Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-29

HttpServletRequest is missing javax.servlet.request.* attributes when request is secure

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 1.0.0.Alpha8
    • None
    • SSL
    • None

      I'm testing a WS exchange requiring secure transport; the internal Apache CXF impl relies on the javax.servlet.request.cipher_suite prop content for internal security policy configurations and checks. That prop is currently not set, while it was set to TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA by jboss-web when running the same test.

      We are missing whole 3.9 section of servlet 3.1 spec
      missing attributes:

      javax.servlet.request.cipher_suite
      javax.servlet.request.key_size
      javax.servlet.request.ssl_session_id
      javax.servlet.request.X509Certificate 
      

            tomazcerar Toma┼ż Cerar (Inactive)
            rhn-support-asoldano Alessio Soldano
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: