Client Certificate Mapper
December 14, 2023 ยท View on GitHub
The Client Certificate Mapper Framework adds a Servlet Filter to applications that will that maps the X-Forwarded-Client-Cert to the javax|jakarta.servlet.request.X509Certificate Servlet attribute.
The Client Certificate Mapper Framework will download a helper library, java-buildpack-client-certificate-mapper, that will enrich Spring Boot (2 and 3), as well as JEE / JakartaEE applications classpath with a servlet filter.
| Detection Criterion | Unconditional |
| Tags | client-certificate-mapper=<version> |
Configuration
For general information on configuring the buildpack, including how to specify configuration values through environment variables, refer to Configuration and Extension.
The framework can be configured by modifying the config/client_certificate_mapper.yml file in the buildpack fork. The framework uses the Repository utility support and so it supports the version syntax defined there.
| Name | Description |
|---|---|
repository_root | The URL of the Container Customizer repository index (details). |
version | The version of Container Customizer to use. Candidate versions can be found in this listing. |
Servlet Filter
The Servlet Filter added by this framework maps the X-Forwarded-Client-Cert to the javax.servlet.request.X509Certificate Servlet attribute for each request. The X-Forwarded-Client-Cert header is contributed by the Cloud Foundry Router and contains the any TLS certificate presented by a client for mututal TLS authentication. This certificate can then be used by any standard Java security framework to establish authentication and authorization for a request.