I don't know, actually I'm printing:
System.getProperties().propertyNames() // Enumeration req.getHeaderNames() // Enumeration req.getParameterNames() // Enumeration request.getAttributeNames() // Enumeration but some of them came empty (not null), and when something is set, isn't related to SSL. So I guess I forgot to set something. > -----Mensaje original----- > De: Ian Hunter [mailto:[EMAIL PROTECTED] > Enviado el: Martes, 25 de Febrero de 2003 12:02 > Para: Tomcat Users List > Asunto: Re: How to verify SSL/HTTPS behind Tomcat via AJP13 > > > Thanks, I'll try to check that out. > > Does Apache add those variables to the request header? > > ----- Original Message ----- > From: "Eduardo Jaunez S." <[EMAIL PROTECTED]> > To: "'Tomcat Users List'" <[EMAIL PROTECTED]> > Sent: Tuesday, February 25, 2003 9:53 AM > Subject: RE: How to verify SSL/HTTPS behind Tomcat via AJP13 > > > > Dear Ian, > > > > I have the same problem, but I'm trying to pass the SSL_* > vars generated > by > > mod_ssl in Apache into the Tomcat side. I think this > aproach could resolve > > your problem (there are a lot of vars generated only when a > SSL session is > > open). > > > > Unfortunately I can't do it yet, so the JkEnvVar doesn't work for my > tests, > > and I don't know what is wrong. I send to you some hints (I > receive from > > Tomcat Developer's list): > > > > httpd.conf: > > ... > > SSLOptions +StdEnvVars +ExportCertData > > ... > > JkEnvVar SSL_CLIENT_CERT SSL_CLIENT_CERT > > ... > > > > > > MyTest.jsp > > ... > > HttpServletRequest req ; //from the post ... > > > > // Gets the X.509 PEM Certificate > > String SSL_Client = req.getAttribute("SSL_CLIENT_CERT") ; > > ... > > > > > > If you are lucky than me, please let me know !!. > > > > Eduardo. > > > > > > > -----Mensaje original----- > > > De: Ian Hunter [mailto:[EMAIL PROTECTED] > > > Enviado el: Martes, 25 de Febrero de 2003 11:31 > > > Para: Tomcat Users List > > > Asunto: Re: How to verify SSL/HTTPS behind Tomcat via AJP13 > > > > > > > > > I've "fallen back" to seeing if > > > getRequestURL().toString().startsWith("https") -- that seems > > > pretty kludgy. > > > Any other ideas? > > > > > > ----- Original Message ----- > > > From: "Turner, John" <[EMAIL PROTECTED]> > > > To: "'Tomcat Users List'" <[EMAIL PROTECTED]> > > > Sent: Tuesday, February 25, 2003 8:41 AM > > > Subject: RE: How to verify SSL/HTTPS behind Tomcat via AJP13 > > > > > > > > > > > > > > The return from getProtocol() is correct, AFAIK. I don't > > > believe there is > > > a > > > > HTTPS/1.1 or similar, but I could be wrong. > > > > > > > > By "check protocol type" in the docs (agreed, it is > > > unclear), I believe it > > > > means to do one (or all) of the following: > > > > > > > > - check the URL for "https" > > > > - check the port number for the request > > > > - use HttpServletRequest.isSecure(), though I think > that will return > > > "false" > > > > when you use Tomcat via a connector with Apache....I've > > > never tried it to > > > be > > > > sure. > > > > > > > > John > > > > > > > > > -----Original Message----- > > > > > From: Ian Hunter [mailto:[EMAIL PROTECTED] > > > > > Sent: Monday, February 24, 2003 9:26 PM > > > > > To: Tomcat Users List > > > > > Subject: How to verify SSL/HTTPS behind Tomcat via AJP13 > > > > > > > > > > > > > > > From > > > > > > > > > http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html -- "Any > > > > > pages which absolutely require a secure connection should > > > > > check the protocol > > > > > type associated with the page request and take the > > > > > appropriate action of > > > > > https is not specified." > > > > > > > > > > Also, "When running Tomcat primarily as a Servlet/JSP > > > container behind > > > > > another web server, such as Apache or Microsoft IIS, it is > > > > > usually necessary > > > > > to configure the primary web server to handle the SSL > > > connections from > > > > > users. Typically, this server will negotiate all SSL-related > > > > > functionality, > > > > > then pass on any requests destined for the Tomcat > > > container only after > > > > > decrypting those requests. Likewise, Tomcat will return > > > > > cleartext responses, > > > > > that will be encrypted before being returned to the user's > > > > > browser. In this > > > > > environment, Tomcat knows that communications between the > > > > > primary web server > > > > > and the client are taking place over a secure connection > > > (because your > > > > > application needs to be able to ask about this), but it does > > > > > not participate > > > > > in the encryption or decryption itself." > > > > > > > > > > However, when I check "request.getProtocol()" I get > > > > > "HTTP/.1.1" even when > > > > > I'm connecting via SSL (url shows https: and browser > > > shows "lock" and > > > > > confirms 128 bit SSL) -- what gives? > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > > > For additional commands, e-mail: > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
