X509Certificate [] certs = (X509Certificate [])request.getAttribute("javax.servlet.request.X509Certificate");
X509Certificate [] certs = (X509Certificate [])request.getAttribute("org.apache.coyote.request.X509Certificate");
do both of these methods return null?
Federico Fernandez Cruz wrote:
Sure! This is getting personal... ;-) Apache and Tomcat will not be my friends anymore! :-D
Well, I'll try to be a little exhaustive just because sometimes I miss something that is the real point of the question.
Let's go.
My target is an Apache + Tomcat integration using JK2.
Software! Redhat 9.0 Apache 2.0.47 with modssl. Tomcat 5.0.16. JK2 2.0.2
This is what I have done:
1. Install apache properly. Configuration is in /etc/httpd
2. Install tomcat properly. /opt/jakarta-tomcat-5.0.16
3. Compile JK2 2.0.2 from jakarta-connectors because there is a bug in the sources of tomcat that avoid recursivity in mappings like /your_webapp/*
4. Configuration.
In httpd.conf I have added these lines:
#******************************
LoadModule jk2_module modules/mod_jk2.so
#******************************
My workers2.properties looks like this (/etc/httpd/workers2.properties)
[logger] level=DEBUG
[config:] file=/etc/httpd/conf/workers2.properties debug=1 debugEnv=1
[uriMap:] info=Maps the requests. Options: debug debug=1
# Alternate file logger [logger.file:0] level=DEBUG file=/var/log/httpd/jk2.log
[shm:]
info=Scoreboard. Required for reconfiguration and status with multiprocess servers
file=/var/run/jk2.shm
size=1000000
debug=0
disabled=0
[workerEnv:] info=Global server options timing=1 debug=1 # Default Native Logger (apache2 or win32 ) # can be overriden to a file logger, useful # when tracing win32 related issues logger=logger.file:0
[channel.socket:127.0.0.1:8009] info=Ajp13 forwarding over socket debug=1 tomcatId=127.0.0.1:8009
[ajp13:127.0.0.1:8009] channel=channel.socket:127.0.0.1:8009
[status:status] info=Status worker, displays runtime informations
[vm:]
info=Parameters used to load a JVM in the server process
#JVM=C:\jdk\jre\bin\hotspot\jvm.dll
OPT=-Djava.class.path=${TOMCAT_HOME}/lib/tomcat-jni.jar;${TOMCAT_HOME}/server/lib/commons-logging.jar
OPT=-Dtomcat.home=${TOMCAT_HOME} OPT=-Dcatalina.home=${TOMCAT_HOME} OPT=-Xmx128M #OPT=-Djava.compiler=NONE disabled=1
[uri:/jkstatus/*] info=Display status information and checks the config file for changes. group=status: worker=status:status
#*************************************************************************************
In tomcat, my jk2.properties looks like this
#**********************************************************************************************
handler.list=request,container,channelSocket
channelSocket.port=8009 channelSocket.address=127.0.0.1 channelSocket.maxPort=port+10
#**********************************************************************************************
And in server.xml the jk connector is configured as this:
#**********************************************************************************************
<Connector port="8009" protocol="AJP/1.3" protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler" redirectPort="8443">
</Connector>
#**********************************************************************************************
In my ssl.conf the configuration is: (UserMan is my web application)
#**********************************************************************************************
<IfModule mod_jk2.c> <Location /UserMan> JkUriSet worker ajp13:127.0.0.1:8009 </Location>
<Location /admin> JkUriSet worker ajp13:127.0.0.1:8009 </Location>
<Location /manager/html>
JkUriSet worker ajp13:127.0.0.1:8009
</Location>
</IfModule>
#**********************************************************************************************
I am using client authentication and everything goes fine. SSL connection is OK and the server ask the web browser for a client certificate. And my application is displayed properly! I am happy up to this moment but...
What about asking for SSL parameters from my webapp?
I am doing something like this inside a JSP file:
String cipher = (String)request.getAttribute("javax.servlet.request.cipher_suite");
Integer keysize = (Integer)request.getAttribute("javax.servlet.request.key_size");
X509Certificate [] certs = (X509Certificate [])request.getAttribute("javax.servlet.request.X509Certificate");
String sessionId = (String)request.getAttribute("javax.servlet.request.ssl_session");
X509Certificate [] certs = (X509Certificate [])request.getAttribute("org.apache.coyote.request.X509Certificate");
I ALLWAYS GET NULL!
What more can I do? Is there anybody that had succeded doing this? What about developers?
Thanks in advance! And sorry for this long post, but...
Thanks again!
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]