayeux, Client
  • Labels:
    None
  • Number of attachments :
    0

Description

The BayeuxClient class does not support SSL (HTTPS) connections. Greg W. commented that one could extend the customize(HttpExchange exchange) method to properly configure the HTTPS protocol, but that gets into an area I'm not terribly familiar with. Presumably, the correct headers need to be set, the proper handshaking done, as well as (of course) encoding of the request envelope.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Shahak Nagiel added a comment -

After wrestling with this issue for the last day, I finally got things to work. First, there's no need to modify the customize() method--The SslSelectChannelConnector automatically takes care of all those details.

The key was to properly configure the HttpClient instance, passing in the correct values for the keystore and truststore.

There is, however, a problem of hidden access to certain fields in both HttpClient (e.g. _keyStoreType) and BayeuxClient (which hard-codes non-SSL access). These two classes should offer setters (or constructor-time parameters) for modifying ALL relevant security implementations to work properly.

Show
Shahak Nagiel added a comment - After wrestling with this issue for the last day, I finally got things to work. First, there's no need to modify the customize() method--The SslSelectChannelConnector automatically takes care of all those details. The key was to properly configure the HttpClient instance, passing in the correct values for the keystore and truststore. There is, however, a problem of hidden access to certain fields in both HttpClient (e.g. _keyStoreType) and BayeuxClient (which hard-codes non-SSL access). These two classes should offer setters (or constructor-time parameters) for modifying ALL relevant security implementations to work properly.
Hide
Permalink
Jesse McConnell added a comment -

fixed long ago as part of cometd project I believe

Show
Jesse McConnell added a comment - fixed long ago as part of cometd project I believe

People

  • Assignee:
    Simone Bordet
    Reporter:
    Shahak Nagiel
Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved: