Yes! It returns null.

The servlet (jsp) that executes this code is running in Tomcat (obviously!) And the whole web application is mapped from apache to tomcat.

The steps are the following:

1.- https://<my-machine>/UserMan (UserMan is a location in Apache that is mapped to my web application that is called UserMan ;-) )
2.- Apache starts SSL negotiation and ask the browser to send a client user certificate.
3.- I select a correct user certificate... apache continues with the ssl negotiation...
4.- Now I have a secure connection with apache.
5.- Apache send my request to Tomcat through mod_jk2
6.- Tomcat presents UserMan contents. That's all!


My JSP is under UserMan in Tomcat. So If I type the URL to get ssltest.jsp, the code executes over SSL through mod_jk2...
By the way, I have exported all variables in ssl.conf using...


SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

I think mod_jk2 is not working properly with the ssl information but is tunneling the communication in a correct manner from Apache to Tomcat.

Thanks again!





Mark W. Webb wrote:

Does the following return null? If so, your ssl.conf may be messed up. Is the servlet that executes this code running over SSL?

java.security.cert.X509Certificate[] certs = (java.security.cert.X509Certificate[])req.getAttribute("javax.servlet.request.X509Certificate")



Federico Fernandez Cruz wrote:

That's was an example.
I allways get NULL for all calls regarding SSL, even with
String cipher = (String)request.getAttribute("javax.servlet.request.cipher_suite");


or the key size example.

I know that code won't compile... My intention was pointing you to the real problem... I can't access those variables.

Thanks!




Mark W. Webb wrote:


what is null? the certs object ? Why do you have the following 2 lines...

X509Certificate [] certs = (X509Certificate [])request.getAttribute("javax.servlet.request.X509Certificate");
X509Certificate [] certs = (X509Certificate [])request.getAttribute("org.apache.coyote.request.X509Certificate");


do both of these methods return null?



Federico Fernandez Cruz wrote:

Sure! This is getting personal... ;-) Apache and Tomcat will not be my friends anymore! :-D

Well, I'll try to be a little exhaustive just because sometimes I miss something that is the real point of the question.

Let's go.

My target is an Apache + Tomcat integration using JK2.

Software!
   Redhat 9.0
   Apache 2.0.47 with modssl.
   Tomcat 5.0.16.
   JK2 2.0.2


This is what I have done:


1. Install apache properly. Configuration is in /etc/httpd
2. Install tomcat properly. /opt/jakarta-tomcat-5.0.16
3. Compile JK2 2.0.2 from jakarta-connectors because there is a bug in the sources of tomcat that avoid recursivity in mappings like /your_webapp/*
4. Configuration.
In httpd.conf I have added these lines:
#******************************
LoadModule jk2_module modules/mod_jk2.so
#******************************


My workers2.properties looks like this (/etc/httpd/workers2.properties)

[logger]
level=DEBUG

[config:]
file=/etc/httpd/conf/workers2.properties
debug=1
debugEnv=1

[uriMap:]
info=Maps the requests. Options: debug
debug=1

# Alternate file logger
[logger.file:0]
level=DEBUG
file=/var/log/httpd/jk2.log

[shm:]
info=Scoreboard. Required for reconfiguration and status with multiprocess servers
file=/var/run/jk2.shm
size=1000000
debug=0
disabled=0


[workerEnv:]
info=Global server options
timing=1
debug=1
# Default Native Logger (apache2 or win32 )
# can be overriden to a file logger, useful
# when tracing win32 related issues
logger=logger.file:0

[channel.socket:127.0.0.1:8009]
info=Ajp13 forwarding over socket
debug=1
tomcatId=127.0.0.1:8009

[ajp13:127.0.0.1:8009]
channel=channel.socket:127.0.0.1:8009

[status:status]
info=Status worker, displays runtime informations

[vm:]
info=Parameters used to load a JVM in the server process
#JVM=C:\jdk\jre\bin\hotspot\jvm.dll
OPT=-Djava.class.path=${TOMCAT_HOME}/lib/tomcat-jni.jar;${TOMCAT_HOME}/server/lib/commons-logging.jar


OPT=-Dtomcat.home=${TOMCAT_HOME}
OPT=-Dcatalina.home=${TOMCAT_HOME}
OPT=-Xmx128M
#OPT=-Djava.compiler=NONE
disabled=1

[uri:/jkstatus/*]
info=Display status information and checks the config file for changes.
group=status:
worker=status:status


#*************************************************************************************


In tomcat, my jk2.properties looks like this


#**********************************************************************************************


handler.list=request,container,channelSocket


channelSocket.port=8009
channelSocket.address=127.0.0.1
channelSocket.maxPort=port+10


#**********************************************************************************************




And in server.xml the jk connector is configured as this:
#**********************************************************************************************


<Connector port="8009" protocol="AJP/1.3" protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler" redirectPort="8443">
</Connector>
#**********************************************************************************************



In my ssl.conf the configuration is: (UserMan is my web application)
#**********************************************************************************************


<IfModule mod_jk2.c>
<Location /UserMan>
JkUriSet worker ajp13:127.0.0.1:8009
</Location>

<Location /admin>
JkUriSet worker ajp13:127.0.0.1:8009
</Location>

<Location /manager/html>
JkUriSet worker ajp13:127.0.0.1:8009
</Location>
</IfModule>
#**********************************************************************************************



I am using client authentication and everything goes fine. SSL connection is OK and the server ask the web browser for a client certificate. And my application is displayed properly! I am happy up to this moment but...


What about asking for SSL parameters from my webapp?

I am doing something like this inside a JSP file:

String cipher = (String)request.getAttribute("javax.servlet.request.cipher_suite");

Integer keysize = (Integer)request.getAttribute("javax.servlet.request.key_size");

X509Certificate [] certs = (X509Certificate [])request.getAttribute("javax.servlet.request.X509Certificate");

String sessionId = (String)request.getAttribute("javax.servlet.request.ssl_session");

X509Certificate [] certs = (X509Certificate [])request.getAttribute("org.apache.coyote.request.X509Certificate");


I ALLWAYS GET NULL!


What more can I do? Is there anybody that had succeded doing this? What about developers?

Thanks in advance! And sorry for this long post, but...

Thanks again!










--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]







--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]





--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]





--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]





--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]



Reply via email to