glassfish
  1. glassfish
  2. GLASSFISH-16665

Remove default restriction on DAS checking for client SSL cert on admin requests

    Details

    • Type: Improvement Improvement
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.1
    • Fix Version/s: 3.1.1_b07
    • Component/s: admin
    • Labels:
      None

      Description

      As a workaround to a problem in 3.1, the DAS does not check for a client SSL cert as it processes an incoming admin request. (There were problems if a large file was uploaded and the DAS tried to retrieve the user principal associated with the client cert.)

      Subsequent changes in Grizzly have added an option which we can use to remove this restriction.

      This issue is for tracking the removal of the restriction.

      Why fix this issue in 3.1.1?
      Removes a restriction that is no longer needed

      Which is the targeted build of 3.1.1 for this fix?
      3.1.1 b06

      Do regression tests exist for this issue?
      in progress

      Which tests should QA (re)run to verify the fix did not destabilize GlassFish?
      deployment with upload of large file to a non-DAS instance or cluster

        Activity

        Hide
        scatari added a comment -

        Approved.

        Show
        scatari added a comment - Approved.
        Hide
        Tim Quinn added a comment -

        Recent news from Ryan is that the changes to back-port this feature into 1.9 are too risky for 3.1.1.

        Instead we need to implement the same workaround that is currently in the AdminAdapter in other adapters which accept admin requests, notably the RestAdapter and possibly the admin console adapter, although I'm not sure if that is affected by the large upload problem.

        Show
        Tim Quinn added a comment - Recent news from Ryan is that the changes to back-port this feature into 1.9 are too risky for 3.1.1. Instead we need to implement the same workaround that is currently in the AdminAdapter in other adapters which accept admin requests, notably the RestAdapter and possibly the admin console adapter, although I'm not sure if that is affected by the large upload problem.
        Hide
        Mitesh Meswani added a comment -

        Fixed RestAdapater with following checkin

        $ svn commit -m "Issue 16665: Implement workaround for Grizzly limitation." src/main/java/org/glassfish/admin/rest/adapter/RestAdapter.java
        Sending src\main\java\org\glassfish\admin\rest\adapter\RestAdapter.java
        Transmitting file data .
        Committed revision 47265.

        Show
        Mitesh Meswani added a comment - Fixed RestAdapater with following checkin $ svn commit -m "Issue 16665: Implement workaround for Grizzly limitation." src/main/java/org/glassfish/admin/rest/adapter/RestAdapter.java Sending src\main\java\org\glassfish\admin\rest\adapter\RestAdapter.java Transmitting file data . Committed revision 47265.
        Hide
        Tim Quinn added a comment -

        With Mitesh's check-in this issue is fixed in 3.1.1.

        Show
        Tim Quinn added a comment - With Mitesh's check-in this issue is fixed in 3.1.1.

          People

          • Assignee:
            Tim Quinn
            Reporter:
            Tim Quinn
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: