Merge pull request #1043 from anthonydahanne/client-certificate

pivotal-david-osullivan · web-flow · commit b508f729e50f · 2023-12-14T21:57:50.000Z
Add client certificate mapper ability to choose version
diff --git a/config/client_certificate_mapper.yml b/config/client_certificate_mapper.yml
@@ -15,5 +15,7 @@
 
 # Container security provider configuration
 ---
-version: 1.+
-repository_root: "{default.repository.root}/client-certificate-mapper"
+version: 2.+
+version_lines:
+  - 2.+
+repository_root: "{default.repository.root}/client-certificate-mapper"
diff --git a/docs/framework-client_certificate_mapper.md b/docs/framework-client_certificate_mapper.md
@@ -1,5 +1,7 @@
 # Client Certificate Mapper
-The Client Certificate Mapper Framework adds a Servlet Filter to applications that will that maps the `X-Forwarded-Client-Cert` to the `javax.servlet.request.X509Certificate` Servlet attribute.
+The Client Certificate Mapper Framework adds a Servlet Filter to applications that will that maps the `X-Forwarded-Client-Cert` to the `javax|jakarta.servlet.request.X509Certificate` Servlet attribute.
+
+The Client Certificate Mapper Framework will download a helper library, [java-buildpack-client-certificate-mapper][library repository], that will enrich Spring Boot (2 and 3), as well as JEE / JakartaEE applications classpath with a servlet filter.
 
 <table>
   <tr>
@@ -18,10 +20,10 @@ For general information on configuring the buildpack, including how to specify c
 
 The framework can be configured by modifying the [`config/client_certificate_mapper.yml`][] file in the buildpack fork.  The framework uses the [`Repository` utility support][repositories] and so it supports the [version syntax][] defined there.
 
-| Name | Description
-| ---- | -----------
+| Name              | Description
+|-------------------| -----------
 | `repository_root` | The URL of the Container Customizer repository index ([details][repositories]).
-| `version` | The version of Container Customizer to use. Candidate versions can be found in [this listing][].
+| `version`         | The version of Container Customizer to use. Candidate versions can be found in [this listing][].
 
 ## Servlet Filter
 The [Servlet Filter][] added by this framework maps the `X-Forwarded-Client-Cert` to the `javax.servlet.request.X509Certificate` Servlet attribute for each request.  The `X-Forwarded-Client-Cert` header is contributed by the Cloud Foundry Router and contains the any TLS certificate presented by a client for mututal TLS authentication.  This certificate can then be used by any standard Java security framework to establish authentication and authorization for a request.
@@ -32,3 +34,4 @@ The [Servlet Filter][] added by this framework maps the `X-Forwarded-Client-Cert
 [Servlet Filter]: https://github.com/cloudfoundry/java-buildpack-client-certificate-mapper
 [this listing]: http://download.pivotal.io.s3.amazonaws.com/container-security-provider/index.yml
 [version syntax]: extending-repositories.md#version-syntax-and-ordering
+[library repository]: https://github.com:cloudfoundry/java-buildpack-client-certificate-mapper.git
