[jboss-jira] [JBoss JIRA] (WFLY-6538) https-listener does not support proxy-address-forwarding
Emond Papegaaij (JIRA)
issues at jboss.org
Tue Apr 19 10:58:00 EDT 2016
[ https://issues.jboss.org/browse/WFLY-6538?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13193860#comment-13193860 ]
Emond Papegaaij commented on WFLY-6538:
---------------------------------------
I think certificateForwarding can still be relevant, without it, you cannot use client-authentication behind a proxy when using https between your proxy and WildFly. Like this:
{{Client <-- https with client certificate --> proxy <-- https --> WildFly}} IMHO, in a situation like this, it is still relevant to get the certificates used by the client to authenticate to your proxy.
> https-listener does not support proxy-address-forwarding
> --------------------------------------------------------
>
> Key: WFLY-6538
> URL: https://issues.jboss.org/browse/WFLY-6538
> Project: WildFly
> Issue Type: Feature Request
> Components: Web (Undertow)
> Affects Versions: 9.0.2.Final, 10.0.0.Final
> Reporter: Emond Papegaaij
> Assignee: Tomaz Cerar
>
> HttpsListenerService explicitly passes false to its superclass for proxyAddressForwarding and certificateForwarding, making it impossible to enable these features. For a security-sensitive application, we need a secure connection from our proxy to WildFly and we need WildFly to respect the headers sent by our proxy. It seems easy to support these options by reading them in HttpsListenerAdd and passing them to HttpsListenerService, which can simply pass them to the super constructor.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list