[jboss-jira] [JBoss JIRA] Reopened: (JBREM-902) InvocationRequest need SSLSession for certificates and principal in sslsocket transport
[ http://jira.jboss.com/jira/browse/JBREM-902?page=all ]
ya xiang reopened JBREM-902:
----------------------------
But this solution not take care of SSLSession propagating, for instance, how to get it
from a POJO service object.
Before, In RMI over SSL, I got the SSLSession by this way:
ids=SSLContext.getDefault().getIds()
session=pseudoIds.find(getRemoteClientAddress())
In fact, In Remoting case, the means is still available.
And more, Remoting seems more flex, so in POJO senario, the sesssion have to be save for
using later.
So I think a ThreadLocal<SSLSession> static memeber and method getSession not a bad
idea.
InvocationRequest need SSLSession for certificates and principal in
sslsocket transport
---------------------------------------------------------------------------------------
Key: JBREM-902
URL: http://jira.jboss.com/jira/browse/JBREM-902
Project: JBoss Remoting
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: security
Reporter: ya xiang
In a SSL context, there is a real need for check principal and certificates.
There are ways to do this, but current jboss remoting not provide it, just provider
socket remote address as sessionId. seems not enough.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira