Re: Apache SSL again... those variables are getting me mad!
Thanks Bill! I will try but... I thought that mod_jk2 was the most advanced and that it was recommended for Apache 2. Moving to mod_jk 1.2.5 is a step back, isn't it? Thanks again! Bill Barker wrote: Can you try with mod_jk 1.2.5? I really don't know mod_jk2 that well to know if/how it sends the SSL attributes. Federico Fernandez Cruz [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Sure! This is getting personal... ;-) Apache and Tomcat will not be my friends anymore! :-D Well, I'll try to be a little exhaustive just because sometimes I miss something that is the real point of the question. Let's go. My target is an Apache + Tomcat integration using JK2. Software! Redhat 9.0 Apache 2.0.47 with modssl. Tomcat 5.0.16. JK2 2.0.2 This is what I have done: 1. Install apache properly. Configuration is in /etc/httpd 2. Install tomcat properly. /opt/jakarta-tomcat-5.0.16 3. Compile JK2 2.0.2 from jakarta-connectors because there is a bug in the sources of tomcat that avoid recursivity in mappings like /your_webapp/* 4. Configuration. In httpd.conf I have added these lines: #** LoadModule jk2_module modules/mod_jk2.so #** My workers2.properties looks like this (/etc/httpd/workers2.properties) [logger] level=DEBUG [config:] file=/etc/httpd/conf/workers2.properties debug=1 debugEnv=1 [uriMap:] info=Maps the requests. Options: debug debug=1 # Alternate file logger [logger.file:0] level=DEBUG file=/var/log/httpd/jk2.log [shm:] info=Scoreboard. Required for reconfiguration and status with multiprocess servers file=/var/run/jk2.shm size=100 debug=0 disabled=0 [workerEnv:] info=Global server options timing=1 debug=1 # Default Native Logger (apache2 or win32 ) # can be overriden to a file logger, useful # when tracing win32 related issues logger=logger.file:0 [channel.socket:127.0.0.1:8009] info=Ajp13 forwarding over socket debug=1 tomcatId=127.0.0.1:8009 [ajp13:127.0.0.1:8009] channel=channel.socket:127.0.0.1:8009 [status:status] info=Status worker, displays runtime informations [vm:] info=Parameters used to load a JVM in the server process #JVM=C:\jdk\jre\bin\hotspot\jvm.dll OPT=-Djava.class.path=${TOMCAT_HOME}/lib/tomcat-jni.jar;${TOMCAT_HOME}/serve r/lib/commons-logging.jar OPT=-Dtomcat.home=${TOMCAT_HOME} OPT=-Dcatalina.home=${TOMCAT_HOME} OPT=-Xmx128M #OPT=-Djava.compiler=NONE disabled=1 [uri:/jkstatus/*] info=Display status information and checks the config file for changes. group=status: worker=status:status #*** ** In tomcat, my jk2.properties looks like this #*** *** handler.list=request,container,channelSocket channelSocket.port=8009 channelSocket.address=127.0.0.1 channelSocket.maxPort=port+10 #*** *** And in server.xml the jk connector is configured as this: #*** *** Connector port=8009 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector #*** *** In my ssl.conf the configuration is: (UserMan is my web application) #*** *** IfModule mod_jk2.c Location /UserMan JkUriSet worker ajp13:127.0.0.1:8009 /Location Location /admin JkUriSet worker ajp13:127.0.0.1:8009 /Location Location /manager/html JkUriSet worker ajp13:127.0.0.1:8009 /Location /IfModule #*** *** I am using client authentication and everything goes fine. SSL connection is OK and the server ask the web browser for a client certificate. And my application is displayed properly! I am happy up to this moment but... What about asking for SSL parameters from my webapp? I am doing something like this inside a JSP file: String cipher = (String)request.getAttribute(javax.servlet.request.cipher_suite); Integer keysize = (Integer)request.getAttribute(javax.servlet.request.key_size); X509Certificate [] certs = (X509Certificate [])request.getAttribute(javax.servlet.request.X509Certificate); String sessionId = (String)request.getAttribute(javax.servlet.request.ssl_session); X509Certificate [] certs = (X509Certificate [])request.getAttribute(org.apache.coyote.request.X509Certificate); I ALLWAYS GET NULL! What more can I do? Is there anybody that had succeded doing this? What about developers? Thanks in advance! And sorry for this long post, but... Thanks again!
Re: Apache SSL again... those variables are getting me mad!
Yes! It returns null. The servlet (jsp) that executes this code is running in Tomcat (obviously!) And the whole web application is mapped from apache to tomcat. The steps are the following: 1.- https://my-machine/UserMan (UserMan is a location in Apache that is mapped to my web application that is called UserMan ;-) ) 2.- Apache starts SSL negotiation and ask the browser to send a client user certificate. 3.- I select a correct user certificate... apache continues with the ssl negotiation... 4.- Now I have a secure connection with apache. 5.- Apache send my request to Tomcat through mod_jk2 6.- Tomcat presents UserMan contents. That's all! My JSP is under UserMan in Tomcat. So If I type the URL to get ssltest.jsp, the code executes over SSL through mod_jk2... By the way, I have exported all variables in ssl.conf using... SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire I think mod_jk2 is not working properly with the ssl information but is tunneling the communication in a correct manner from Apache to Tomcat. Thanks again! Mark W. Webb wrote: Does the following return null? If so, your ssl.conf may be messed up. Is the servlet that executes this code running over SSL? java.security.cert.X509Certificate[] certs = (java.security.cert.X509Certificate[])req.getAttribute(javax.servlet.request.X509Certificate) Federico Fernandez Cruz wrote: That's was an example. I allways get NULL for all calls regarding SSL, even with String cipher = (String)request.getAttribute(javax.servlet.request.cipher_suite); or the key size example. I know that code won't compile... My intention was pointing you to the real problem... I can't access those variables. Thanks! Mark W. Webb wrote: what is null? the certs object ? Why do you have the following 2 lines... X509Certificate [] certs = (X509Certificate [])request.getAttribute(javax.servlet.request.X509Certificate); X509Certificate [] certs = (X509Certificate [])request.getAttribute(org.apache.coyote.request.X509Certificate); do both of these methods return null? Federico Fernandez Cruz wrote: Sure! This is getting personal... ;-) Apache and Tomcat will not be my friends anymore! :-D Well, I'll try to be a little exhaustive just because sometimes I miss something that is the real point of the question. Let's go. My target is an Apache + Tomcat integration using JK2. Software! Redhat 9.0 Apache 2.0.47 with modssl. Tomcat 5.0.16. JK2 2.0.2 This is what I have done: 1. Install apache properly. Configuration is in /etc/httpd 2. Install tomcat properly. /opt/jakarta-tomcat-5.0.16 3. Compile JK2 2.0.2 from jakarta-connectors because there is a bug in the sources of tomcat that avoid recursivity in mappings like /your_webapp/* 4. Configuration. In httpd.conf I have added these lines: #** LoadModule jk2_module modules/mod_jk2.so #** My workers2.properties looks like this (/etc/httpd/workers2.properties) [logger] level=DEBUG [config:] file=/etc/httpd/conf/workers2.properties debug=1 debugEnv=1 [uriMap:] info=Maps the requests. Options: debug debug=1 # Alternate file logger [logger.file:0] level=DEBUG file=/var/log/httpd/jk2.log [shm:] info=Scoreboard. Required for reconfiguration and status with multiprocess servers file=/var/run/jk2.shm size=100 debug=0 disabled=0 [workerEnv:] info=Global server options timing=1 debug=1 # Default Native Logger (apache2 or win32 ) # can be overriden to a file logger, useful # when tracing win32 related issues logger=logger.file:0 [channel.socket:127.0.0.1:8009] info=Ajp13 forwarding over socket debug=1 tomcatId=127.0.0.1:8009 [ajp13:127.0.0.1:8009] channel=channel.socket:127.0.0.1:8009 [status:status] info=Status worker, displays runtime informations [vm:] info=Parameters used to load a JVM in the server process #JVM=C:\jdk\jre\bin\hotspot\jvm.dll OPT=-Djava.class.path=${TOMCAT_HOME}/lib/tomcat-jni.jar;${TOMCAT_HOME}/server/lib/commons-logging.jar OPT=-Dtomcat.home=${TOMCAT_HOME} OPT=-Dcatalina.home=${TOMCAT_HOME} OPT=-Xmx128M #OPT=-Djava.compiler=NONE disabled=1 [uri:/jkstatus/*] info=Display status information and checks the config file for changes. group=status: worker=status:status #* In tomcat, my jk2.properties looks like this #** handler.list=request,container,channelSocket channelSocket.port=8009 channelSocket.address=127.0.0.1 channelSocket.maxPort=port+10 #** And in server.xml the jk connector is configured as this: #** Connector port=8009 protocol=AJP/1.3
Re: Apache SSL again... those variables are getting me mad!
I use mod_jk with tomcat 4.1.x and apache from source. I have not had any problems to date. Try mod_jk and see if that helps. Federico Fernandez Cruz wrote: Yes! It returns null. The servlet (jsp) that executes this code is running in Tomcat (obviously!) And the whole web application is mapped from apache to tomcat. The steps are the following: 1.- https://my-machine/UserMan (UserMan is a location in Apache that is mapped to my web application that is called UserMan ;-) ) 2.- Apache starts SSL negotiation and ask the browser to send a client user certificate. 3.- I select a correct user certificate... apache continues with the ssl negotiation... 4.- Now I have a secure connection with apache. 5.- Apache send my request to Tomcat through mod_jk2 6.- Tomcat presents UserMan contents. That's all! My JSP is under UserMan in Tomcat. So If I type the URL to get ssltest.jsp, the code executes over SSL through mod_jk2... By the way, I have exported all variables in ssl.conf using... SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire I think mod_jk2 is not working properly with the ssl information but is tunneling the communication in a correct manner from Apache to Tomcat. Thanks again! Mark W. Webb wrote: Does the following return null? If so, your ssl.conf may be messed up. Is the servlet that executes this code running over SSL? java.security.cert.X509Certificate[] certs = (java.security.cert.X509Certificate[])req.getAttribute(javax.servlet.request.X509Certificate) Federico Fernandez Cruz wrote: That's was an example. I allways get NULL for all calls regarding SSL, even with String cipher = (String)request.getAttribute(javax.servlet.request.cipher_suite); or the key size example. I know that code won't compile... My intention was pointing you to the real problem... I can't access those variables. Thanks! Mark W. Webb wrote: what is null? the certs object ? Why do you have the following 2 lines... X509Certificate [] certs = (X509Certificate [])request.getAttribute(javax.servlet.request.X509Certificate); X509Certificate [] certs = (X509Certificate [])request.getAttribute(org.apache.coyote.request.X509Certificate); do both of these methods return null? Federico Fernandez Cruz wrote: Sure! This is getting personal... ;-) Apache and Tomcat will not be my friends anymore! :-D Well, I'll try to be a little exhaustive just because sometimes I miss something that is the real point of the question. Let's go. My target is an Apache + Tomcat integration using JK2. Software! Redhat 9.0 Apache 2.0.47 with modssl. Tomcat 5.0.16. JK2 2.0.2 This is what I have done: 1. Install apache properly. Configuration is in /etc/httpd 2. Install tomcat properly. /opt/jakarta-tomcat-5.0.16 3. Compile JK2 2.0.2 from jakarta-connectors because there is a bug in the sources of tomcat that avoid recursivity in mappings like /your_webapp/* 4. Configuration. In httpd.conf I have added these lines: #** LoadModule jk2_module modules/mod_jk2.so #** My workers2.properties looks like this (/etc/httpd/workers2.properties) [logger] level=DEBUG [config:] file=/etc/httpd/conf/workers2.properties debug=1 debugEnv=1 [uriMap:] info=Maps the requests. Options: debug debug=1 # Alternate file logger [logger.file:0] level=DEBUG file=/var/log/httpd/jk2.log [shm:] info=Scoreboard. Required for reconfiguration and status with multiprocess servers file=/var/run/jk2.shm size=100 debug=0 disabled=0 [workerEnv:] info=Global server options timing=1 debug=1 # Default Native Logger (apache2 or win32 ) # can be overriden to a file logger, useful # when tracing win32 related issues logger=logger.file:0 [channel.socket:127.0.0.1:8009] info=Ajp13 forwarding over socket debug=1 tomcatId=127.0.0.1:8009 [ajp13:127.0.0.1:8009] channel=channel.socket:127.0.0.1:8009 [status:status] info=Status worker, displays runtime informations [vm:] info=Parameters used to load a JVM in the server process #JVM=C:\jdk\jre\bin\hotspot\jvm.dll OPT=-Djava.class.path=${TOMCAT_HOME}/lib/tomcat-jni.jar;${TOMCAT_HOME}/server/lib/commons-logging.jar OPT=-Dtomcat.home=${TOMCAT_HOME} OPT=-Dcatalina.home=${TOMCAT_HOME} OPT=-Xmx128M #OPT=-Djava.compiler=NONE disabled=1 [uri:/jkstatus/*] info=Display status information and checks the config file for changes. group=status: worker=status:status #* In tomcat, my jk2.properties looks like this #** handler.list=request,container,channelSocket channelSocket.port=8009 channelSocket.address=127.0.0.1 channelSocket.maxPort=port+10 #** And in server.xml the jk connector is configured as this:
Apache SSL again... those variables are getting me mad!
Sure! This is getting personal... ;-) Apache and Tomcat will not be my friends anymore! :-D Well, I'll try to be a little exhaustive just because sometimes I miss something that is the real point of the question. Let's go. My target is an Apache + Tomcat integration using JK2. Software! Redhat 9.0 Apache 2.0.47 with modssl. Tomcat 5.0.16. JK2 2.0.2 This is what I have done: 1. Install apache properly. Configuration is in /etc/httpd 2. Install tomcat properly. /opt/jakarta-tomcat-5.0.16 3. Compile JK2 2.0.2 from jakarta-connectors because there is a bug in the sources of tomcat that avoid recursivity in mappings like /your_webapp/* 4. Configuration. In httpd.conf I have added these lines: #** LoadModule jk2_module modules/mod_jk2.so #** My workers2.properties looks like this (/etc/httpd/workers2.properties) [logger] level=DEBUG [config:] file=/etc/httpd/conf/workers2.properties debug=1 debugEnv=1 [uriMap:] info=Maps the requests. Options: debug debug=1 # Alternate file logger [logger.file:0] level=DEBUG file=/var/log/httpd/jk2.log [shm:] info=Scoreboard. Required for reconfiguration and status with multiprocess servers file=/var/run/jk2.shm size=100 debug=0 disabled=0 [workerEnv:] info=Global server options timing=1 debug=1 # Default Native Logger (apache2 or win32 ) # can be overriden to a file logger, useful # when tracing win32 related issues logger=logger.file:0 [channel.socket:127.0.0.1:8009] info=Ajp13 forwarding over socket debug=1 tomcatId=127.0.0.1:8009 [ajp13:127.0.0.1:8009] channel=channel.socket:127.0.0.1:8009 [status:status] info=Status worker, displays runtime informations [vm:] info=Parameters used to load a JVM in the server process #JVM=C:\jdk\jre\bin\hotspot\jvm.dll OPT=-Djava.class.path=${TOMCAT_HOME}/lib/tomcat-jni.jar;${TOMCAT_HOME}/server/lib/commons-logging.jar OPT=-Dtomcat.home=${TOMCAT_HOME} OPT=-Dcatalina.home=${TOMCAT_HOME} OPT=-Xmx128M #OPT=-Djava.compiler=NONE disabled=1 [uri:/jkstatus/*] info=Display status information and checks the config file for changes. group=status: worker=status:status #* In tomcat, my jk2.properties looks like this #** handler.list=request,container,channelSocket channelSocket.port=8009 channelSocket.address=127.0.0.1 channelSocket.maxPort=port+10 #** And in server.xml the jk connector is configured as this: #** Connector port=8009 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector #** In my ssl.conf the configuration is: (UserMan is my web application) #** IfModule mod_jk2.c Location /UserMan JkUriSet worker ajp13:127.0.0.1:8009 /Location Location /admin JkUriSet worker ajp13:127.0.0.1:8009 /Location Location /manager/html JkUriSet worker ajp13:127.0.0.1:8009 /Location /IfModule #** I am using client authentication and everything goes fine. SSL connection is OK and the server ask the web browser for a client certificate. And my application is displayed properly! I am happy up to this moment but... What about asking for SSL parameters from my webapp? I am doing something like this inside a JSP file: String cipher = (String)request.getAttribute(javax.servlet.request.cipher_suite); Integer keysize = (Integer)request.getAttribute(javax.servlet.request.key_size); X509Certificate [] certs = (X509Certificate [])request.getAttribute(javax.servlet.request.X509Certificate); String sessionId = (String)request.getAttribute(javax.servlet.request.ssl_session); X509Certificate [] certs = (X509Certificate [])request.getAttribute(org.apache.coyote.request.X509Certificate); I ALLWAYS GET NULL! What more can I do? Is there anybody that had succeded doing this? What about developers? Thanks in advance! And sorry for this long post, but... Thanks again! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache SSL again... those variables are getting me mad!
what is null? the certs object ? Why do you have the following 2 lines... X509Certificate [] certs = (X509Certificate [])request.getAttribute(javax.servlet.request.X509Certificate); X509Certificate [] certs = (X509Certificate [])request.getAttribute(org.apache.coyote.request.X509Certificate); do both of these methods return null? Federico Fernandez Cruz wrote: Sure! This is getting personal... ;-) Apache and Tomcat will not be my friends anymore! :-D Well, I'll try to be a little exhaustive just because sometimes I miss something that is the real point of the question. Let's go. My target is an Apache + Tomcat integration using JK2. Software! Redhat 9.0 Apache 2.0.47 with modssl. Tomcat 5.0.16. JK2 2.0.2 This is what I have done: 1. Install apache properly. Configuration is in /etc/httpd 2. Install tomcat properly. /opt/jakarta-tomcat-5.0.16 3. Compile JK2 2.0.2 from jakarta-connectors because there is a bug in the sources of tomcat that avoid recursivity in mappings like /your_webapp/* 4. Configuration. In httpd.conf I have added these lines: #** LoadModule jk2_module modules/mod_jk2.so #** My workers2.properties looks like this (/etc/httpd/workers2.properties) [logger] level=DEBUG [config:] file=/etc/httpd/conf/workers2.properties debug=1 debugEnv=1 [uriMap:] info=Maps the requests. Options: debug debug=1 # Alternate file logger [logger.file:0] level=DEBUG file=/var/log/httpd/jk2.log [shm:] info=Scoreboard. Required for reconfiguration and status with multiprocess servers file=/var/run/jk2.shm size=100 debug=0 disabled=0 [workerEnv:] info=Global server options timing=1 debug=1 # Default Native Logger (apache2 or win32 ) # can be overriden to a file logger, useful # when tracing win32 related issues logger=logger.file:0 [channel.socket:127.0.0.1:8009] info=Ajp13 forwarding over socket debug=1 tomcatId=127.0.0.1:8009 [ajp13:127.0.0.1:8009] channel=channel.socket:127.0.0.1:8009 [status:status] info=Status worker, displays runtime informations [vm:] info=Parameters used to load a JVM in the server process #JVM=C:\jdk\jre\bin\hotspot\jvm.dll OPT=-Djava.class.path=${TOMCAT_HOME}/lib/tomcat-jni.jar;${TOMCAT_HOME}/server/lib/commons-logging.jar OPT=-Dtomcat.home=${TOMCAT_HOME} OPT=-Dcatalina.home=${TOMCAT_HOME} OPT=-Xmx128M #OPT=-Djava.compiler=NONE disabled=1 [uri:/jkstatus/*] info=Display status information and checks the config file for changes. group=status: worker=status:status #* In tomcat, my jk2.properties looks like this #** handler.list=request,container,channelSocket channelSocket.port=8009 channelSocket.address=127.0.0.1 channelSocket.maxPort=port+10 #** And in server.xml the jk connector is configured as this: #** Connector port=8009 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector #** In my ssl.conf the configuration is: (UserMan is my web application) #** IfModule mod_jk2.c Location /UserMan JkUriSet worker ajp13:127.0.0.1:8009 /Location Location /admin JkUriSet worker ajp13:127.0.0.1:8009 /Location Location /manager/html JkUriSet worker ajp13:127.0.0.1:8009 /Location /IfModule #** I am using client authentication and everything goes fine. SSL connection is OK and the server ask the web browser for a client certificate. And my application is displayed properly! I am happy up to this moment but... What about asking for SSL parameters from my webapp? I am doing something like this inside a JSP file: String cipher = (String)request.getAttribute(javax.servlet.request.cipher_suite); Integer keysize = (Integer)request.getAttribute(javax.servlet.request.key_size); X509Certificate [] certs = (X509Certificate [])request.getAttribute(javax.servlet.request.X509Certificate); String sessionId = (String)request.getAttribute(javax.servlet.request.ssl_session); X509Certificate [] certs = (X509Certificate [])request.getAttribute(org.apache.coyote.request.X509Certificate); I ALLWAYS GET NULL! What more can I do? Is there anybody that had succeded doing this? What about developers? Thanks in advance! And sorry for this long post, but... Thanks again! - To unsubscribe, e-mail: [EMAIL PROTECTED] For
Re: Apache SSL again... those variables are getting me mad!
That's was an example. I allways get NULL for all calls regarding SSL, even with String cipher = (String)request.getAttribute(javax.servlet.request.cipher_suite); or the key size example. I know that code won't compile... My intention was pointing you to the real problem... I can't access those variables. Thanks! Mark W. Webb wrote: what is null? the certs object ? Why do you have the following 2 lines... X509Certificate [] certs = (X509Certificate [])request.getAttribute(javax.servlet.request.X509Certificate); X509Certificate [] certs = (X509Certificate [])request.getAttribute(org.apache.coyote.request.X509Certificate); do both of these methods return null? Federico Fernandez Cruz wrote: Sure! This is getting personal... ;-) Apache and Tomcat will not be my friends anymore! :-D Well, I'll try to be a little exhaustive just because sometimes I miss something that is the real point of the question. Let's go. My target is an Apache + Tomcat integration using JK2. Software! Redhat 9.0 Apache 2.0.47 with modssl. Tomcat 5.0.16. JK2 2.0.2 This is what I have done: 1. Install apache properly. Configuration is in /etc/httpd 2. Install tomcat properly. /opt/jakarta-tomcat-5.0.16 3. Compile JK2 2.0.2 from jakarta-connectors because there is a bug in the sources of tomcat that avoid recursivity in mappings like /your_webapp/* 4. Configuration. In httpd.conf I have added these lines: #** LoadModule jk2_module modules/mod_jk2.so #** My workers2.properties looks like this (/etc/httpd/workers2.properties) [logger] level=DEBUG [config:] file=/etc/httpd/conf/workers2.properties debug=1 debugEnv=1 [uriMap:] info=Maps the requests. Options: debug debug=1 # Alternate file logger [logger.file:0] level=DEBUG file=/var/log/httpd/jk2.log [shm:] info=Scoreboard. Required for reconfiguration and status with multiprocess servers file=/var/run/jk2.shm size=100 debug=0 disabled=0 [workerEnv:] info=Global server options timing=1 debug=1 # Default Native Logger (apache2 or win32 ) # can be overriden to a file logger, useful # when tracing win32 related issues logger=logger.file:0 [channel.socket:127.0.0.1:8009] info=Ajp13 forwarding over socket debug=1 tomcatId=127.0.0.1:8009 [ajp13:127.0.0.1:8009] channel=channel.socket:127.0.0.1:8009 [status:status] info=Status worker, displays runtime informations [vm:] info=Parameters used to load a JVM in the server process #JVM=C:\jdk\jre\bin\hotspot\jvm.dll OPT=-Djava.class.path=${TOMCAT_HOME}/lib/tomcat-jni.jar;${TOMCAT_HOME}/server/lib/commons-logging.jar OPT=-Dtomcat.home=${TOMCAT_HOME} OPT=-Dcatalina.home=${TOMCAT_HOME} OPT=-Xmx128M #OPT=-Djava.compiler=NONE disabled=1 [uri:/jkstatus/*] info=Display status information and checks the config file for changes. group=status: worker=status:status #* In tomcat, my jk2.properties looks like this #** handler.list=request,container,channelSocket channelSocket.port=8009 channelSocket.address=127.0.0.1 channelSocket.maxPort=port+10 #** And in server.xml the jk connector is configured as this: #** Connector port=8009 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector #** In my ssl.conf the configuration is: (UserMan is my web application) #** IfModule mod_jk2.c Location /UserMan JkUriSet worker ajp13:127.0.0.1:8009 /Location Location /admin JkUriSet worker ajp13:127.0.0.1:8009 /Location Location /manager/html JkUriSet worker ajp13:127.0.0.1:8009 /Location /IfModule #** I am using client authentication and everything goes fine. SSL connection is OK and the server ask the web browser for a client certificate. And my application is displayed properly! I am happy up to this moment but... What about asking for SSL parameters from my webapp? I am doing something like this inside a JSP file: String cipher = (String)request.getAttribute(javax.servlet.request.cipher_suite); Integer keysize = (Integer)request.getAttribute(javax.servlet.request.key_size); X509Certificate [] certs = (X509Certificate [])request.getAttribute(javax.servlet.request.X509Certificate); String sessionId = (String)request.getAttribute(javax.servlet.request.ssl_session); X509Certificate [] certs = (X509Certificate
Re: Apache SSL again... those variables are getting me mad!
Does the following return null? If so, your ssl.conf may be messed up. Is the servlet that executes this code running over SSL? java.security.cert.X509Certificate[] certs = (java.security.cert.X509Certificate[])req.getAttribute(javax.servlet.request.X509Certificate) Federico Fernandez Cruz wrote: That's was an example. I allways get NULL for all calls regarding SSL, even with String cipher = (String)request.getAttribute(javax.servlet.request.cipher_suite); or the key size example. I know that code won't compile... My intention was pointing you to the real problem... I can't access those variables. Thanks! Mark W. Webb wrote: what is null? the certs object ? Why do you have the following 2 lines... X509Certificate [] certs = (X509Certificate [])request.getAttribute(javax.servlet.request.X509Certificate); X509Certificate [] certs = (X509Certificate [])request.getAttribute(org.apache.coyote.request.X509Certificate); do both of these methods return null? Federico Fernandez Cruz wrote: Sure! This is getting personal... ;-) Apache and Tomcat will not be my friends anymore! :-D Well, I'll try to be a little exhaustive just because sometimes I miss something that is the real point of the question. Let's go. My target is an Apache + Tomcat integration using JK2. Software! Redhat 9.0 Apache 2.0.47 with modssl. Tomcat 5.0.16. JK2 2.0.2 This is what I have done: 1. Install apache properly. Configuration is in /etc/httpd 2. Install tomcat properly. /opt/jakarta-tomcat-5.0.16 3. Compile JK2 2.0.2 from jakarta-connectors because there is a bug in the sources of tomcat that avoid recursivity in mappings like /your_webapp/* 4. Configuration. In httpd.conf I have added these lines: #** LoadModule jk2_module modules/mod_jk2.so #** My workers2.properties looks like this (/etc/httpd/workers2.properties) [logger] level=DEBUG [config:] file=/etc/httpd/conf/workers2.properties debug=1 debugEnv=1 [uriMap:] info=Maps the requests. Options: debug debug=1 # Alternate file logger [logger.file:0] level=DEBUG file=/var/log/httpd/jk2.log [shm:] info=Scoreboard. Required for reconfiguration and status with multiprocess servers file=/var/run/jk2.shm size=100 debug=0 disabled=0 [workerEnv:] info=Global server options timing=1 debug=1 # Default Native Logger (apache2 or win32 ) # can be overriden to a file logger, useful # when tracing win32 related issues logger=logger.file:0 [channel.socket:127.0.0.1:8009] info=Ajp13 forwarding over socket debug=1 tomcatId=127.0.0.1:8009 [ajp13:127.0.0.1:8009] channel=channel.socket:127.0.0.1:8009 [status:status] info=Status worker, displays runtime informations [vm:] info=Parameters used to load a JVM in the server process #JVM=C:\jdk\jre\bin\hotspot\jvm.dll OPT=-Djava.class.path=${TOMCAT_HOME}/lib/tomcat-jni.jar;${TOMCAT_HOME}/server/lib/commons-logging.jar OPT=-Dtomcat.home=${TOMCAT_HOME} OPT=-Dcatalina.home=${TOMCAT_HOME} OPT=-Xmx128M #OPT=-Djava.compiler=NONE disabled=1 [uri:/jkstatus/*] info=Display status information and checks the config file for changes. group=status: worker=status:status #* In tomcat, my jk2.properties looks like this #** handler.list=request,container,channelSocket channelSocket.port=8009 channelSocket.address=127.0.0.1 channelSocket.maxPort=port+10 #** And in server.xml the jk connector is configured as this: #** Connector port=8009 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector #** In my ssl.conf the configuration is: (UserMan is my web application) #** IfModule mod_jk2.c Location /UserMan JkUriSet worker ajp13:127.0.0.1:8009 /Location Location /admin JkUriSet worker ajp13:127.0.0.1:8009 /Location Location /manager/html JkUriSet worker ajp13:127.0.0.1:8009 /Location /IfModule #** I am using client authentication and everything goes fine. SSL connection is OK and the server ask the web browser for a client certificate. And my application is displayed properly! I am happy up to this moment but... What about asking for SSL parameters from my webapp? I am doing something like this inside a JSP file: String cipher = (String)request.getAttribute(javax.servlet.request.cipher_suite); Integer keysize =
Re: Apache SSL again... those variables are getting me mad!
Can you try with mod_jk 1.2.5? I really don't know mod_jk2 that well to know if/how it sends the SSL attributes. Federico Fernandez Cruz [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Sure! This is getting personal... ;-) Apache and Tomcat will not be my friends anymore! :-D Well, I'll try to be a little exhaustive just because sometimes I miss something that is the real point of the question. Let's go. My target is an Apache + Tomcat integration using JK2. Software! Redhat 9.0 Apache 2.0.47 with modssl. Tomcat 5.0.16. JK2 2.0.2 This is what I have done: 1. Install apache properly. Configuration is in /etc/httpd 2. Install tomcat properly. /opt/jakarta-tomcat-5.0.16 3. Compile JK2 2.0.2 from jakarta-connectors because there is a bug in the sources of tomcat that avoid recursivity in mappings like /your_webapp/* 4. Configuration. In httpd.conf I have added these lines: #** LoadModule jk2_module modules/mod_jk2.so #** My workers2.properties looks like this (/etc/httpd/workers2.properties) [logger] level=DEBUG [config:] file=/etc/httpd/conf/workers2.properties debug=1 debugEnv=1 [uriMap:] info=Maps the requests. Options: debug debug=1 # Alternate file logger [logger.file:0] level=DEBUG file=/var/log/httpd/jk2.log [shm:] info=Scoreboard. Required for reconfiguration and status with multiprocess servers file=/var/run/jk2.shm size=100 debug=0 disabled=0 [workerEnv:] info=Global server options timing=1 debug=1 # Default Native Logger (apache2 or win32 ) # can be overriden to a file logger, useful # when tracing win32 related issues logger=logger.file:0 [channel.socket:127.0.0.1:8009] info=Ajp13 forwarding over socket debug=1 tomcatId=127.0.0.1:8009 [ajp13:127.0.0.1:8009] channel=channel.socket:127.0.0.1:8009 [status:status] info=Status worker, displays runtime informations [vm:] info=Parameters used to load a JVM in the server process #JVM=C:\jdk\jre\bin\hotspot\jvm.dll OPT=-Djava.class.path=${TOMCAT_HOME}/lib/tomcat-jni.jar;${TOMCAT_HOME}/serve r/lib/commons-logging.jar OPT=-Dtomcat.home=${TOMCAT_HOME} OPT=-Dcatalina.home=${TOMCAT_HOME} OPT=-Xmx128M #OPT=-Djava.compiler=NONE disabled=1 [uri:/jkstatus/*] info=Display status information and checks the config file for changes. group=status: worker=status:status #*** ** In tomcat, my jk2.properties looks like this #*** *** handler.list=request,container,channelSocket channelSocket.port=8009 channelSocket.address=127.0.0.1 channelSocket.maxPort=port+10 #*** *** And in server.xml the jk connector is configured as this: #*** *** Connector port=8009 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector #*** *** In my ssl.conf the configuration is: (UserMan is my web application) #*** *** IfModule mod_jk2.c Location /UserMan JkUriSet worker ajp13:127.0.0.1:8009 /Location Location /admin JkUriSet worker ajp13:127.0.0.1:8009 /Location Location /manager/html JkUriSet worker ajp13:127.0.0.1:8009 /Location /IfModule #*** *** I am using client authentication and everything goes fine. SSL connection is OK and the server ask the web browser for a client certificate. And my application is displayed properly! I am happy up to this moment but... What about asking for SSL parameters from my webapp? I am doing something like this inside a JSP file: String cipher = (String)request.getAttribute(javax.servlet.request.cipher_suite); Integer keysize = (Integer)request.getAttribute(javax.servlet.request.key_size); X509Certificate [] certs = (X509Certificate [])request.getAttribute(javax.servlet.request.X509Certificate); String sessionId = (String)request.getAttribute(javax.servlet.request.ssl_session); X509Certificate [] certs = (X509Certificate [])request.getAttribute(org.apache.coyote.request.X509Certificate); I ALLWAYS GET NULL! What more can I do? Is there anybody that had succeded doing this? What about developers? Thanks in advance! And sorry for this long post, but... Thanks again! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]