Nope. I think there are some SSL-specific Request variables that are sent along with a SSL request, you could always Enum through the list and look for them, but that is just as kludgy.
The problem is that behind a connector like JK or JK2, there is no HTTP, and there is no HTTPS. The protocol being used is JK/JK2 (AJP13/14), so the only resources available to a developer at that point are the things that get sent along with typical requests. John > -----Original Message----- > From: Ian Hunter [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 25, 2003 9:31 AM > To: Tomcat Users List > Subject: Re: How to verify SSL/HTTPS behind Tomcat via AJP13 > > > I've "fallen back" to seeing if > getRequestURL().toString().startsWith("https") -- that seems > pretty kludgy. > Any other ideas? > > ----- Original Message ----- > From: "Turner, John" <[EMAIL PROTECTED]> > To: "'Tomcat Users List'" <[EMAIL PROTECTED]> > Sent: Tuesday, February 25, 2003 8:41 AM > Subject: RE: How to verify SSL/HTTPS behind Tomcat via AJP13 > > > > > > The return from getProtocol() is correct, AFAIK. I don't > believe there is > a > > HTTPS/1.1 or similar, but I could be wrong. > > > > By "check protocol type" in the docs (agreed, it is > unclear), I believe it > > means to do one (or all) of the following: > > > > - check the URL for "https" > > - check the port number for the request > > - use HttpServletRequest.isSecure(), though I think that will return > "false" > > when you use Tomcat via a connector with Apache....I've > never tried it to > be > > sure. > > > > John > > > > > -----Original Message----- > > > From: Ian Hunter [mailto:[EMAIL PROTECTED] > > > Sent: Monday, February 24, 2003 9:26 PM > > > To: Tomcat Users List > > > Subject: How to verify SSL/HTTPS behind Tomcat via AJP13 > > > > > > > > > From > > > http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html -- "Any > > pages which absolutely require a secure connection should > > check the protocol > > type associated with the page request and take the > > appropriate action of > > https is not specified." > > > > Also, "When running Tomcat primarily as a Servlet/JSP container behind > > another web server, such as Apache or Microsoft IIS, it is > > usually necessary > > to configure the primary web server to handle the SSL connections from > > users. Typically, this server will negotiate all SSL-related > > functionality, > > then pass on any requests destined for the Tomcat container only after > > decrypting those requests. Likewise, Tomcat will return > > cleartext responses, > > that will be encrypted before being returned to the user's > > browser. In this > > environment, Tomcat knows that communications between the > > primary web server > > and the client are taking place over a secure connection (because your > > application needs to be able to ask about this), but it does > > not participate > > in the encryption or decryption itself." > > > > However, when I check "request.getProtocol()" I get > > "HTTP/.1.1" even when > > I'm connecting via SSL (url shows https: and browser shows "lock" and > > confirms 128 bit SSL) -- what gives? > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
