Skip to content

Add client certificate mapper ability to choose version #1043

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Dec 14, 2023
Merged

Add client certificate mapper ability to choose version #1043

merged 2 commits into from
Dec 14, 2023

Conversation

@anthonydahanne
Copy link
Contributor

@anthonydahanne anthonydahanne commented Nov 8, 2023
edited
Loading

Fix for #1039

@anthonydahanne anthonydahanne force-pushed the client-certificate branch 6 times, most recently from 3ad11d0 to d02e230 Compare November 8, 2023 22:35
@anthonydahanne
Copy link
Contributor Author

anthonydahanne commented Nov 8, 2023
edited
Loading

Eventually, we took another direction thanks to @nebhale guidance: using the same client-certificate-mapper jar for all 4 use cases:

  • Spring Boot 2
  • Spring Boot 3
  • Java EE (javax)
  • Jakarta EE (jakarta)

The "magic" that allows such a feat relies on providing a way for each 4 cases to register the servlet filter that will transform the request coming from another CF service into a client certificate equipped request.

I also manually tested it with:

[...]
   -----> Downloading Client Certificate Mapper 1.11.0_RELEASE from https://java-buildpack.cloudfoundry.org/client-certificate-mapper/client-certificate-mapper-1.11.0-RELEASE.jar (0.1s)
   -----> Downloading Container Security Provider 1.20.0_RELEASE from https://java-buildpack.cloudfoundry.org/container-security-provider/container-security-provider-1.20.0-RELEASE.jar (0.2s)
   Exit status 0
[...]

[...]
   -----> Downloading Client Certificate Mapper 2.0.0 from https://anthonydahanne.github.io/java-buildpack-client-certificate-mapper/client-certificate-mapper-2.0.0.jar (0.1s)
   -----> Downloading Container Security Provider 1.20.0_RELEASE from https://java-buildpack.cloudfoundry.org/container-security-provider/container-security-provider-1.20.0-RELEASE.jar (0.2s)
   -----> Downloading Java Cf Env 3.1.2 from https://java-buildpack.cloudfoundry.org/java-cfenv/java-cfenv-3.1.2.jar (0.1s)
   Exit status 0
[...]

cf ssh sb3-no-cfenv 
 find ./ -iname "*certif*.*"
./app/.java-buildpack/client_certificate_mapper/client_certificate_mapper-2.0.0.jar
./app/org/springframework/boot/loader/jar/JarEntryCertification.class
./app/BOOT-INF/lib/client_certificate_mapper-2.0.0.jar

@anthonydahanne anthonydahanne force-pushed the client-certificate branch 2 times, most recently from dc454f9 to 38d7da3 Compare November 10, 2023 03:40
@anthonydahanne
Fix cloudfoundry#1039: Make client certificate mapper support Spring …
3bf69dd 
…Boot 3

* let it choose v2 of the jar when SB3 is detected
* otherwise, continue as before with default v1
@anthonydahanne
Copy link
Contributor Author

anthonydahanne commented Nov 10, 2023
edited
Loading

No need for this new option, see previous comment

New usecase: user forces the v1.x version with:

JBP_CONFIG_CLIENT_CERTIFICATE_MAPPER: '{javax_forced: true}'

   -----> Downloading Client Certificate Mapper 1.11.0_RELEASE from https://java-buildpack.cloudfoundry.org/client-certificate-mapper/client-certificate-mapper-1.11.0-RELEASE.jar (0.1s)
   -----> Downloading Container Security Provider 1.20.0_RELEASE from https://java-buildpack.cloudfoundry.org/container-security-provider/container-security-provider-1.20.0-RELEASE.jar (0.1s)
   -----> Downloading Java Cf Env 3.1.2 from https://java-buildpack.cloudfoundry.org/java-cfenv/java-cfenv-3.1.2.jar (0.1s)
   Exit status 0

@anthonydahanne
Fix cloudfoundry#1039
f9b4a20 
Make client certificate mapper support Jakarta EE; using a single library that can support SB2, SB3, JEE and JakartaEE apps
@pivotal-david-osullivan pivotal-david-osullivan merged commit b508f72 into cloudfoundry:main Dec 14, 2023
@anthonydahanne anthonydahanne deleted the client-certificate branch December 14, 2023 22:03
@anthonydahanne anthonydahanne mentioned this pull request Jun 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pivotal-david-osullivan pivotal-david-osullivan pivotal-david-osullivan approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@anthonydahanne @pivotal-david-osullivan