You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Jan Behrens <Ja...@offis.de> on 2005/03/11 13:27:09 UTC

[OT] How to determine whether a session or request is SSL

Hi list,

I would like to evaluate the current encription status of a users session 
or request from out of a taglib or servlet. E.g. know whether the user is 
using https and possibly the encryption strength used... This must be easy 
(I hope) but I couldn't work out how to so far and wondered whether 
anybody out there could point me into the right direction.

TIA

Jan



Jan Behrens
OFFIS
FuE-Bereich Betriebliches Informations- und Wissensmanagement
Escherweg 2  -  26121 Oldenburg  -  Germany
Fon: +49 4 41 97 22 - 187  -  Fax:  +49 4 41 97 22-102
E-mail: jan.behrens@offis.de  -  URL: http://www.offis.de

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Antwort: Re: Re: [OT] How to determine whether a session or request is SSL

Posted by Jan Behrens <Ja...@offis.de>.

Thanks a lot Rodrigo!

I will try the second an see what I can come up with.

Thanks again % have a nice weekend,

Jan


Jan Behrens
OFFIS
FuE-Bereich Betriebliches Informations- und Wissensmanagement
Escherweg 2  -  26121 Oldenburg  -  Germany
Fon: +49 4 41 97 22 - 187  -  Fax:  +49 4 41 97 22-102
E-mail: jan.behrens@offis.de  -  URL: http://www.offis.de



Rodrigo Avila <rd...@gmail.com> 
11.03.2005 11:02
Bitte antworten an
"Tomcat Users List" <to...@jakarta.apache.org>


An
Tomcat Users List <to...@jakarta.apache.org>
Kopie

Thema
Re: Re: [OT] How to determine whether a session or request is SSL






Sincerily... I don know. But, reading
[http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html], I
see this tip:

"To access the SSL session ID from the request, use:
String sslID = 
(String)request.getAttribute("javax.servlet.request.ssl_session");
"

And, in the ServletRequest javadoc
[http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/ServletRequest.html#getAttribute(java.lang.String)],
I found:

"For example, for requests made using HTTPS, the attribute
javax.servlet.request.X509Certificate can be used to retrieve
information on the certificate of the client."

I don't know, but maybe exist more attributes than that.

I hope it helps!


On Fri, 11 Mar 2005 14:09:18 +0100, Jan Behrens <Ja...@offis.de> 
wrote:
> Thanks Rodrigo,
> 
> do you know of a way to get the encryption level of the request as well?
> (40bit, 128bit, ...)
> 
> TIA Jan
> 
> Jan Behrens
> OFFIS
> FuE-Bereich Betriebliches Informations- und Wissensmanagement
> Escherweg 2  -  26121 Oldenburg  -  Germany
> Fon: +49 4 41 97 22 - 187  -  Fax:  +49 4 41 97 22-102
> E-mail: jan.behrens@offis.de  -  URL: http://www.offis.de
> 
> Rodrigo Avila <rd...@gmail.com>
> 11.03.2005 09:58
> Bitte antworten an
> "Tomcat Users List" <to...@jakarta.apache.org>
> 
> An
> Tomcat Users List <to...@jakarta.apache.org>
> Kopie
> 
> Thema
> Re: [OT] How to determine whether a session or request is SSL
> 
> 
> To know if the user use ssl, try the boolean request.isSecure().
> 
> On Fri, 11 Mar 2005 13:27:09 +0100, Jan Behrens <Ja...@offis.de>
> wrote:
> > Hi list,
> >
> > I would like to evaluate the current encription status of a users
> session
> > or request from out of a taglib or servlet. E.g. know whether the user
> is
> > using https and possibly the encryption strength used... This must be
> easy
> > (I hope) but I couldn't work out how to so far and wondered whether
> > anybody out there could point me into the right direction.
> >
> > TIA
> >
> > Jan
> >
> > Jan Behrens
> > OFFIS
> > FuE-Bereich Betriebliches Informations- und Wissensmanagement
> > Escherweg 2  -  26121 Oldenburg  -  Germany
> > Fon: +49 4 41 97 22 - 187  -  Fax:  +49 4 41 97 22-102
> > E-mail: jan.behrens@offis.de  -  URL: http://www.offis.de
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
> 
> --
> Rodrigo de Avila
> rdeavila@gmail.com
> 
> http://www.avila.eti.br
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 


-- 
Rodrigo de Avila
rdeavila@gmail.com

http://www.avila.eti.br

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Re: [OT] How to determine whether a session or request is SSL

Posted by Rodrigo Avila <rd...@gmail.com>.

Sincerily... I don know. But, reading
[http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html], I
see this tip:

"To access the SSL session ID from the request, use:
String sslID = (String)request.getAttribute("javax.servlet.request.ssl_session");
"

And, in the ServletRequest javadoc
[http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/ServletRequest.html#getAttribute(java.lang.String)],
I found:

"For example, for requests made using HTTPS, the attribute
javax.servlet.request.X509Certificate can be used to retrieve
information on the certificate of the client."

I don't know, but maybe exist more attributes than that.

I hope it helps!


On Fri, 11 Mar 2005 14:09:18 +0100, Jan Behrens <Ja...@offis.de> wrote:
> Thanks Rodrigo,
> 
> do you know of a way to get the encryption level of the request as well?
> (40bit, 128bit, ...)
> 
> TIA Jan
> 
> Jan Behrens
> OFFIS
> FuE-Bereich Betriebliches Informations- und Wissensmanagement
> Escherweg 2  -  26121 Oldenburg  -  Germany
> Fon: +49 4 41 97 22 - 187  -  Fax:  +49 4 41 97 22-102
> E-mail: jan.behrens@offis.de  -  URL: http://www.offis.de
> 
> Rodrigo Avila <rd...@gmail.com>
> 11.03.2005 09:58
> Bitte antworten an
> "Tomcat Users List" <to...@jakarta.apache.org>
> 
> An
> Tomcat Users List <to...@jakarta.apache.org>
> Kopie
> 
> Thema
> Re: [OT] How to determine whether a session or request is SSL
> 
> 
> To know if the user use ssl, try the boolean request.isSecure().
> 
> On Fri, 11 Mar 2005 13:27:09 +0100, Jan Behrens <Ja...@offis.de>
> wrote:
> > Hi list,
> >
> > I would like to evaluate the current encription status of a users
> session
> > or request from out of a taglib or servlet. E.g. know whether the user
> is
> > using https and possibly the encryption strength used... This must be
> easy
> > (I hope) but I couldn't work out how to so far and wondered whether
> > anybody out there could point me into the right direction.
> >
> > TIA
> >
> > Jan
> >
> > Jan Behrens
> > OFFIS
> > FuE-Bereich Betriebliches Informations- und Wissensmanagement
> > Escherweg 2  -  26121 Oldenburg  -  Germany
> > Fon: +49 4 41 97 22 - 187  -  Fax:  +49 4 41 97 22-102
> > E-mail: jan.behrens@offis.de  -  URL: http://www.offis.de
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
> 
> --
> Rodrigo de Avila
> rdeavila@gmail.com
> 
> http://www.avila.eti.br
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 


-- 
Rodrigo de Avila
rdeavila@gmail.com

http://www.avila.eti.br

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Antwort: Re: [OT] How to determine whether a session or request is SSL

Posted by Jan Behrens <Ja...@offis.de>.

Thanks Rodrigo,

do you know of a way to get the encryption level of the request as well? 
(40bit, 128bit, ...)

TIA Jan


Jan Behrens
OFFIS
FuE-Bereich Betriebliches Informations- und Wissensmanagement
Escherweg 2  -  26121 Oldenburg  -  Germany
Fon: +49 4 41 97 22 - 187  -  Fax:  +49 4 41 97 22-102
E-mail: jan.behrens@offis.de  -  URL: http://www.offis.de



Rodrigo Avila <rd...@gmail.com> 
11.03.2005 09:58
Bitte antworten an
"Tomcat Users List" <to...@jakarta.apache.org>


An
Tomcat Users List <to...@jakarta.apache.org>
Kopie

Thema
Re: [OT] How to determine whether a session or request is SSL






To know if the user use ssl, try the boolean request.isSecure().

On Fri, 11 Mar 2005 13:27:09 +0100, Jan Behrens <Ja...@offis.de> 
wrote:
> Hi list,
> 
> I would like to evaluate the current encription status of a users 
session
> or request from out of a taglib or servlet. E.g. know whether the user 
is
> using https and possibly the encryption strength used... This must be 
easy
> (I hope) but I couldn't work out how to so far and wondered whether
> anybody out there could point me into the right direction.
> 
> TIA
> 
> Jan
> 
> Jan Behrens
> OFFIS
> FuE-Bereich Betriebliches Informations- und Wissensmanagement
> Escherweg 2  -  26121 Oldenburg  -  Germany
> Fon: +49 4 41 97 22 - 187  -  Fax:  +49 4 41 97 22-102
> E-mail: jan.behrens@offis.de  -  URL: http://www.offis.de
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 


-- 
Rodrigo de Avila
rdeavila@gmail.com

http://www.avila.eti.br

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: [OT] How to determine whether a session or request is SSL

Posted by Rodrigo Avila <rd...@gmail.com>.

To know if the user use ssl, try the boolean request.isSecure().

On Fri, 11 Mar 2005 13:27:09 +0100, Jan Behrens <Ja...@offis.de> wrote:
> Hi list,
> 
> I would like to evaluate the current encription status of a users session
> or request from out of a taglib or servlet. E.g. know whether the user is
> using https and possibly the encryption strength used... This must be easy
> (I hope) but I couldn't work out how to so far and wondered whether
> anybody out there could point me into the right direction.
> 
> TIA
> 
> Jan
> 
> Jan Behrens
> OFFIS
> FuE-Bereich Betriebliches Informations- und Wissensmanagement
> Escherweg 2  -  26121 Oldenburg  -  Germany
> Fon: +49 4 41 97 22 - 187  -  Fax:  +49 4 41 97 22-102
> E-mail: jan.behrens@offis.de  -  URL: http://www.offis.de
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 


-- 
Rodrigo de Avila
rdeavila@gmail.com

http://www.avila.eti.br

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org