You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@geronimo.apache.org by Andrew Austin <an...@yahoo.com> on 2007/07/20 18:05:45 UTC

ajp and ssl

Okay, so I've been troubleshooting an issue for
several days but no luck...I talked to the guys in
#geronimo, and while they were helpful we couldn't
nail down this issue:

If I'm on an HTTPS connection and apache uses
ProxyPass to connect to an app through AJP will my ssl
session information be obtainable in my servlet on the
geronimo/tomcat side? Secondly, how do I get the ssl
information from my jsp/servlet? Under the https
connector below, nothing is returned in
javax.servlet.request.X509Certificate.

snippet of my apache conf:
<Location /testhttps>
ProxyPass https://localhost:6667/hello/
ProxyPassReverse https://localhost:6667/hello/
ProxyPassReverseCookieDomain 127.0.0.1 localhost
ProxyPassReverseCookiePath localhost /testhttps
</Location>
<Location /testajp>
ProxyPass ajp://localhost:8009/hello/
ProxyPassReverse ajp://localhost:8009/hello/
ProxyPassReverseCookieDomain 127.0.0.1 localhost
ProxyPassReverseCookiePath localhost /testajp
</Location>

my jsp snippet:
<%
out.println((String)request.getAttribute("javax.servlet.request.ssl_session"));
out.println((String)request.getAttribute("javax.servlet.request.cipher_suite"));
out.println((String)request.getAttribute("javax.servlet.request.X509Certificate"));
%>


the above snippet returns
for https)
0000000000000000469e350600000068
SSL_DHE_RSA_WITH_AES_256_CBC_SHA null

for ajp)
null DHE-RSA-AES256-SHA null

I'm currently using tomcat 5.1.5, Java 1.4.2 and
apache 2.2.4 under SLES 10.

Thanks,
Andrew


       
____________________________________________________________________________________
Moody friends. Drama queens. Your life? Nope! - their life, your story. Play Sims Stories at Yahoo! Games.
http://sims.yahoo.com/