I have two jetty instances. The first Jetty instance has an external port. All requests come through the first Jetty instance. Some requests need to be redirected to the second Jetty instance. The certificate will be validated on the second jetty.
What is the best way to do this with jetty (9)?
Thank you in advance.
In a proxy scenario, the first server will negotiate all of the SSL/TLS layer before issuing the request to the proxy server.
Once the SSL/TLS layer is successfully negotiated, there's no option to THEN perform the Client certificate validation, as that only occurs during the SSL/TLS layer.
In short, once your User-Agent (client/browser) can start making requests, then it's too late for the Client Certificate validation.
As for accessing the javax.servlet.request.X509Certificate that will require whatever proxy you are using to include the appropriate forwarding headers to the second server.
If the second server is Jetty, then that server will requires the ForwardedRequestCustomerizer to pull the Forwarding headers out from the request to then insert into the Request attributes.