[jboss-jira] [JBoss JIRA] Reopened: (JBREM-902) InvocationRequest need SSLSession for certificates and principal in sslsocket transport
ya xiang (JIRA)
jira-events at lists.jboss.org
Thu Feb 14 08:54:26 EST 2008
[ http://jira.jboss.com/jira/browse/JBREM-902?page=all ]
ya xiang reopened JBREM-902:
----------------------------
But this solution not take care of SSLSession propagating, for instance, how to get it from a POJO service object.
Before, In RMI over SSL, I got the SSLSession by this way:
ids=SSLContext.getDefault().getIds()
session=pseudoIds.find(getRemoteClientAddress())
In fact, In Remoting case, the means is still available.
And more, Remoting seems more flex, so in POJO senario, the sesssion have to be save for using later.
So I think a ThreadLocal<SSLSession> static memeber and method getSession not a bad idea.
> InvocationRequest need SSLSession for certificates and principal in sslsocket transport
> ---------------------------------------------------------------------------------------
>
> Key: JBREM-902
> URL: http://jira.jboss.com/jira/browse/JBREM-902
> Project: JBoss Remoting
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: security
> Reporter: ya xiang
>
> In a SSL context, there is a real need for check principal and certificates.
> There are ways to do this, but current jboss remoting not provide it, just provider socket remote address as sessionId. seems not enough.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list