Re: Apache SSL again... those variables are getting me mad!
Thanks Bill! I will try but...
I thought that mod_jk2 was the most advanced and that it was recommended
for Apache 2.
Moving to mod_jk 1.2.5 is a step back, isn't it?
Thanks again!
Bill Barker wrote:
Can you try with mod_jk 1.2.5? I really don't know mod_jk2 that well to
know if/how it sends the SSL attributes.
Federico Fernandez Cruz [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Sure! This is getting personal... ;-) Apache and Tomcat will not be my
friends anymore! :-D
Well, I'll try to be a little exhaustive just because sometimes I miss
something that is the real point of the question.
Let's go.
My target is an Apache + Tomcat integration using JK2.
Software!
Redhat 9.0
Apache 2.0.47 with modssl.
Tomcat 5.0.16.
JK2 2.0.2
This is what I have done:
1. Install apache properly. Configuration is in /etc/httpd
2. Install tomcat properly. /opt/jakarta-tomcat-5.0.16
3. Compile JK2 2.0.2 from jakarta-connectors because there is a bug
in the sources of tomcat that avoid recursivity in mappings like
/your_webapp/*
4. Configuration.
In httpd.conf I have added these lines:
#**
LoadModule jk2_module modules/mod_jk2.so
#**
My workers2.properties looks like this (/etc/httpd/workers2.properties)
[logger]
level=DEBUG
[config:]
file=/etc/httpd/conf/workers2.properties
debug=1
debugEnv=1
[uriMap:]
info=Maps the requests. Options: debug
debug=1
# Alternate file logger
[logger.file:0]
level=DEBUG
file=/var/log/httpd/jk2.log
[shm:]
info=Scoreboard. Required for reconfiguration and status with
multiprocess servers
file=/var/run/jk2.shm
size=100
debug=0
disabled=0
[workerEnv:]
info=Global server options
timing=1
debug=1
# Default Native Logger (apache2 or win32 )
# can be overriden to a file logger, useful
# when tracing win32 related issues
logger=logger.file:0
[channel.socket:127.0.0.1:8009]
info=Ajp13 forwarding over socket
debug=1
tomcatId=127.0.0.1:8009
[ajp13:127.0.0.1:8009]
channel=channel.socket:127.0.0.1:8009
[status:status]
info=Status worker, displays runtime informations
[vm:]
info=Parameters used to load a JVM in the server process
#JVM=C:\jdk\jre\bin\hotspot\jvm.dll
OPT=-Djava.class.path=${TOMCAT_HOME}/lib/tomcat-jni.jar;${TOMCAT_HOME}/serve
r/lib/commons-logging.jar
OPT=-Dtomcat.home=${TOMCAT_HOME}
OPT=-Dcatalina.home=${TOMCAT_HOME}
OPT=-Xmx128M
#OPT=-Djava.compiler=NONE
disabled=1
[uri:/jkstatus/*]
info=Display status information and checks the config file for changes.
group=status:
worker=status:status
#***
**
In tomcat, my jk2.properties looks like this
#***
***
handler.list=request,container,channelSocket
channelSocket.port=8009
channelSocket.address=127.0.0.1
channelSocket.maxPort=port+10
#***
***
And in server.xml the jk connector is configured as this:
#***
***
Connector port=8009 protocol=AJP/1.3
protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler
redirectPort=8443
/Connector
#***
***
In my ssl.conf the configuration is: (UserMan is my web application)
#***
***
IfModule mod_jk2.c
Location /UserMan
JkUriSet worker ajp13:127.0.0.1:8009
/Location
Location /admin
JkUriSet worker ajp13:127.0.0.1:8009
/Location
Location /manager/html
JkUriSet worker ajp13:127.0.0.1:8009
/Location
/IfModule
#***
***
I am using client authentication and everything goes fine. SSL
connection is OK and the server ask the web browser for a client
certificate. And my application is displayed properly! I am happy up to
this moment but...
What about asking for SSL parameters from my webapp?
I am doing something like this inside a JSP file:
String cipher =
(String)request.getAttribute(javax.servlet.request.cipher_suite);
Integer keysize =
(Integer)request.getAttribute(javax.servlet.request.key_size);
X509Certificate [] certs = (X509Certificate
[])request.getAttribute(javax.servlet.request.X509Certificate);
String sessionId =
(String)request.getAttribute(javax.servlet.request.ssl_session);
X509Certificate [] certs = (X509Certificate
[])request.getAttribute(org.apache.coyote.request.X509Certificate);
I ALLWAYS GET NULL!
What more can I do? Is there anybody that had succeded doing this? What
about developers?
Thanks in advance! And sorry for this long post, but...
Thanks again!
Re: Apache SSL again... those variables are getting me mad!
Yes! It returns null.
The servlet (jsp) that executes this code is running in Tomcat
(obviously!) And the whole web application is mapped from apache to tomcat.
The steps are the following:
1.- https://my-machine/UserMan (UserMan is a location in Apache
that is mapped to my web application that is called UserMan ;-) )
2.- Apache starts SSL negotiation and ask the browser to send a client
user certificate.
3.- I select a correct user certificate... apache continues with the ssl
negotiation...
4.- Now I have a secure connection with apache.
5.- Apache send my request to Tomcat through mod_jk2
6.- Tomcat presents UserMan contents. That's all!
My JSP is under UserMan in Tomcat. So If I type the URL to get
ssltest.jsp, the code executes over SSL through mod_jk2...
By the way, I have exported all variables in ssl.conf using...
SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
I think mod_jk2 is not working properly with the ssl information but is
tunneling the communication in a correct manner from Apache to Tomcat.
Thanks again!
Mark W. Webb wrote:
Does the following return null? If so, your ssl.conf may be messed
up. Is the servlet that executes this code running over SSL?
java.security.cert.X509Certificate[] certs =
(java.security.cert.X509Certificate[])req.getAttribute(javax.servlet.request.X509Certificate)
Federico Fernandez Cruz wrote:
That's was an example.
I allways get NULL for all calls regarding SSL, even with
String cipher =
(String)request.getAttribute(javax.servlet.request.cipher_suite);
or the key size example.
I know that code won't compile... My intention was pointing you to
the real problem... I can't access those variables.
Thanks!
Mark W. Webb wrote:
what is null? the certs object ? Why do you have the following 2
lines...
X509Certificate [] certs = (X509Certificate
[])request.getAttribute(javax.servlet.request.X509Certificate);
X509Certificate [] certs = (X509Certificate
[])request.getAttribute(org.apache.coyote.request.X509Certificate);
do both of these methods return null?
Federico Fernandez Cruz wrote:
Sure! This is getting personal... ;-) Apache and Tomcat will not be
my friends anymore! :-D
Well, I'll try to be a little exhaustive just because sometimes I
miss something that is the real point of the question.
Let's go.
My target is an Apache + Tomcat integration using JK2.
Software!
Redhat 9.0
Apache 2.0.47 with modssl.
Tomcat 5.0.16.
JK2 2.0.2
This is what I have done:
1. Install apache properly. Configuration is in /etc/httpd
2. Install tomcat properly. /opt/jakarta-tomcat-5.0.16
3. Compile JK2 2.0.2 from jakarta-connectors because there is a
bug in the sources of tomcat that avoid recursivity in mappings
like /your_webapp/*
4. Configuration.
In httpd.conf I have added these lines:
#**
LoadModule jk2_module modules/mod_jk2.so
#**
My workers2.properties looks like this
(/etc/httpd/workers2.properties)
[logger]
level=DEBUG
[config:]
file=/etc/httpd/conf/workers2.properties
debug=1
debugEnv=1
[uriMap:]
info=Maps the requests. Options: debug
debug=1
# Alternate file logger
[logger.file:0]
level=DEBUG
file=/var/log/httpd/jk2.log
[shm:]
info=Scoreboard. Required for reconfiguration and status with
multiprocess servers
file=/var/run/jk2.shm
size=100
debug=0
disabled=0
[workerEnv:]
info=Global server options
timing=1
debug=1
# Default Native Logger (apache2 or win32 )
# can be overriden to a file logger, useful
# when tracing win32 related issues
logger=logger.file:0
[channel.socket:127.0.0.1:8009]
info=Ajp13 forwarding over socket
debug=1
tomcatId=127.0.0.1:8009
[ajp13:127.0.0.1:8009]
channel=channel.socket:127.0.0.1:8009
[status:status]
info=Status worker, displays runtime informations
[vm:]
info=Parameters used to load a JVM in the server process
#JVM=C:\jdk\jre\bin\hotspot\jvm.dll
OPT=-Djava.class.path=${TOMCAT_HOME}/lib/tomcat-jni.jar;${TOMCAT_HOME}/server/lib/commons-logging.jar
OPT=-Dtomcat.home=${TOMCAT_HOME}
OPT=-Dcatalina.home=${TOMCAT_HOME}
OPT=-Xmx128M
#OPT=-Djava.compiler=NONE
disabled=1
[uri:/jkstatus/*]
info=Display status information and checks the config file for
changes.
group=status:
worker=status:status
#*
In tomcat, my jk2.properties looks like this
#**
handler.list=request,container,channelSocket
channelSocket.port=8009
channelSocket.address=127.0.0.1
channelSocket.maxPort=port+10
#**
And in server.xml the jk connector is configured as this:
#**
Connector port=8009 protocol=AJP/1.3
Re: Apache SSL again... those variables are getting me mad!
I use mod_jk with tomcat 4.1.x and apache from source. I have not had
any problems to date. Try mod_jk and see if that helps.
Federico Fernandez Cruz wrote:
Yes! It returns null.
The servlet (jsp) that executes this code is running in Tomcat
(obviously!) And the whole web application is mapped from apache to
tomcat.
The steps are the following:
1.- https://my-machine/UserMan (UserMan is a location in Apache
that is mapped to my web application that is called UserMan ;-) )
2.- Apache starts SSL negotiation and ask the browser to send a client
user certificate.
3.- I select a correct user certificate... apache continues with the
ssl negotiation...
4.- Now I have a secure connection with apache.
5.- Apache send my request to Tomcat through mod_jk2
6.- Tomcat presents UserMan contents. That's all!
My JSP is under UserMan in Tomcat. So If I type the URL to get
ssltest.jsp, the code executes over SSL through mod_jk2...
By the way, I have exported all variables in ssl.conf using...
SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
I think mod_jk2 is not working properly with the ssl information but
is tunneling the communication in a correct manner from Apache to Tomcat.
Thanks again!
Mark W. Webb wrote:
Does the following return null? If so, your ssl.conf may be messed
up. Is the servlet that executes this code running over SSL?
java.security.cert.X509Certificate[] certs =
(java.security.cert.X509Certificate[])req.getAttribute(javax.servlet.request.X509Certificate)
Federico Fernandez Cruz wrote:
That's was an example.
I allways get NULL for all calls regarding SSL, even with
String cipher =
(String)request.getAttribute(javax.servlet.request.cipher_suite);
or the key size example.
I know that code won't compile... My intention was pointing you to
the real problem... I can't access those variables.
Thanks!
Mark W. Webb wrote:
what is null? the certs object ? Why do you have the following 2
lines...
X509Certificate [] certs = (X509Certificate
[])request.getAttribute(javax.servlet.request.X509Certificate);
X509Certificate [] certs = (X509Certificate
[])request.getAttribute(org.apache.coyote.request.X509Certificate);
do both of these methods return null?
Federico Fernandez Cruz wrote:
Sure! This is getting personal... ;-) Apache and Tomcat will not
be my friends anymore! :-D
Well, I'll try to be a little exhaustive just because sometimes I
miss something that is the real point of the question.
Let's go.
My target is an Apache + Tomcat integration using JK2.
Software!
Redhat 9.0
Apache 2.0.47 with modssl.
Tomcat 5.0.16.
JK2 2.0.2
This is what I have done:
1. Install apache properly. Configuration is in /etc/httpd
2. Install tomcat properly. /opt/jakarta-tomcat-5.0.16
3. Compile JK2 2.0.2 from jakarta-connectors because there is a
bug in the sources of tomcat that avoid recursivity in mappings
like /your_webapp/*
4. Configuration.
In httpd.conf I have added these lines:
#**
LoadModule jk2_module modules/mod_jk2.so
#**
My workers2.properties looks like this
(/etc/httpd/workers2.properties)
[logger]
level=DEBUG
[config:]
file=/etc/httpd/conf/workers2.properties
debug=1
debugEnv=1
[uriMap:]
info=Maps the requests. Options: debug
debug=1
# Alternate file logger
[logger.file:0]
level=DEBUG
file=/var/log/httpd/jk2.log
[shm:]
info=Scoreboard. Required for reconfiguration and status with
multiprocess servers
file=/var/run/jk2.shm
size=100
debug=0
disabled=0
[workerEnv:]
info=Global server options
timing=1
debug=1
# Default Native Logger (apache2 or win32 )
# can be overriden to a file logger, useful
# when tracing win32 related issues
logger=logger.file:0
[channel.socket:127.0.0.1:8009]
info=Ajp13 forwarding over socket
debug=1
tomcatId=127.0.0.1:8009
[ajp13:127.0.0.1:8009]
channel=channel.socket:127.0.0.1:8009
[status:status]
info=Status worker, displays runtime informations
[vm:]
info=Parameters used to load a JVM in the server process
#JVM=C:\jdk\jre\bin\hotspot\jvm.dll
OPT=-Djava.class.path=${TOMCAT_HOME}/lib/tomcat-jni.jar;${TOMCAT_HOME}/server/lib/commons-logging.jar
OPT=-Dtomcat.home=${TOMCAT_HOME}
OPT=-Dcatalina.home=${TOMCAT_HOME}
OPT=-Xmx128M
#OPT=-Djava.compiler=NONE
disabled=1
[uri:/jkstatus/*]
info=Display status information and checks the config file for
changes.
group=status:
worker=status:status
#*
In tomcat, my jk2.properties looks like this
#**
handler.list=request,container,channelSocket
channelSocket.port=8009
channelSocket.address=127.0.0.1
channelSocket.maxPort=port+10
#**
And in server.xml the jk connector is configured as this:
Apache SSL again... those variables are getting me mad!
Sure! This is getting personal... ;-) Apache and Tomcat will not be my
friends anymore! :-D
Well, I'll try to be a little exhaustive just because sometimes I miss
something that is the real point of the question.
Let's go.
My target is an Apache + Tomcat integration using JK2.
Software!
Redhat 9.0
Apache 2.0.47 with modssl.
Tomcat 5.0.16.
JK2 2.0.2
This is what I have done:
1. Install apache properly. Configuration is in /etc/httpd
2. Install tomcat properly. /opt/jakarta-tomcat-5.0.16
3. Compile JK2 2.0.2 from jakarta-connectors because there is a bug
in the sources of tomcat that avoid recursivity in mappings like
/your_webapp/*
4. Configuration.
In httpd.conf I have added these lines:
#**
LoadModule jk2_module modules/mod_jk2.so
#**
My workers2.properties looks like this (/etc/httpd/workers2.properties)
[logger]
level=DEBUG
[config:]
file=/etc/httpd/conf/workers2.properties
debug=1
debugEnv=1
[uriMap:]
info=Maps the requests. Options: debug
debug=1
# Alternate file logger
[logger.file:0]
level=DEBUG
file=/var/log/httpd/jk2.log
[shm:]
info=Scoreboard. Required for reconfiguration and status with
multiprocess servers
file=/var/run/jk2.shm
size=100
debug=0
disabled=0
[workerEnv:]
info=Global server options
timing=1
debug=1
# Default Native Logger (apache2 or win32 )
# can be overriden to a file logger, useful
# when tracing win32 related issues
logger=logger.file:0
[channel.socket:127.0.0.1:8009]
info=Ajp13 forwarding over socket
debug=1
tomcatId=127.0.0.1:8009
[ajp13:127.0.0.1:8009]
channel=channel.socket:127.0.0.1:8009
[status:status]
info=Status worker, displays runtime informations
[vm:]
info=Parameters used to load a JVM in the server process
#JVM=C:\jdk\jre\bin\hotspot\jvm.dll
OPT=-Djava.class.path=${TOMCAT_HOME}/lib/tomcat-jni.jar;${TOMCAT_HOME}/server/lib/commons-logging.jar
OPT=-Dtomcat.home=${TOMCAT_HOME}
OPT=-Dcatalina.home=${TOMCAT_HOME}
OPT=-Xmx128M
#OPT=-Djava.compiler=NONE
disabled=1
[uri:/jkstatus/*]
info=Display status information and checks the config file for changes.
group=status:
worker=status:status
#*
In tomcat, my jk2.properties looks like this
#**
handler.list=request,container,channelSocket
channelSocket.port=8009
channelSocket.address=127.0.0.1
channelSocket.maxPort=port+10
#**
And in server.xml the jk connector is configured as this:
#**
Connector port=8009 protocol=AJP/1.3
protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler
redirectPort=8443
/Connector
#**
In my ssl.conf the configuration is: (UserMan is my web application)
#**
IfModule mod_jk2.c
Location /UserMan
JkUriSet worker ajp13:127.0.0.1:8009
/Location
Location /admin
JkUriSet worker ajp13:127.0.0.1:8009
/Location
Location /manager/html
JkUriSet worker ajp13:127.0.0.1:8009
/Location
/IfModule
#**
I am using client authentication and everything goes fine. SSL
connection is OK and the server ask the web browser for a client
certificate. And my application is displayed properly! I am happy up to
this moment but...
What about asking for SSL parameters from my webapp?
I am doing something like this inside a JSP file:
String cipher = (String)request.getAttribute(javax.servlet.request.cipher_suite);
Integer keysize = (Integer)request.getAttribute(javax.servlet.request.key_size);
X509Certificate [] certs = (X509Certificate [])request.getAttribute(javax.servlet.request.X509Certificate);
String sessionId = (String)request.getAttribute(javax.servlet.request.ssl_session);
X509Certificate [] certs = (X509Certificate [])request.getAttribute(org.apache.coyote.request.X509Certificate);
I ALLWAYS GET NULL!
What more can I do? Is there anybody that had succeded doing this? What about developers?
Thanks in advance! And sorry for this long post, but...
Thanks again!
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache SSL again... those variables are getting me mad!
what is null? the certs object ? Why do you have the following 2 lines...
X509Certificate [] certs = (X509Certificate
[])request.getAttribute(javax.servlet.request.X509Certificate);
X509Certificate [] certs = (X509Certificate
[])request.getAttribute(org.apache.coyote.request.X509Certificate);
do both of these methods return null?
Federico Fernandez Cruz wrote:
Sure! This is getting personal... ;-) Apache and Tomcat will not be my
friends anymore! :-D
Well, I'll try to be a little exhaustive just because sometimes I miss
something that is the real point of the question.
Let's go.
My target is an Apache + Tomcat integration using JK2.
Software!
Redhat 9.0
Apache 2.0.47 with modssl.
Tomcat 5.0.16.
JK2 2.0.2
This is what I have done:
1. Install apache properly. Configuration is in /etc/httpd
2. Install tomcat properly. /opt/jakarta-tomcat-5.0.16
3. Compile JK2 2.0.2 from jakarta-connectors because there is a bug
in the sources of tomcat that avoid recursivity in mappings like
/your_webapp/*
4. Configuration.
In httpd.conf I have added these lines:
#**
LoadModule jk2_module modules/mod_jk2.so
#**
My workers2.properties looks like this (/etc/httpd/workers2.properties)
[logger]
level=DEBUG
[config:]
file=/etc/httpd/conf/workers2.properties
debug=1
debugEnv=1
[uriMap:]
info=Maps the requests. Options: debug
debug=1
# Alternate file logger
[logger.file:0]
level=DEBUG
file=/var/log/httpd/jk2.log
[shm:]
info=Scoreboard. Required for reconfiguration and status with
multiprocess servers
file=/var/run/jk2.shm
size=100
debug=0
disabled=0
[workerEnv:]
info=Global server options
timing=1
debug=1
# Default Native Logger (apache2 or win32 )
# can be overriden to a file logger, useful
# when tracing win32 related issues
logger=logger.file:0
[channel.socket:127.0.0.1:8009]
info=Ajp13 forwarding over socket
debug=1
tomcatId=127.0.0.1:8009
[ajp13:127.0.0.1:8009]
channel=channel.socket:127.0.0.1:8009
[status:status]
info=Status worker, displays runtime informations
[vm:]
info=Parameters used to load a JVM in the server process
#JVM=C:\jdk\jre\bin\hotspot\jvm.dll
OPT=-Djava.class.path=${TOMCAT_HOME}/lib/tomcat-jni.jar;${TOMCAT_HOME}/server/lib/commons-logging.jar
OPT=-Dtomcat.home=${TOMCAT_HOME}
OPT=-Dcatalina.home=${TOMCAT_HOME}
OPT=-Xmx128M
#OPT=-Djava.compiler=NONE
disabled=1
[uri:/jkstatus/*]
info=Display status information and checks the config file for changes.
group=status:
worker=status:status
#*
In tomcat, my jk2.properties looks like this
#**
handler.list=request,container,channelSocket
channelSocket.port=8009
channelSocket.address=127.0.0.1
channelSocket.maxPort=port+10
#**
And in server.xml the jk connector is configured as this:
#**
Connector port=8009 protocol=AJP/1.3
protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler
redirectPort=8443
/Connector
#**
In my ssl.conf the configuration is: (UserMan is my web application)
#**
IfModule mod_jk2.c
Location /UserMan
JkUriSet worker ajp13:127.0.0.1:8009
/Location
Location /admin
JkUriSet worker ajp13:127.0.0.1:8009
/Location
Location /manager/html
JkUriSet worker ajp13:127.0.0.1:8009
/Location
/IfModule
#**
I am using client authentication and everything goes fine. SSL
connection is OK and the server ask the web browser for a client
certificate. And my application is displayed properly! I am happy up
to this moment but...
What about asking for SSL parameters from my webapp?
I am doing something like this inside a JSP file:
String cipher =
(String)request.getAttribute(javax.servlet.request.cipher_suite);
Integer keysize =
(Integer)request.getAttribute(javax.servlet.request.key_size);
X509Certificate [] certs = (X509Certificate
[])request.getAttribute(javax.servlet.request.X509Certificate);
String sessionId =
(String)request.getAttribute(javax.servlet.request.ssl_session);
X509Certificate [] certs = (X509Certificate
[])request.getAttribute(org.apache.coyote.request.X509Certificate);
I ALLWAYS GET NULL!
What more can I do? Is there anybody that had succeded doing this?
What about developers?
Thanks in advance! And sorry for this long post, but...
Thanks again!
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For
Re: Apache SSL again... those variables are getting me mad!
That's was an example.
I allways get NULL for all calls regarding SSL, even with
String cipher =
(String)request.getAttribute(javax.servlet.request.cipher_suite);
or the key size example.
I know that code won't compile... My intention was pointing you to the
real problem... I can't access those variables.
Thanks!
Mark W. Webb wrote:
what is null? the certs object ? Why do you have the following 2
lines...
X509Certificate [] certs = (X509Certificate
[])request.getAttribute(javax.servlet.request.X509Certificate);
X509Certificate [] certs = (X509Certificate
[])request.getAttribute(org.apache.coyote.request.X509Certificate);
do both of these methods return null?
Federico Fernandez Cruz wrote:
Sure! This is getting personal... ;-) Apache and Tomcat will not be
my friends anymore! :-D
Well, I'll try to be a little exhaustive just because sometimes I
miss something that is the real point of the question.
Let's go.
My target is an Apache + Tomcat integration using JK2.
Software!
Redhat 9.0
Apache 2.0.47 with modssl.
Tomcat 5.0.16.
JK2 2.0.2
This is what I have done:
1. Install apache properly. Configuration is in /etc/httpd
2. Install tomcat properly. /opt/jakarta-tomcat-5.0.16
3. Compile JK2 2.0.2 from jakarta-connectors because there is a
bug in the sources of tomcat that avoid recursivity in mappings like
/your_webapp/*
4. Configuration.
In httpd.conf I have added these lines:
#**
LoadModule jk2_module modules/mod_jk2.so
#**
My workers2.properties looks like this (/etc/httpd/workers2.properties)
[logger]
level=DEBUG
[config:]
file=/etc/httpd/conf/workers2.properties
debug=1
debugEnv=1
[uriMap:]
info=Maps the requests. Options: debug
debug=1
# Alternate file logger
[logger.file:0]
level=DEBUG
file=/var/log/httpd/jk2.log
[shm:]
info=Scoreboard. Required for reconfiguration and status with
multiprocess servers
file=/var/run/jk2.shm
size=100
debug=0
disabled=0
[workerEnv:]
info=Global server options
timing=1
debug=1
# Default Native Logger (apache2 or win32 )
# can be overriden to a file logger, useful
# when tracing win32 related issues
logger=logger.file:0
[channel.socket:127.0.0.1:8009]
info=Ajp13 forwarding over socket
debug=1
tomcatId=127.0.0.1:8009
[ajp13:127.0.0.1:8009]
channel=channel.socket:127.0.0.1:8009
[status:status]
info=Status worker, displays runtime informations
[vm:]
info=Parameters used to load a JVM in the server process
#JVM=C:\jdk\jre\bin\hotspot\jvm.dll
OPT=-Djava.class.path=${TOMCAT_HOME}/lib/tomcat-jni.jar;${TOMCAT_HOME}/server/lib/commons-logging.jar
OPT=-Dtomcat.home=${TOMCAT_HOME}
OPT=-Dcatalina.home=${TOMCAT_HOME}
OPT=-Xmx128M
#OPT=-Djava.compiler=NONE
disabled=1
[uri:/jkstatus/*]
info=Display status information and checks the config file for changes.
group=status:
worker=status:status
#*
In tomcat, my jk2.properties looks like this
#**
handler.list=request,container,channelSocket
channelSocket.port=8009
channelSocket.address=127.0.0.1
channelSocket.maxPort=port+10
#**
And in server.xml the jk connector is configured as this:
#**
Connector port=8009 protocol=AJP/1.3
protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler
redirectPort=8443
/Connector
#**
In my ssl.conf the configuration is: (UserMan is my web application)
#**
IfModule mod_jk2.c
Location /UserMan
JkUriSet worker ajp13:127.0.0.1:8009
/Location
Location /admin
JkUriSet worker ajp13:127.0.0.1:8009
/Location
Location /manager/html
JkUriSet worker ajp13:127.0.0.1:8009
/Location
/IfModule
#**
I am using client authentication and everything goes fine. SSL
connection is OK and the server ask the web browser for a client
certificate. And my application is displayed properly! I am happy up
to this moment but...
What about asking for SSL parameters from my webapp?
I am doing something like this inside a JSP file:
String cipher =
(String)request.getAttribute(javax.servlet.request.cipher_suite);
Integer keysize =
(Integer)request.getAttribute(javax.servlet.request.key_size);
X509Certificate [] certs = (X509Certificate
[])request.getAttribute(javax.servlet.request.X509Certificate);
String sessionId =
(String)request.getAttribute(javax.servlet.request.ssl_session);
X509Certificate [] certs = (X509Certificate
Re: Apache SSL again... those variables are getting me mad!
Does the following return null? If so, your ssl.conf may be messed up.
Is the servlet that executes this code running over SSL?
java.security.cert.X509Certificate[] certs =
(java.security.cert.X509Certificate[])req.getAttribute(javax.servlet.request.X509Certificate)
Federico Fernandez Cruz wrote:
That's was an example.
I allways get NULL for all calls regarding SSL, even with
String cipher =
(String)request.getAttribute(javax.servlet.request.cipher_suite);
or the key size example.
I know that code won't compile... My intention was pointing you to
the real problem... I can't access those variables.
Thanks!
Mark W. Webb wrote:
what is null? the certs object ? Why do you have the following 2
lines...
X509Certificate [] certs = (X509Certificate
[])request.getAttribute(javax.servlet.request.X509Certificate);
X509Certificate [] certs = (X509Certificate
[])request.getAttribute(org.apache.coyote.request.X509Certificate);
do both of these methods return null?
Federico Fernandez Cruz wrote:
Sure! This is getting personal... ;-) Apache and Tomcat will not be
my friends anymore! :-D
Well, I'll try to be a little exhaustive just because sometimes I
miss something that is the real point of the question.
Let's go.
My target is an Apache + Tomcat integration using JK2.
Software!
Redhat 9.0
Apache 2.0.47 with modssl.
Tomcat 5.0.16.
JK2 2.0.2
This is what I have done:
1. Install apache properly. Configuration is in /etc/httpd
2. Install tomcat properly. /opt/jakarta-tomcat-5.0.16
3. Compile JK2 2.0.2 from jakarta-connectors because there is a
bug in the sources of tomcat that avoid recursivity in mappings like
/your_webapp/*
4. Configuration.
In httpd.conf I have added these lines:
#**
LoadModule jk2_module modules/mod_jk2.so
#**
My workers2.properties looks like this (/etc/httpd/workers2.properties)
[logger]
level=DEBUG
[config:]
file=/etc/httpd/conf/workers2.properties
debug=1
debugEnv=1
[uriMap:]
info=Maps the requests. Options: debug
debug=1
# Alternate file logger
[logger.file:0]
level=DEBUG
file=/var/log/httpd/jk2.log
[shm:]
info=Scoreboard. Required for reconfiguration and status with
multiprocess servers
file=/var/run/jk2.shm
size=100
debug=0
disabled=0
[workerEnv:]
info=Global server options
timing=1
debug=1
# Default Native Logger (apache2 or win32 )
# can be overriden to a file logger, useful
# when tracing win32 related issues
logger=logger.file:0
[channel.socket:127.0.0.1:8009]
info=Ajp13 forwarding over socket
debug=1
tomcatId=127.0.0.1:8009
[ajp13:127.0.0.1:8009]
channel=channel.socket:127.0.0.1:8009
[status:status]
info=Status worker, displays runtime informations
[vm:]
info=Parameters used to load a JVM in the server process
#JVM=C:\jdk\jre\bin\hotspot\jvm.dll
OPT=-Djava.class.path=${TOMCAT_HOME}/lib/tomcat-jni.jar;${TOMCAT_HOME}/server/lib/commons-logging.jar
OPT=-Dtomcat.home=${TOMCAT_HOME}
OPT=-Dcatalina.home=${TOMCAT_HOME}
OPT=-Xmx128M
#OPT=-Djava.compiler=NONE
disabled=1
[uri:/jkstatus/*]
info=Display status information and checks the config file for changes.
group=status:
worker=status:status
#*
In tomcat, my jk2.properties looks like this
#**
handler.list=request,container,channelSocket
channelSocket.port=8009
channelSocket.address=127.0.0.1
channelSocket.maxPort=port+10
#**
And in server.xml the jk connector is configured as this:
#**
Connector port=8009 protocol=AJP/1.3
protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler
redirectPort=8443
/Connector
#**
In my ssl.conf the configuration is: (UserMan is my web application)
#**
IfModule mod_jk2.c
Location /UserMan
JkUriSet worker ajp13:127.0.0.1:8009
/Location
Location /admin
JkUriSet worker ajp13:127.0.0.1:8009
/Location
Location /manager/html
JkUriSet worker ajp13:127.0.0.1:8009
/Location
/IfModule
#**
I am using client authentication and everything goes fine. SSL
connection is OK and the server ask the web browser for a client
certificate. And my application is displayed properly! I am happy up
to this moment but...
What about asking for SSL parameters from my webapp?
I am doing something like this inside a JSP file:
String cipher =
(String)request.getAttribute(javax.servlet.request.cipher_suite);
Integer keysize =
Re: Apache SSL again... those variables are getting me mad!
Can you try with mod_jk 1.2.5? I really don't know mod_jk2 that well to
know if/how it sends the SSL attributes.
Federico Fernandez Cruz [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Sure! This is getting personal... ;-) Apache and Tomcat will not be my
friends anymore! :-D
Well, I'll try to be a little exhaustive just because sometimes I miss
something that is the real point of the question.
Let's go.
My target is an Apache + Tomcat integration using JK2.
Software!
Redhat 9.0
Apache 2.0.47 with modssl.
Tomcat 5.0.16.
JK2 2.0.2
This is what I have done:
1. Install apache properly. Configuration is in /etc/httpd
2. Install tomcat properly. /opt/jakarta-tomcat-5.0.16
3. Compile JK2 2.0.2 from jakarta-connectors because there is a bug
in the sources of tomcat that avoid recursivity in mappings like
/your_webapp/*
4. Configuration.
In httpd.conf I have added these lines:
#**
LoadModule jk2_module modules/mod_jk2.so
#**
My workers2.properties looks like this (/etc/httpd/workers2.properties)
[logger]
level=DEBUG
[config:]
file=/etc/httpd/conf/workers2.properties
debug=1
debugEnv=1
[uriMap:]
info=Maps the requests. Options: debug
debug=1
# Alternate file logger
[logger.file:0]
level=DEBUG
file=/var/log/httpd/jk2.log
[shm:]
info=Scoreboard. Required for reconfiguration and status with
multiprocess servers
file=/var/run/jk2.shm
size=100
debug=0
disabled=0
[workerEnv:]
info=Global server options
timing=1
debug=1
# Default Native Logger (apache2 or win32 )
# can be overriden to a file logger, useful
# when tracing win32 related issues
logger=logger.file:0
[channel.socket:127.0.0.1:8009]
info=Ajp13 forwarding over socket
debug=1
tomcatId=127.0.0.1:8009
[ajp13:127.0.0.1:8009]
channel=channel.socket:127.0.0.1:8009
[status:status]
info=Status worker, displays runtime informations
[vm:]
info=Parameters used to load a JVM in the server process
#JVM=C:\jdk\jre\bin\hotspot\jvm.dll
OPT=-Djava.class.path=${TOMCAT_HOME}/lib/tomcat-jni.jar;${TOMCAT_HOME}/serve
r/lib/commons-logging.jar
OPT=-Dtomcat.home=${TOMCAT_HOME}
OPT=-Dcatalina.home=${TOMCAT_HOME}
OPT=-Xmx128M
#OPT=-Djava.compiler=NONE
disabled=1
[uri:/jkstatus/*]
info=Display status information and checks the config file for changes.
group=status:
worker=status:status
#***
**
In tomcat, my jk2.properties looks like this
#***
***
handler.list=request,container,channelSocket
channelSocket.port=8009
channelSocket.address=127.0.0.1
channelSocket.maxPort=port+10
#***
***
And in server.xml the jk connector is configured as this:
#***
***
Connector port=8009 protocol=AJP/1.3
protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler
redirectPort=8443
/Connector
#***
***
In my ssl.conf the configuration is: (UserMan is my web application)
#***
***
IfModule mod_jk2.c
Location /UserMan
JkUriSet worker ajp13:127.0.0.1:8009
/Location
Location /admin
JkUriSet worker ajp13:127.0.0.1:8009
/Location
Location /manager/html
JkUriSet worker ajp13:127.0.0.1:8009
/Location
/IfModule
#***
***
I am using client authentication and everything goes fine. SSL
connection is OK and the server ask the web browser for a client
certificate. And my application is displayed properly! I am happy up to
this moment but...
What about asking for SSL parameters from my webapp?
I am doing something like this inside a JSP file:
String cipher =
(String)request.getAttribute(javax.servlet.request.cipher_suite);
Integer keysize =
(Integer)request.getAttribute(javax.servlet.request.key_size);
X509Certificate [] certs = (X509Certificate
[])request.getAttribute(javax.servlet.request.X509Certificate);
String sessionId =
(String)request.getAttribute(javax.servlet.request.ssl_session);
X509Certificate [] certs = (X509Certificate
[])request.getAttribute(org.apache.coyote.request.X509Certificate);
I ALLWAYS GET NULL!
What more can I do? Is there anybody that had succeded doing this? What
about developers?
Thanks in advance! And sorry for this long post, but...
Thanks again!
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
