Federico Fernandez Cruz wrote:
Yes! It returns null.
The servlet (jsp) that executes this code is running in Tomcat (obviously!) And the whole web application is mapped from apache to tomcat.
The steps are the following:
1.- https://<my-machine>/UserMan (UserMan is a location in Apache that is mapped to my web application that is called UserMan ;-) )
2.- Apache starts SSL negotiation and ask the browser to send a client user certificate.
3.- I select a correct user certificate... apache continues with the ssl negotiation...
4.- Now I have a secure connection with apache.
5.- Apache send my request to Tomcat through mod_jk2
6.- Tomcat presents UserMan contents. That's all!
My JSP is under UserMan in Tomcat. So If I type the URL to get ssltest.jsp, the code executes over SSL through mod_jk2...
By the way, I have exported all variables in ssl.conf using...
SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
I think mod_jk2 is not working properly with the ssl information but is tunneling the communication in a correct manner from Apache to Tomcat.
Thanks again!
Mark W. Webb wrote:
Does the following return null? If so, your ssl.conf may be messed up. Is the servlet that executes this code running over SSL?
java.security.cert.X509Certificate[] certs = (java.security.cert.X509Certificate[])req.getAttribute("javax.servlet.request.X509Certificate")
Federico Fernandez Cruz wrote:
That's was an example.
I allways get NULL for all calls regarding SSL, even with
String cipher = (String)request.getAttribute("javax.servlet.request.cipher_suite");
or the key size example.
I know that code won't compile... My intention was pointing you to the real problem... I can't access those variables.
Thanks!
Mark W. Webb wrote:
what is null? the certs object ? Why do you have the following 2 lines...
X509Certificate [] certs = (X509Certificate [])request.getAttribute("javax.servlet.request.X509Certificate");
X509Certificate [] certs = (X509Certificate [])request.getAttribute("org.apache.coyote.request.X509Certificate");
do both of these methods return null?
Federico Fernandez Cruz wrote:
Sure! This is getting personal... ;-) Apache and Tomcat will not be my friends anymore! :-D
Well, I'll try to be a little exhaustive just because sometimes I miss something that is the real point of the question.
Let's go.
My target is an Apache + Tomcat integration using JK2.
Software! Redhat 9.0 Apache 2.0.47 with modssl. Tomcat 5.0.16. JK2 2.0.2
This is what I have done:
1. Install apache properly. Configuration is in /etc/httpd
2. Install tomcat properly. /opt/jakarta-tomcat-5.0.16
3. Compile JK2 2.0.2 from jakarta-connectors because there is a bug in the sources of tomcat that avoid recursivity in mappings like /your_webapp/*
4. Configuration.
In httpd.conf I have added these lines:
#******************************
LoadModule jk2_module modules/mod_jk2.so
#******************************
My workers2.properties looks like this (/etc/httpd/workers2.properties)
[logger] level=DEBUG
[config:] file=/etc/httpd/conf/workers2.properties debug=1 debugEnv=1
[uriMap:] info=Maps the requests. Options: debug debug=1
# Alternate file logger [logger.file:0] level=DEBUG file=/var/log/httpd/jk2.log
[shm:]
info=Scoreboard. Required for reconfiguration and status with multiprocess servers
file=/var/run/jk2.shm
size=1000000
debug=0
disabled=0
[workerEnv:] info=Global server options timing=1 debug=1 # Default Native Logger (apache2 or win32 ) # can be overriden to a file logger, useful # when tracing win32 related issues logger=logger.file:0
[channel.socket:127.0.0.1:8009] info=Ajp13 forwarding over socket debug=1 tomcatId=127.0.0.1:8009
[ajp13:127.0.0.1:8009] channel=channel.socket:127.0.0.1:8009
[status:status] info=Status worker, displays runtime informations
[vm:]
info=Parameters used to load a JVM in the server process
#JVM=C:\jdk\jre\bin\hotspot\jvm.dll
OPT=-Djava.class.path=${TOMCAT_HOME}/lib/tomcat-jni.jar;${TOMCAT_HOME}/server/lib/commons-logging.jar
OPT=-Dtomcat.home=${TOMCAT_HOME} OPT=-Dcatalina.home=${TOMCAT_HOME} OPT=-Xmx128M #OPT=-Djava.compiler=NONE disabled=1
[uri:/jkstatus/*]
info=Display status information and checks the config file for changes.
group=status:
worker=status:status
#*************************************************************************************
In tomcat, my jk2.properties looks like this
#**********************************************************************************************
handler.list=request,container,channelSocket
channelSocket.port=8009 channelSocket.address=127.0.0.1 channelSocket.maxPort=port+10
#**********************************************************************************************
And in server.xml the jk connector is configured as this:
#**********************************************************************************************
<Connector port="8009" protocol="AJP/1.3" protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler" redirectPort="8443">
</Connector>
#**********************************************************************************************
In my ssl.conf the configuration is: (UserMan is my web application)
#**********************************************************************************************
<IfModule mod_jk2.c> <Location /UserMan> JkUriSet worker ajp13:127.0.0.1:8009 </Location>
<Location /admin> JkUriSet worker ajp13:127.0.0.1:8009 </Location>
<Location /manager/html>
JkUriSet worker ajp13:127.0.0.1:8009
</Location>
</IfModule>
#**********************************************************************************************
I am using client authentication and everything goes fine. SSL connection is OK and the server ask the web browser for a client certificate. And my application is displayed properly! I am happy up to this moment but...
What about asking for SSL parameters from my webapp?
I am doing something like this inside a JSP file:
String cipher = (String)request.getAttribute("javax.servlet.request.cipher_suite");
Integer keysize = (Integer)request.getAttribute("javax.servlet.request.key_size");
X509Certificate [] certs = (X509Certificate [])request.getAttribute("javax.servlet.request.X509Certificate");
String sessionId = (String)request.getAttribute("javax.servlet.request.ssl_session");
X509Certificate [] certs = (X509Certificate [])request.getAttribute("org.apache.coyote.request.X509Certificate");
I ALLWAYS GET NULL!
What more can I do? Is there anybody that had succeded doing this? What about developers?
Thanks in advance! And sorry for this long post, but...
Thanks again!
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
