The return from getProtocol() is correct, AFAIK. I don't believe there is a HTTPS/1.1 or similar, but I could be wrong.
By "check protocol type" in the docs (agreed, it is unclear), I believe it means to do one (or all) of the following: - check the URL for "https" - check the port number for the request - use HttpServletRequest.isSecure(), though I think that will return "false" when you use Tomcat via a connector with Apache....I've never tried it to be sure. John > -----Original Message----- > From: Ian Hunter [mailto:[EMAIL PROTECTED] > Sent: Monday, February 24, 2003 9:26 PM > To: Tomcat Users List > Subject: How to verify SSL/HTTPS behind Tomcat via AJP13 > > > From > http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html -- "Any > pages which absolutely require a secure connection should > check the protocol > type associated with the page request and take the > appropriate action of > https is not specified." > > Also, "When running Tomcat primarily as a Servlet/JSP container behind > another web server, such as Apache or Microsoft IIS, it is > usually necessary > to configure the primary web server to handle the SSL connections from > users. Typically, this server will negotiate all SSL-related > functionality, > then pass on any requests destined for the Tomcat container only after > decrypting those requests. Likewise, Tomcat will return > cleartext responses, > that will be encrypted before being returned to the user's > browser. In this > environment, Tomcat knows that communications between the > primary web server > and the client are taking place over a secure connection (because your > application needs to be able to ask about this), but it does > not participate > in the encryption or decryption itself." > > However, when I check "request.getProtocol()" I get > "HTTP/.1.1" even when > I'm connecting via SSL (url shows https: and browser shows "lock" and > confirms 128 bit SSL) -- what gives? > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
