Re: [OT] How to determine whether a session or request is SSL
To know if the user use ssl, try the boolean request.isSecure(). On Fri, 11 Mar 2005 13:27:09 +0100, Jan Behrens [EMAIL PROTECTED] wrote: Hi list, I would like to evaluate the current encription status of a users session or request from out of a taglib or servlet. E.g. know whether the user is using https and possibly the encryption strength used... This must be easy (I hope) but I couldn't work out how to so far and wondered whether anybody out there could point me into the right direction. TIA Jan Jan Behrens OFFIS FuE-Bereich Betriebliches Informations- und Wissensmanagement Escherweg 2 - 26121 Oldenburg - Germany Fon: +49 4 41 97 22 - 187 - Fax: +49 4 41 97 22-102 E-mail: [EMAIL PROTECTED] - URL: http://www.offis.de - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Rodrigo de Avila [EMAIL PROTECTED] http://www.avila.eti.br - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Antwort: Re: [OT] How to determine whether a session or request is SSL
Thanks Rodrigo, do you know of a way to get the encryption level of the request as well? (40bit, 128bit, ...) TIA Jan Jan Behrens OFFIS FuE-Bereich Betriebliches Informations- und Wissensmanagement Escherweg 2 - 26121 Oldenburg - Germany Fon: +49 4 41 97 22 - 187 - Fax: +49 4 41 97 22-102 E-mail: [EMAIL PROTECTED] - URL: http://www.offis.de Rodrigo Avila [EMAIL PROTECTED] 11.03.2005 09:58 Bitte antworten an Tomcat Users List tomcat-user@jakarta.apache.org An Tomcat Users List tomcat-user@jakarta.apache.org Kopie Thema Re: [OT] How to determine whether a session or request is SSL To know if the user use ssl, try the boolean request.isSecure(). On Fri, 11 Mar 2005 13:27:09 +0100, Jan Behrens [EMAIL PROTECTED] wrote: Hi list, I would like to evaluate the current encription status of a users session or request from out of a taglib or servlet. E.g. know whether the user is using https and possibly the encryption strength used... This must be easy (I hope) but I couldn't work out how to so far and wondered whether anybody out there could point me into the right direction. TIA Jan Jan Behrens OFFIS FuE-Bereich Betriebliches Informations- und Wissensmanagement Escherweg 2 - 26121 Oldenburg - Germany Fon: +49 4 41 97 22 - 187 - Fax: +49 4 41 97 22-102 E-mail: [EMAIL PROTECTED] - URL: http://www.offis.de - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Rodrigo de Avila [EMAIL PROTECTED] http://www.avila.eti.br - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: [OT] How to determine whether a session or request is SSL
Sincerily... I don know. But, reading [http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html], I see this tip: To access the SSL session ID from the request, use: String sslID = (String)request.getAttribute(javax.servlet.request.ssl_session); And, in the ServletRequest javadoc [http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/ServletRequest.html#getAttribute(java.lang.String)], I found: For example, for requests made using HTTPS, the attribute javax.servlet.request.X509Certificate can be used to retrieve information on the certificate of the client. I don't know, but maybe exist more attributes than that. I hope it helps! On Fri, 11 Mar 2005 14:09:18 +0100, Jan Behrens [EMAIL PROTECTED] wrote: Thanks Rodrigo, do you know of a way to get the encryption level of the request as well? (40bit, 128bit, ...) TIA Jan Jan Behrens OFFIS FuE-Bereich Betriebliches Informations- und Wissensmanagement Escherweg 2 - 26121 Oldenburg - Germany Fon: +49 4 41 97 22 - 187 - Fax: +49 4 41 97 22-102 E-mail: [EMAIL PROTECTED] - URL: http://www.offis.de Rodrigo Avila [EMAIL PROTECTED] 11.03.2005 09:58 Bitte antworten an Tomcat Users List tomcat-user@jakarta.apache.org An Tomcat Users List tomcat-user@jakarta.apache.org Kopie Thema Re: [OT] How to determine whether a session or request is SSL To know if the user use ssl, try the boolean request.isSecure(). On Fri, 11 Mar 2005 13:27:09 +0100, Jan Behrens [EMAIL PROTECTED] wrote: Hi list, I would like to evaluate the current encription status of a users session or request from out of a taglib or servlet. E.g. know whether the user is using https and possibly the encryption strength used... This must be easy (I hope) but I couldn't work out how to so far and wondered whether anybody out there could point me into the right direction. TIA Jan Jan Behrens OFFIS FuE-Bereich Betriebliches Informations- und Wissensmanagement Escherweg 2 - 26121 Oldenburg - Germany Fon: +49 4 41 97 22 - 187 - Fax: +49 4 41 97 22-102 E-mail: [EMAIL PROTECTED] - URL: http://www.offis.de - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Rodrigo de Avila [EMAIL PROTECTED] http://www.avila.eti.br - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Rodrigo de Avila [EMAIL PROTECTED] http://www.avila.eti.br - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Antwort: Re: Re: [OT] How to determine whether a session or request is SSL
Thanks a lot Rodrigo! I will try the second an see what I can come up with. Thanks again % have a nice weekend, Jan Jan Behrens OFFIS FuE-Bereich Betriebliches Informations- und Wissensmanagement Escherweg 2 - 26121 Oldenburg - Germany Fon: +49 4 41 97 22 - 187 - Fax: +49 4 41 97 22-102 E-mail: [EMAIL PROTECTED] - URL: http://www.offis.de Rodrigo Avila [EMAIL PROTECTED] 11.03.2005 11:02 Bitte antworten an Tomcat Users List tomcat-user@jakarta.apache.org An Tomcat Users List tomcat-user@jakarta.apache.org Kopie Thema Re: Re: [OT] How to determine whether a session or request is SSL Sincerily... I don know. But, reading [http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html], I see this tip: To access the SSL session ID from the request, use: String sslID = (String)request.getAttribute(javax.servlet.request.ssl_session); And, in the ServletRequest javadoc [http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/ServletRequest.html#getAttribute(java.lang.String)], I found: For example, for requests made using HTTPS, the attribute javax.servlet.request.X509Certificate can be used to retrieve information on the certificate of the client. I don't know, but maybe exist more attributes than that. I hope it helps! On Fri, 11 Mar 2005 14:09:18 +0100, Jan Behrens [EMAIL PROTECTED] wrote: Thanks Rodrigo, do you know of a way to get the encryption level of the request as well? (40bit, 128bit, ...) TIA Jan Jan Behrens OFFIS FuE-Bereich Betriebliches Informations- und Wissensmanagement Escherweg 2 - 26121 Oldenburg - Germany Fon: +49 4 41 97 22 - 187 - Fax: +49 4 41 97 22-102 E-mail: [EMAIL PROTECTED] - URL: http://www.offis.de Rodrigo Avila [EMAIL PROTECTED] 11.03.2005 09:58 Bitte antworten an Tomcat Users List tomcat-user@jakarta.apache.org An Tomcat Users List tomcat-user@jakarta.apache.org Kopie Thema Re: [OT] How to determine whether a session or request is SSL To know if the user use ssl, try the boolean request.isSecure(). On Fri, 11 Mar 2005 13:27:09 +0100, Jan Behrens [EMAIL PROTECTED] wrote: Hi list, I would like to evaluate the current encription status of a users session or request from out of a taglib or servlet. E.g. know whether the user is using https and possibly the encryption strength used... This must be easy (I hope) but I couldn't work out how to so far and wondered whether anybody out there could point me into the right direction. TIA Jan Jan Behrens OFFIS FuE-Bereich Betriebliches Informations- und Wissensmanagement Escherweg 2 - 26121 Oldenburg - Germany Fon: +49 4 41 97 22 - 187 - Fax: +49 4 41 97 22-102 E-mail: [EMAIL PROTECTED] - URL: http://www.offis.de - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Rodrigo de Avila [EMAIL PROTECTED] http://www.avila.eti.br - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Rodrigo de Avila [EMAIL PROTECTED] http://www.avila.eti.br - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]