Here is a trivial jsp page that shows a principal with secured with basic auth using both ssl and non-ssl connections:
| <[EMAIL PROTECTED] import="java.io.*,javax.naming.*, | java.util.Date, | java.util.Enumeration, | javax.security.cert.X509Certificate" %> | <html> | <body bgcolor="white"> | <h1> Session Info</h1> | SessionID: <%= session.getId() %><br> | CreationTime: <%= new Date(session.getCreationTime()) %><br> | LastAccessedTime: <%= new Date(session.getLastAccessedTime()) %><br> | <ul> | <% | Enumeration names = session.getAttributeNames(); | while( names.hasMoreElements() ) | { | String name = (String) names.nextElement(); | out.print("<li>"); | out.print(name); | out.print(" = "); | out.print(session.getAttribute(name)); | out.println("</li>"); | } | if( request.getScheme().equals("https") ) | { | String cipherSuite; | X509Certificate certChain []; | cipherSuite = (String) request.getAttribute ("javax.servlet.request.cipher_suite"); | certChain = (X509Certificate []) request.getAttribute ("javax.servlet.request.X509Certificate"); | out.print("<li>javax.servlet.request.cipher_suite = "); | out.print(cipherSuite); | out.println("</li>"); | out.print("<li>javax.servlet.request.X509Certificate = "); | out.print(certChain); | out.println("</li>"); | | }%> | </ul> | | <h1> JNDI java:comp/env Context Info</h1> | <pre> | <% | if( initException != null ) | out.println(initException); | else | out.println(jndiEnvCtxInfo); | %> | </pre> | <h1> Request Information </h1> | <font size="4"> | JSP Request Method: <%= request.getMethod() %> | <br> | Request URL: <%= request.getRequestURL() %> | <br> | Request URI: <%= request.getRequestURI() %> | <br> | Request Protocol: <%= request.getProtocol() %> | <br> | Servlet path: <%= request.getServletPath() %> | <br> | Path info: <%= request.getPathInfo() %> | <br> | Path translated: <%= request.getPathTranslated() %> | <br> | Query string: <%= request.getQueryString() %> | <br> | Content length: <%= request.getContentLength() %> | <br> | Content type: <%= request.getContentType() %> | <br> | Server name: <%= request.getServerName() %> | <br> | Server port: <%= request.getServerPort() %> | <br> | UserPrincipal: <%= request.getUserPrincipal() %> | <br> | Remote user: <%= request.getRemoteUser() %> | <br> | Remote address: <%= request.getRemoteAddr() %> | <br> | Remote host: <%= request.getRemoteHost() %> | <br> | Authorization scheme: <%= request.getAuthType() %> | <br> | Is secure: <%= request.isSecure() %> | <br> | Locale: <%= request.getLocale() %> | <hr> | The browser you are using is <%= request.getHeader("User-Agent") %> | <hr> | </font> | </body> | </html> | | Output without ssl: | Session Info | SessionID: 7D6B2FA8783C0B451C23319E990C393E | CreationTime: Wed Jul 07 13:15:27 PDT 2004 | LastAccessedTime: Wed Jul 07 13:15:27 PDT 2004 | | Request Information | JSP Request Method: GET | Request URL: http://localhost:8080/jmx-console/snoop.jsp | Request URI: /jmx-console/snoop.jsp | Request Protocol: HTTP/1.1 | Servlet path: /snoop.jsp | Path info: null | Path translated: null | Query string: null | Content length: -1 | Content type: null | Server name: localhost | Server port: 8080 | UserPrincipal: admin | Remote user: admin | Remote address: 127.0.0.1 | Remote host: 127.0.0.1 | Authorization scheme: BASIC | Is secure: false | Locale: en_US | Output with ssl: | Session Info | SessionID: 1AA806630E9DC97500C2D240066407EC | CreationTime: Wed Jul 07 13:01:34 PDT 2004 | LastAccessedTime: Wed Jul 07 13:08:48 PDT 2004 | | * javax.servlet.request.cipher_suite = TLS_DHE_RSA_WITH_AES_128_CBC_SHA | * javax.servlet.request.X509Certificate = null | | Request Information | JSP Request Method: GET | Request URL: https://localhost:8443/jmx-console/snoop.jsp | Request URI: /jmx-console/snoop.jsp | Request Protocol: HTTP/1.1 | Servlet path: /snoop.jsp | Path info: null | Path translated: null | Query string: null | Content length: -1 | Content type: null | Server name: localhost | Server port: 8443 | UserPrincipal: admin | Remote user: admin | Remote address: 127.0.0.1 | Remote host: 127.0.0.1 | Authorization scheme: BASIC | Is secure: true | Locale: en_US | View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3841273#3841273 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3841273 ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user