azerella
commented
5 years ago I see that as of Spark 2.6+ embedded jetty is supposed to be 100% configurable but I'm having no luck trying something like
SslContextFactory.Server sslcf = new SslContextFactory.Server();
sslcf.setKeyStorePath(new File("server-keystore.jks").getAbsolutePath());
sslcf.setKeyStorePassword("serverkeypass");
sslcf.setKeyManagerPassword("serverkeymanagerpass");
sslcf.setTrustStorePath(new File("server-truststore.jks").getAbsolutePath());
sslcf.setTrustStorePassword("servertrustpass");
sslcf.setWantClientAuth(true);
sslcf.setNeedClientAuth(false);
sslcf.setEndpointIdentificationAlgorithm(null);
http.get("/secureHello", (req, res) -> {
req.attribute("org.eclipse.jetty.util.ssl.SslContextFactory", sslcf);
return "Hello Secure"
});
Looking at the API documentation there is no way to configure embedded Jetty to use
wantsClientCert, we only have the option forneedsClientCertas seen here:https://github.com/perwendel/spark/blob/403eb024863c77247bd9161e1239fb5893323d4d/src/main/java/spark/Service.java#L234
Is there a way around this problem or can we add this as a feature request? I want to configure Jetty to want a certificate but not need it.