You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jerry Lampi <ja...@sdsusa.com> on 2015/12/17 22:32:43 UTC

Can server.xml Connector values be read from a servlet at runtime?

Specifically, I need to know if the value of clientAuth in the Connector 
for port 443 is set to true.

Here is my connector:
<Connector
                 port="443"
                 clientAuth="true"
                 scheme="https"
                 secure="true"
                 SSLEnabled="true"
                 maxThreads="200"
protocol="org.apache.coyote.http11.Http11NioProtocol"
                 useSendfile="false"
                 .
                 .
                 .
/>

So at runtime, can I read the value of clientAuth?

I tried:
String clientAuth = System.getProperty("clientAuth");
and
String clientAuthEnv = System.getenv("clientAuth");
They are both null.  I expected that they would be null, but I just want 
you to know I tried something.

I'm sure I could read the server.xml file in a servlet as a basic file, 
but if it were changed after Tomcat started up, its contents would not 
represent what Tomcat was configured with when it was started.

Thanks,

Jerry


---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 151217-1, 12/17/2015
Tested on: 12/17/2015 3:32:44 PM
avast! - copyright (c) 1988-2015 AVAST Software.
https://www.avast.com/antivirus




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Can server.xml Connector values be read from a servlet at runtime?

Posted by Jerry Lampi <ja...@sdsusa.com>.
The plan is to bypass the sign on page when tomcat is configured to use 
client authentication.

So if my sign on servlet gets invoked, AND clientAuth=true, I won't 
display the sign on page, but take another path.  I'll have more work to 
do to actually log the user in, but it'll be by using the certificate 
used in the TLS/SSL connection through RACF on a z/OS mainframe running 
Tomcat under USS (Unix System Services).

This is a one-off configuration for a client demanding smart card ONLY 
log in.  All other installations of the product use a normal log in page 
for sign on; not a smart card.

I'm no Tomcat expert, so if there is another way to determine if 
clientAuth=true, that would work, too.

Jerry

On 12/17/2015 3:42 PM, Mark Thomas wrote:
> On 17/12/2015 21:32, Jerry Lampi wrote:
>> Specifically, I need to know if the value of clientAuth in the Connector
>> for port 443 is set to true.
>>
>> Here is my connector:
>> <Connector
>>                  port="443"
>>                  clientAuth="true"
>>                  scheme="https"
>>                  secure="true"
>>                  SSLEnabled="true"
>>                  maxThreads="200"
>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>>                  useSendfile="false"
>>                  .
>>                  .
>>                  .
>> />
>>
>> So at runtime, can I read the value of clientAuth?
> Yes, if you go via JMX.
>
> Why do you want to do this?
>
> Mark
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
> ---
> avast! Antivirus: Inbound message clean.
> Virus Database (VPS): 151217-1, 12/17/2015
> Tested on: 12/17/2015 3:43:08 PM
> avast! - copyright (c) 1988-2015 AVAST Software.
> https://www.avast.com/antivirus
>
>
>



---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 151217-1, 12/17/2015
Tested on: 12/17/2015 4:50:31 PM
avast! - copyright (c) 1988-2015 AVAST Software.
https://www.avast.com/antivirus




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Can server.xml Connector values be read from a servlet at runtime?

Posted by Mark Thomas <ma...@apache.org>.
On 17/12/2015 21:32, Jerry Lampi wrote:
> Specifically, I need to know if the value of clientAuth in the Connector
> for port 443 is set to true.
> 
> Here is my connector:
> <Connector
>                 port="443"
>                 clientAuth="true"
>                 scheme="https"
>                 secure="true"
>                 SSLEnabled="true"
>                 maxThreads="200"
> protocol="org.apache.coyote.http11.Http11NioProtocol"
>                 useSendfile="false"
>                 .
>                 .
>                 .
> />
> 
> So at runtime, can I read the value of clientAuth?

Yes, if you go via JMX.

Why do you want to do this?

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org