Menu
▾
▴
#6 SSL Headers
I have a use case where I proxy a legacy http service via https. However, I need access to the user certificates in the legacy service. The apache mod_ssl plugin has the option to add the certificates to the http header.
jEasy can support this by adding the following method to RequestHandlerBase, and calling it in setHeaders, right after setProxySpecificHeaders. The new method will do nothing if the cerificates have not already been set upstream as request attributes, so this change should be transparent to current users. In my application the request attributes are added by a Tomcat Valve.
/**
* Set either SSL_CLIENT_CERT if present or SSL_CLIENT_CERT_CHAINn if present
*/
private void setSSLHeaders(HttpMethod method, HttpServletRequest request) throws HttpException {
Object certpem = request.getAttribute("SSL_CLIENT_CERT");
if (certpem instanceof String) {
method.setRequestHeader("SSL_CLIENT_CERT", (String) certpem);
return;
}
Enumeration attrs = request.getAttributeNames();
while (attrs.hasMoreElements()) {
String attrname = (String) attrs.nextElement();
if(attrname.startsWith("SSL_CLIENT_CERT_CHAIN")) {
certpem = request.getAttribute(attrname);
if (certpem instanceof String) {
method.setRequestHeader(attrname, (String) certpem);
}
}
}
}
The method adds SSL headers to the http request, but only if they have already been set upstream as request attributes. Could you please add this method to RequestHandlerBase, and call it in setHeaders, right after setProxySpecificHeaders.
