The Client Certificate Mapper Framework adds a Servlet Filter to applications that will that maps the X-Forwarded-Client-Cert
to the javax|jakarta.servlet.request.X509Certificate
Servlet attribute.
The Client Certificate Mapper Framework will download a helper library, java-buildpack-client-certificate-mapper, that will enrich Spring Boot (2 and 3), as well as JEE / JakartaEE applications classpath with a servlet filter.
Detection Criterion | Unconditional |
Tags | client-certificate-mapper=<version> |
For general information on configuring the buildpack, including how to specify configuration values through environment variables, refer to Configuration and Extension.
The framework can be configured by modifying the config/client_certificate_mapper.yml
file in the buildpack fork. The framework uses the Repository
utility support and so it supports the version syntax defined there.
Name | Description |
---|---|
repository_root |
The URL of the Container Customizer repository index (details). |
version |
The version of Container Customizer to use. Candidate versions can be found in this listing. |
The Servlet Filter added by this framework maps the X-Forwarded-Client-Cert
to the javax.servlet.request.X509Certificate
Servlet attribute for each request. The X-Forwarded-Client-Cert
header is contributed by the Cloud Foundry Router and contains the any TLS certificate presented by a client for mututal TLS authentication. This certificate can then be used by any standard Java security framework to establish authentication and authorization for a request.