I have two servers: server A and server B. Server A has a security layer through MTLS where it expects keyStore details from server B for accessing its endpoint. However when server A requests to server B there's no such mTLS authentication applied to validate requests coming from outside.
Now server A even though sending the keystore details request gets unverified as there's no such implementation. Server B is on Scala play framework (scala version: 2.13 and play version: 2.8.20) and mTLS setup for sending the request has already been done.
The keyStore details gets injected to the request upon runtime in a sh file which is responsible for running ther server B:
sbt "server/run \
-Dhttp.port=disabled \
-Dhttps.port=${APP_PORT} \
-Dplay.server.https.keyStore.path=${APP_CERT} \
-Dplay.server.https.keyStore.type=PKCS12 \
-Dplay.server.https.keyStore.password=plasma123 \
-Djava.awt.headless=true"
I need some help in enabling server B's specific endpoint (as other endpoints already have their authentication) to utilize mTLS like server A to validate and accordingly entertain external requests only for specific endpoint.
And then I need to know how can I verify the certificate on scala side for the incoming request coming from a valid certificate holder. (Please note that mLTS for request from server B to server A is already in place, however server B's endpoint doesn't need mLTS which I need to enforce now.)
I see flags like -Dplay.server.https.needClientAuth=true \ but this would enforce for entire server meaning all endpoints, I want to use something like: -Dplay.server.https.needClientAuth=optional \
Next to this, I want to use something like a custom filter and wrap my specific route to ensure that the request gets intercepted through it to verify the certificates.