Dear Ian,
I have the same problem, but I'm trying to pass the SSL_* vars generated by
mod_ssl in Apache into the Tomcat side. I think this aproach could resolve
your problem (there are a lot of vars generated only when a SSL session is
open).
Unfortunately I can't do it yet, so the JkEnvVar doesn't work for my tests,
and I don't know what is wrong. I send to you some hints (I receive from
Tomcat Developer's list):
httpd.conf:
...
SSLOptions +StdEnvVars +ExportCertData
...
JkEnvVar SSL_CLIENT_CERT SSL_CLIENT_CERT
...
MyTest.jsp
...
HttpServletRequest req ; //from the post ...
// Gets the X.509 PEM Certificate
String SSL_Client = req.getAttribute("SSL_CLIENT_CERT") ;
...
If you are lucky than me, please let me know !!.
Eduardo.
> -----Mensaje original-----
> De: Ian Hunter [mailto:[EMAIL PROTECTED]
> Enviado el: Martes, 25 de Febrero de 2003 11:31
> Para: Tomcat Users List
> Asunto: Re: How to verify SSL/HTTPS behind Tomcat via AJP13
>
>
> I've "fallen back" to seeing if
> getRequestURL().toString().startsWith("https") -- that seems
> pretty kludgy.
> Any other ideas?
>
> ----- Original Message -----
> From: "Turner, John" <[EMAIL PROTECTED]>
> To: "'Tomcat Users List'" <[EMAIL PROTECTED]>
> Sent: Tuesday, February 25, 2003 8:41 AM
> Subject: RE: How to verify SSL/HTTPS behind Tomcat via AJP13
>
>
> >
> > The return from getProtocol() is correct, AFAIK. I don't
> believe there is
> a
> > HTTPS/1.1 or similar, but I could be wrong.
> >
> > By "check protocol type" in the docs (agreed, it is
> unclear), I believe it
> > means to do one (or all) of the following:
> >
> > - check the URL for "https"
> > - check the port number for the request
> > - use HttpServletRequest.isSecure(), though I think that will return
> "false"
> > when you use Tomcat via a connector with Apache....I've
> never tried it to
> be
> > sure.
> >
> > John
> >
> > > -----Original Message-----
> > > From: Ian Hunter [mailto:[EMAIL PROTECTED]
> > > Sent: Monday, February 24, 2003 9:26 PM
> > > To: Tomcat Users List
> > > Subject: How to verify SSL/HTTPS behind Tomcat via AJP13
> > >
> > >
> > > From
> > >
> http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html -- "Any
> > > pages which absolutely require a secure connection should
> > > check the protocol
> > > type associated with the page request and take the
> > > appropriate action of
> > > https is not specified."
> > >
> > > Also, "When running Tomcat primarily as a Servlet/JSP
> container behind
> > > another web server, such as Apache or Microsoft IIS, it is
> > > usually necessary
> > > to configure the primary web server to handle the SSL
> connections from
> > > users. Typically, this server will negotiate all SSL-related
> > > functionality,
> > > then pass on any requests destined for the Tomcat
> container only after
> > > decrypting those requests. Likewise, Tomcat will return
> > > cleartext responses,
> > > that will be encrypted before being returned to the user's
> > > browser. In this
> > > environment, Tomcat knows that communications between the
> > > primary web server
> > > and the client are taking place over a secure connection
> (because your
> > > application needs to be able to ask about this), but it does
> > > not participate
> > > in the encryption or decryption itself."
> > >
> > > However, when I check "request.getProtocol()" I get
> > > "HTTP/.1.1" even when
> > > I'm connecting via SSL (url shows https: and browser
> shows "lock" and
> > > confirms 128 bit SSL) -- what gives?
> > >
> > >
> > >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail:
> [EMAIL PROTECTED]
> > >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
