[jira] [Commented] (FELIX-4798) Support async servlets (filters)
[ https://issues.apache.org/jira/browse/FELIX-4798?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14324173#comment-14324173 ] Carsten Ziegeler commented on FELIX-4798: - I guess the easiest way is to register the dispatcher servlet as an async servlet and then wrap within the dispatcher servlet the APi to only allow async operations to servlets and filters indicating this through the whiteboard property Support async servlets (filters) Key: FELIX-4798 URL: https://issues.apache.org/jira/browse/FELIX-4798 Project: Felix Issue Type: Task Components: HTTP Service Reporter: Carsten Ziegeler Fix For: http-next -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (FELIX-4797) Enable client certificate requesting without verifying the certificates
[ https://issues.apache.org/jira/browse/FELIX-4797?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14324208#comment-14324208 ] J.W. Janssen commented on FELIX-4797: - [~pascal.mainini]: not sure what you are trying to solve exactly here: by simply trusting *any* certificate that the client provides without any validation, you basically are very much susceptible to MitM attacks, not? Enable client certificate requesting without verifying the certificates --- Key: FELIX-4797 URL: https://issues.apache.org/jira/browse/FELIX-4797 Project: Felix Issue Type: Improvement Components: HTTP Service Reporter: Pascal Mainini Priority: Minor Labels: patch Attachments: 0001-Patch-enabling-client-certificate-authentication-wit.patch This is a patch enabling requesting client certificate authentication without further validation of the certificates provided by the client. Rationale: Enabling requests of client certificates by setting org.apache.felix.https.clientcertificate to wants or needs requests a client-certificate from any connecting client. Depending on the value set, this is either an optional or mandatory step to be fulfilled by the client in order to have it's HTTP-request further processed. The client-certificate obtained is validated against either the CA-certificates found in the truststore or - if none given - by the server's certificate itself. For some usecases, this validation is unsuitable or not possible at all, namely for supporting WebID-style (https://en.wikipedia.org/wiki/WebID) authorization processed by a servlet within the container. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (FELIX-4798) Support async servlets (filters)
[ https://issues.apache.org/jira/browse/FELIX-4798?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14324193#comment-14324193 ] J.W. Janssen commented on FELIX-4798: - [~cziegeler]: IIRC, there is already support for async servlets in the current HTTP service. What does this issue need to solve in addition to that? Support async servlets (filters) Key: FELIX-4798 URL: https://issues.apache.org/jira/browse/FELIX-4798 Project: Felix Issue Type: Task Components: HTTP Service Reporter: Carsten Ziegeler Fix For: http-next -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (FELIX-4797) Enable client certificate requesting without verifying the certificates
[ https://issues.apache.org/jira/browse/FELIX-4797?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14324253#comment-14324253 ] Pascal Mainini commented on FELIX-4797: --- In general, of course you are right. However for specific usecases (like the WebID-style authentication as explained in the description of the issue), the certificate is only used for conveying additional data which is then used for authentication. The idea here is that a user generates a self-signed certificate with specific extensions pointing to the authentication data. Due to the fact that self-signed certificates are used (and are used on purpose), a validation of the client certificate will fail in any case. Without having the possibility to disable this validation in Felix/Jetty, it is not possible to write applications which read this additional information out of the certificate and process them further. I hope this clarifies things a bit, I can provide deeper explanations if needed. Enable client certificate requesting without verifying the certificates --- Key: FELIX-4797 URL: https://issues.apache.org/jira/browse/FELIX-4797 Project: Felix Issue Type: Improvement Components: HTTP Service Reporter: Pascal Mainini Priority: Minor Labels: patch Attachments: 0001-Patch-enabling-client-certificate-authentication-wit.patch This is a patch enabling requesting client certificate authentication without further validation of the certificates provided by the client. Rationale: Enabling requests of client certificates by setting org.apache.felix.https.clientcertificate to wants or needs requests a client-certificate from any connecting client. Depending on the value set, this is either an optional or mandatory step to be fulfilled by the client in order to have it's HTTP-request further processed. The client-certificate obtained is validated against either the CA-certificates found in the truststore or - if none given - by the server's certificate itself. For some usecases, this validation is unsuitable or not possible at all, namely for supporting WebID-style (https://en.wikipedia.org/wiki/WebID) authorization processed by a servlet within the container. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (FELIX-4798) Support async servlets (filters)
[ https://issues.apache.org/jira/browse/FELIX-4798?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14324191#comment-14324191 ] J.W. Janssen commented on FELIX-4798: - [~cziegeler]: IIRC, there is already support for async servlets in the current HTTP service. What does this issue need to solve in addition to that? Support async servlets (filters) Key: FELIX-4798 URL: https://issues.apache.org/jira/browse/FELIX-4798 Project: Felix Issue Type: Task Components: HTTP Service Reporter: Carsten Ziegeler Fix For: http-next -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (FELIX-4799) Support for multiple factory designates in single MetaType file
J.W. Janssen created FELIX-4799: --- Summary: Support for multiple factory designates in single MetaType file Key: FELIX-4799 URL: https://issues.apache.org/jira/browse/FELIX-4799 Project: Felix Issue Type: Bug Components: Metatype Service Reporter: J.W. Janssen Assignee: J.W. Janssen Fix For: metatype-1.0.12 A MetaType file can contain multiple designates for both non-factory and factory PIDs. The {{MetaData}} object returned by {{MetaDataReader}} returns a map of all designates found in the file, using the (factory) PID as key. In case multiple designates exist for the same factory PID, obviously only one is returned. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (FELIX-4798) Support async servlets (filters)
Carsten Ziegeler created FELIX-4798: --- Summary: Support async servlets (filters) Key: FELIX-4798 URL: https://issues.apache.org/jira/browse/FELIX-4798 Project: Felix Issue Type: Task Components: HTTP Service Reporter: Carsten Ziegeler Fix For: http-next -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Issue Comment Deleted] (FELIX-4798) Support async servlets (filters)
[ https://issues.apache.org/jira/browse/FELIX-4798?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] J.W. Janssen updated FELIX-4798: Comment: was deleted (was: [~cziegeler]: IIRC, there is already support for async servlets in the current HTTP service. What does this issue need to solve in addition to that?) Support async servlets (filters) Key: FELIX-4798 URL: https://issues.apache.org/jira/browse/FELIX-4798 Project: Felix Issue Type: Task Components: HTTP Service Reporter: Carsten Ziegeler Fix For: http-next -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (FELIX-4800) Bundle search in /system/console/bundles produces 405
[ https://issues.apache.org/jira/browse/FELIX-4800?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14324855#comment-14324855 ] David Bosschaert commented on FELIX-4800: - I'm seeing that the 405 only happens in cases where the search produces nothing. In cases where the search has a result (a subset of bundles) these are correctly reported. Bundle search in /system/console/bundles produces 405 - Key: FELIX-4800 URL: https://issues.apache.org/jira/browse/FELIX-4800 Project: Felix Issue Type: Bug Components: Web Console Affects Versions: webconsole-4.2.4 Reporter: David Bosschaert Searching in the bundles list produces a 405. Enter any value in the bundle search box and hit 'Apply Filter' and it will produce a 405 with as reason: HTTP method POST is not supported by this URL possibly related, when selecting 'Filter All' instead, I'm getting a 500 with as message: Problem accessing /system/console/bundles/.json. Reason: Invalid LDAP filter specified -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (FELIX-4800) Bundle search in /system/console/bundles produces 405
David Bosschaert created FELIX-4800: --- Summary: Bundle search in /system/console/bundles produces 405 Key: FELIX-4800 URL: https://issues.apache.org/jira/browse/FELIX-4800 Project: Felix Issue Type: Bug Components: Web Console Affects Versions: webconsole-4.2.4 Reporter: David Bosschaert Searching in the bundles list produces a 405. Enter any value in the bundle search box and hit 'Apply Filter' and it will produce a 405 with as reason: HTTP method POST is not supported by this URL possibly related, when selecting 'Filter All' instead, I'm getting a 500 with as message: Problem accessing /system/console/bundles/.json. Reason: Invalid LDAP filter specified -- This message was sent by Atlassian JIRA (v6.3.4#6332)