You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jan Behrens <Ja...@offis.de> on 2005/03/11 13:27:09 UTC
[OT] How to determine whether a session or request is SSL
Hi list,
I would like to evaluate the current encription status of a users session
or request from out of a taglib or servlet. E.g. know whether the user is
using https and possibly the encryption strength used... This must be easy
(I hope) but I couldn't work out how to so far and wondered whether
anybody out there could point me into the right direction.
TIA
Jan
Jan Behrens
OFFIS
FuE-Bereich Betriebliches Informations- und Wissensmanagement
Escherweg 2 - 26121 Oldenburg - Germany
Fon: +49 4 41 97 22 - 187 - Fax: +49 4 41 97 22-102
E-mail: jan.behrens@offis.de - URL: http://www.offis.de
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Antwort: Re: Re: [OT] How to determine whether a session or request is SSL
Posted by Jan Behrens <Ja...@offis.de>.
Thanks a lot Rodrigo!
I will try the second an see what I can come up with.
Thanks again % have a nice weekend,
Jan
Jan Behrens
OFFIS
FuE-Bereich Betriebliches Informations- und Wissensmanagement
Escherweg 2 - 26121 Oldenburg - Germany
Fon: +49 4 41 97 22 - 187 - Fax: +49 4 41 97 22-102
E-mail: jan.behrens@offis.de - URL: http://www.offis.de
Rodrigo Avila <rd...@gmail.com>
11.03.2005 11:02
Bitte antworten an
"Tomcat Users List" <to...@jakarta.apache.org>
An
Tomcat Users List <to...@jakarta.apache.org>
Kopie
Thema
Re: Re: [OT] How to determine whether a session or request is SSL
Sincerily... I don know. But, reading
[http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html], I
see this tip:
"To access the SSL session ID from the request, use:
String sslID =
(String)request.getAttribute("javax.servlet.request.ssl_session");
"
And, in the ServletRequest javadoc
[http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/ServletRequest.html#getAttribute(java.lang.String)],
I found:
"For example, for requests made using HTTPS, the attribute
javax.servlet.request.X509Certificate can be used to retrieve
information on the certificate of the client."
I don't know, but maybe exist more attributes than that.
I hope it helps!
On Fri, 11 Mar 2005 14:09:18 +0100, Jan Behrens <Ja...@offis.de>
wrote:
> Thanks Rodrigo,
>
> do you know of a way to get the encryption level of the request as well?
> (40bit, 128bit, ...)
>
> TIA Jan
>
> Jan Behrens
> OFFIS
> FuE-Bereich Betriebliches Informations- und Wissensmanagement
> Escherweg 2 - 26121 Oldenburg - Germany
> Fon: +49 4 41 97 22 - 187 - Fax: +49 4 41 97 22-102
> E-mail: jan.behrens@offis.de - URL: http://www.offis.de
>
> Rodrigo Avila <rd...@gmail.com>
> 11.03.2005 09:58
> Bitte antworten an
> "Tomcat Users List" <to...@jakarta.apache.org>
>
> An
> Tomcat Users List <to...@jakarta.apache.org>
> Kopie
>
> Thema
> Re: [OT] How to determine whether a session or request is SSL
>
>
> To know if the user use ssl, try the boolean request.isSecure().
>
> On Fri, 11 Mar 2005 13:27:09 +0100, Jan Behrens <Ja...@offis.de>
> wrote:
> > Hi list,
> >
> > I would like to evaluate the current encription status of a users
> session
> > or request from out of a taglib or servlet. E.g. know whether the user
> is
> > using https and possibly the encryption strength used... This must be
> easy
> > (I hope) but I couldn't work out how to so far and wondered whether
> > anybody out there could point me into the right direction.
> >
> > TIA
> >
> > Jan
> >
> > Jan Behrens
> > OFFIS
> > FuE-Bereich Betriebliches Informations- und Wissensmanagement
> > Escherweg 2 - 26121 Oldenburg - Germany
> > Fon: +49 4 41 97 22 - 187 - Fax: +49 4 41 97 22-102
> > E-mail: jan.behrens@offis.de - URL: http://www.offis.de
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
>
> --
> Rodrigo de Avila
> rdeavila@gmail.com
>
> http://www.avila.eti.br
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
--
Rodrigo de Avila
rdeavila@gmail.com
http://www.avila.eti.br
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Re: [OT] How to determine whether a session or request is SSL
Posted by Rodrigo Avila <rd...@gmail.com>.
Sincerily... I don know. But, reading
[http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html], I
see this tip:
"To access the SSL session ID from the request, use:
String sslID = (String)request.getAttribute("javax.servlet.request.ssl_session");
"
And, in the ServletRequest javadoc
[http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/ServletRequest.html#getAttribute(java.lang.String)],
I found:
"For example, for requests made using HTTPS, the attribute
javax.servlet.request.X509Certificate can be used to retrieve
information on the certificate of the client."
I don't know, but maybe exist more attributes than that.
I hope it helps!
On Fri, 11 Mar 2005 14:09:18 +0100, Jan Behrens <Ja...@offis.de> wrote:
> Thanks Rodrigo,
>
> do you know of a way to get the encryption level of the request as well?
> (40bit, 128bit, ...)
>
> TIA Jan
>
> Jan Behrens
> OFFIS
> FuE-Bereich Betriebliches Informations- und Wissensmanagement
> Escherweg 2 - 26121 Oldenburg - Germany
> Fon: +49 4 41 97 22 - 187 - Fax: +49 4 41 97 22-102
> E-mail: jan.behrens@offis.de - URL: http://www.offis.de
>
> Rodrigo Avila <rd...@gmail.com>
> 11.03.2005 09:58
> Bitte antworten an
> "Tomcat Users List" <to...@jakarta.apache.org>
>
> An
> Tomcat Users List <to...@jakarta.apache.org>
> Kopie
>
> Thema
> Re: [OT] How to determine whether a session or request is SSL
>
>
> To know if the user use ssl, try the boolean request.isSecure().
>
> On Fri, 11 Mar 2005 13:27:09 +0100, Jan Behrens <Ja...@offis.de>
> wrote:
> > Hi list,
> >
> > I would like to evaluate the current encription status of a users
> session
> > or request from out of a taglib or servlet. E.g. know whether the user
> is
> > using https and possibly the encryption strength used... This must be
> easy
> > (I hope) but I couldn't work out how to so far and wondered whether
> > anybody out there could point me into the right direction.
> >
> > TIA
> >
> > Jan
> >
> > Jan Behrens
> > OFFIS
> > FuE-Bereich Betriebliches Informations- und Wissensmanagement
> > Escherweg 2 - 26121 Oldenburg - Germany
> > Fon: +49 4 41 97 22 - 187 - Fax: +49 4 41 97 22-102
> > E-mail: jan.behrens@offis.de - URL: http://www.offis.de
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
>
> --
> Rodrigo de Avila
> rdeavila@gmail.com
>
> http://www.avila.eti.br
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
--
Rodrigo de Avila
rdeavila@gmail.com
http://www.avila.eti.br
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Antwort: Re: [OT] How to determine whether a session or request is SSL
Posted by Jan Behrens <Ja...@offis.de>.
Thanks Rodrigo,
do you know of a way to get the encryption level of the request as well?
(40bit, 128bit, ...)
TIA Jan
Jan Behrens
OFFIS
FuE-Bereich Betriebliches Informations- und Wissensmanagement
Escherweg 2 - 26121 Oldenburg - Germany
Fon: +49 4 41 97 22 - 187 - Fax: +49 4 41 97 22-102
E-mail: jan.behrens@offis.de - URL: http://www.offis.de
Rodrigo Avila <rd...@gmail.com>
11.03.2005 09:58
Bitte antworten an
"Tomcat Users List" <to...@jakarta.apache.org>
An
Tomcat Users List <to...@jakarta.apache.org>
Kopie
Thema
Re: [OT] How to determine whether a session or request is SSL
To know if the user use ssl, try the boolean request.isSecure().
On Fri, 11 Mar 2005 13:27:09 +0100, Jan Behrens <Ja...@offis.de>
wrote:
> Hi list,
>
> I would like to evaluate the current encription status of a users
session
> or request from out of a taglib or servlet. E.g. know whether the user
is
> using https and possibly the encryption strength used... This must be
easy
> (I hope) but I couldn't work out how to so far and wondered whether
> anybody out there could point me into the right direction.
>
> TIA
>
> Jan
>
> Jan Behrens
> OFFIS
> FuE-Bereich Betriebliches Informations- und Wissensmanagement
> Escherweg 2 - 26121 Oldenburg - Germany
> Fon: +49 4 41 97 22 - 187 - Fax: +49 4 41 97 22-102
> E-mail: jan.behrens@offis.de - URL: http://www.offis.de
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
--
Rodrigo de Avila
rdeavila@gmail.com
http://www.avila.eti.br
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: [OT] How to determine whether a session or request is SSL
Posted by Rodrigo Avila <rd...@gmail.com>.
To know if the user use ssl, try the boolean request.isSecure().
On Fri, 11 Mar 2005 13:27:09 +0100, Jan Behrens <Ja...@offis.de> wrote:
> Hi list,
>
> I would like to evaluate the current encription status of a users session
> or request from out of a taglib or servlet. E.g. know whether the user is
> using https and possibly the encryption strength used... This must be easy
> (I hope) but I couldn't work out how to so far and wondered whether
> anybody out there could point me into the right direction.
>
> TIA
>
> Jan
>
> Jan Behrens
> OFFIS
> FuE-Bereich Betriebliches Informations- und Wissensmanagement
> Escherweg 2 - 26121 Oldenburg - Germany
> Fon: +49 4 41 97 22 - 187 - Fax: +49 4 41 97 22-102
> E-mail: jan.behrens@offis.de - URL: http://www.offis.de
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
--
Rodrigo de Avila
rdeavila@gmail.com
http://www.avila.eti.br
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org