Skip to content

Latest commit

 

History

History
37 lines (30 loc) · 2.49 KB

framework-client_certificate_mapper.md

File metadata and controls

37 lines (30 loc) · 2.49 KB

Client Certificate Mapper

The Client Certificate Mapper Framework adds a Servlet Filter to applications that will that maps the X-Forwarded-Client-Cert to the javax|jakarta.servlet.request.X509Certificate Servlet attribute.

The Client Certificate Mapper Framework will download a helper library, java-buildpack-client-certificate-mapper, that will enrich Spring Boot (2 and 3), as well as JEE / JakartaEE applications classpath with a servlet filter.

Detection Criterion Unconditional
Tags client-certificate-mapper=<version>
Tags are printed to standard output by the buildpack detect script

Configuration

For general information on configuring the buildpack, including how to specify configuration values through environment variables, refer to Configuration and Extension.

The framework can be configured by modifying the config/client_certificate_mapper.yml file in the buildpack fork. The framework uses the Repository utility support and so it supports the version syntax defined there.

Name Description
repository_root The URL of the Container Customizer repository index (details).
version The version of Container Customizer to use. Candidate versions can be found in this listing.

Servlet Filter

The Servlet Filter added by this framework maps the X-Forwarded-Client-Cert to the javax.servlet.request.X509Certificate Servlet attribute for each request. The X-Forwarded-Client-Cert header is contributed by the Cloud Foundry Router and contains the any TLS certificate presented by a client for mututal TLS authentication. This certificate can then be used by any standard Java security framework to establish authentication and authorization for a request.