Author: markt
Date: Thu Sep 8 13:49:50 2011
New Revision: 1166689
URL: http://svn.apache.org/viewvc?rev=1166689&view=rev
Log:
Tomcat 6 introduced a custom attribute for SSL session ID.
Servlet 3 introduced a standard attribute for this.
Support both, deprecating the custom attribute.
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/catalina/Globals.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/Request.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/SSLValve.java
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/SSLSupport.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Sep 8 13:49:50 2011
@@ -1 +1 @@
-/tomcat/trunk:1156171,1156276,1156304,1156530,1156602,1157015,1157018,1157151,1157198,1157204,1157810,1157832,1157834,1157847,1157908,1157939,1158155,1158160,1158176,1158195,1158198-1158199,1158227,1158331,1158334-1158335,1158426,1160347,1160592,1160611,1160619,1160626,1160639,1160652,1160720-1160721,1160772,1160774,1160776,1161303,1161310,1161322,1161339,1161486,1161540,1161549,1161584,1162082,1162149,1162169,1162721,1162769,1162836,1162932,1163630,1164419,1164438,1164469,1164480,1164567,1165234,1165247-1165248,1165253,1165273,1165282,1165309,1165331,1165338,1165347,1165360-1165361,1165367-1165368,1165602,1165608,1165677,1165693,1165721,1165723,1165728,1165730,1165738,1165746,1165765,1165777,1165918,1165921,1166077,1166150-1166151,1166290,1166366,1166620
+/tomcat/trunk:1156171,1156276,1156304,1156530,1156602,1157015,1157018,1157151,1157198,1157204,1157810,1157832,1157834,1157847,1157908,1157939,1158155,1158160,1158176,1158195,1158198-1158199,1158227,1158331,1158334-1158335,1158426,1160347,1160592,1160611,1160619,1160626,1160639,1160652,1160720-1160721,1160772,1160774,1160776,1161303,1161310,1161322,1161339,1161486,1161540,1161549,1161584,1162082,1162149,1162169,1162721,1162769,1162836,1162932,1163630,1164419,1164438,1164469,1164480,1164567,1165234,1165247-1165248,1165253,1165273,1165282,1165309,1165331,1165338,1165347,1165360-1165361,1165367-1165368,1165602,1165608,1165677,1165693,1165721,1165723,1165728,1165730,1165738,1165746,1165765,1165777,1165918,1165921,1166077,1166150-1166151,1166290,1166366,1166620,1166686
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/Globals.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/Globals.java?rev=1166689&r1=1166688&r2=1166689&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/Globals.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/Globals.java Thu Sep 8
13:49:50 2011
@@ -98,9 +98,15 @@ public final class Globals {
* for this SSL connection (as an object of type java.lang.String).
*/
public static final String SSL_SESSION_ID_ATTR =
+ "javax.servlet.request.ssl_session_id";
+ /**
+ * Tomcat specific attribute as used in Tomcat 6.
+ * @deprecated
+ */
+ @Deprecated
+ public static final String SSL_SESSION_ID_TOMCAT_ATTR =
"javax.servlet.request.ssl_session";
-
/**
* The request attribute key for the session manager.
* This one is a Tomcat extension to the Servlet spec.
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/Request.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/Request.java?rev=1166689&r1=1166688&r2=1166689&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/Request.java
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/Request.java Thu
Sep 8 13:49:50 2011
@@ -965,6 +965,7 @@ public class Request
attr = coyoteRequest.getAttribute(Globals.SSL_SESSION_ID_ATTR);
if(attr != null) {
attributes.put(Globals.SSL_SESSION_ID_ATTR, attr);
+ attributes.put(Globals.SSL_SESSION_ID_TOMCAT_ATTR, attr);
}
attr = coyoteRequest.getAttribute(Globals.SSL_SESSION_MGR_ATTR);
if(attr != null) {
@@ -985,6 +986,7 @@ public class Request
Globals.CIPHER_SUITE_ATTR.equals(name) ||
Globals.KEY_SIZE_ATTR.equals(name) ||
Globals.SSL_SESSION_ID_ATTR.equals(name) ||
+ Globals.SSL_SESSION_ID_TOMCAT_ATTR.equals(name) ||
Globals.SSL_SESSION_MGR_ATTR.equals(name);
}
@@ -1003,6 +1005,8 @@ public class Request
* <li>{@link Globals#CIPHER_SUITE_ATTR} (SSL connections only)</li>
* <li>{@link Globals#KEY_SIZE_ATTR} (SSL connections only)</li>
* <li>{@link Globals#SSL_SESSION_ID_ATTR} (SSL connections only)</li>
+ * <li>{@link Globals#SSL_SESSION_ID_TOMCAT_ATTR} (SSL connections only)
+ * </li>
* <li>{@link Globals#SSL_SESSION_MGR_ATTR} (SSL connections only)</li>
* </ul>
* The underlying connector may also expose request attributes. These all
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/SSLValve.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/SSLValve.java?rev=1166689&r1=1166688&r2=1166689&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/SSLValve.java
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/SSLValve.java Thu Sep
8 13:49:50 2011
@@ -125,6 +125,7 @@ public class SSLValve extends ValveBase
strcert0 = mygetHeader(request, "ssl_session_id");
if (strcert0 != null) {
request.setAttribute(Globals.SSL_SESSION_ID_ATTR, strcert0);
+ request.setAttribute(Globals.SSL_SESSION_ID_TOMCAT_ATTR, strcert0);
}
strcert0 = mygetHeader(request, "ssl_cipher_usekeysize");
if (strcert0 != null) {
Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/SSLSupport.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/SSLSupport.java?rev=1166689&r1=1166688&r2=1166689&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/SSLSupport.java
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/SSLSupport.java Thu
Sep 8 13:49:50 2011
@@ -45,7 +45,7 @@ public interface SSLSupport {
* This one is a Tomcat extension to the Servlet spec.
*/
public static final String SESSION_ID_KEY =
- "javax.servlet.request.ssl_session";
+ "javax.servlet.request.ssl_session_id";
/**
* The request attribute key for the session manager.
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1166689&r1=1166688&r2=1166689&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Thu Sep 8 13:49:50 2011
@@ -94,6 +94,11 @@
non-poolable objects (e.g. tag files) that need to be scanned for
annotations when created. (markt)
</add>
+ <fix>
+ Use the specification compliant request attribute of
+ <code>javax.servlet.request.ssl_session_id</code> to access the SSL
+ session ID and deprecated the Tomcat specific request attribute.
(markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
Modified: tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml?rev=1166689&r1=1166688&r2=1166689&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml Thu Sep 8 13:49:50 2011
@@ -582,7 +582,7 @@ public class SessionTrackingModeListener
<p>To access the SSL session ID from the request, use:<br />
<code>
- String sslID =
(String)request.getAttribute("javax.servlet.request.ssl_session");
+ String sslID =
(String)request.getAttribute("javax.servlet.request.ssl_session_id");
</code>
<br />
For additional discussion on this area, please see
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
