Closed anthonydahanne closed 7 months ago
Eventually, we took another direction thanks to @nebhale guidance: using the same client-certificate-mapper jar
for all 4 use cases:
javax
)jakarta
)The "magic" that allows such a feat relies on providing a way for each 4 cases to register the servlet filter that will transform the request coming from another CF service into a client certificate equipped request.
I also manually tested it with:
https://github.com/anthonydahanne/spring-music/tree/sb2-no-cfenv-no-sar
SB2, expected former behaviour
cf push sb2-no-cfenv-no-sar -b https://github.com/anthonydahanne/java-buildpack.git\#client-certificate
~~
[...]
-----> Downloading Client Certificate Mapper 1.11.0_RELEASE from https://java-buildpack.cloudfoundry.org/client-certificate-mapper/client-certificate-mapper-1.11.0-RELEASE.jar (0.1s)
-----> Downloading Container Security Provider 1.20.0_RELEASE from https://java-buildpack.cloudfoundry.org/container-security-provider/container-security-provider-1.20.0-RELEASE.jar (0.2s)
Exit status 0
[...]
https://github.com/anthonydahanne/spring-music/tree/sb3-no-cfenv SB3, new behaviour
[...]
-----> Downloading Client Certificate Mapper 2.0.0 from https://anthonydahanne.github.io/java-buildpack-client-certificate-mapper/client-certificate-mapper-2.0.0.jar (0.1s)
-----> Downloading Container Security Provider 1.20.0_RELEASE from https://java-buildpack.cloudfoundry.org/container-security-provider/container-security-provider-1.20.0-RELEASE.jar (0.2s)
-----> Downloading Java Cf Env 3.1.2 from https://java-buildpack.cloudfoundry.org/java-cfenv/java-cfenv-3.1.2.jar (0.1s)
Exit status 0
[...]
cf ssh sb3-no-cfenv
find ./ -iname "*certif*.*"
./app/.java-buildpack/client_certificate_mapper/client_certificate_mapper-2.0.0.jar
./app/org/springframework/boot/loader/jar/JarEntryCertification.class
./app/BOOT-INF/lib/client_certificate_mapper-2.0.0.jar
No need for this new option, see previous comment
New usecase: user forces the v1.x version with:
JBP_CONFIG_CLIENT_CERTIFICATE_MAPPER: '{javax_forced: true}'
-----> Downloading Client Certificate Mapper 1.11.0_RELEASE from https://java-buildpack.cloudfoundry.org/client-certificate-mapper/client-certificate-mapper-1.11.0-RELEASE.jar (0.1s)
-----> Downloading Container Security Provider 1.20.0_RELEASE from https://java-buildpack.cloudfoundry.org/container-security-provider/container-security-provider-1.20.0-RELEASE.jar (0.1s)
-----> Downloading Java Cf Env 3.1.2 from https://java-buildpack.cloudfoundry.org/java-cfenv/java-cfenv-3.1.2.jar (0.1s)
Exit status 0
Fix for https://github.com/cloudfoundry/java-buildpack/issues/1039