<!-- =========================================================== -->
<!-- Create a TLS specific HttpConfiguration based on the -->
<!-- common HttpConfiguration defined in jetty.xml -->
<!-- Add a SecureRequestCustomizer to extract certificate and -->
<!-- session information -->
<!-- =========================================================== -->
<New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Arg><Ref refid="httpConfig"/></Arg>
<Call name="addCustomizer">
<Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg>
</Call>
</New>
This adds a critical "org.eclipse.jetty.server.SecureRequestCustomizer" to the HttpConfiguration that the jetty-https.xml uses to establish its Connector.
<Configure id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">
<!-- (snip) -- >
<Call name="addConnectionFactory">
<Arg>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config"><Ref refid="sslHttpConfig" /></Arg>
</New>
</Arg>
</Call>
</Configure>
Without this SecureRequestCustomizer, the details from the SSL level will never be placed into the Request object, and your servlet will not know that the request credentials.