You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/12/09 18:04:18 UTC
DO NOT REPLY [Bug 25363] New: -
request.getAttributeNames() not working properly
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25363>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25363
request.getAttributeNames() not working properly
Summary: request.getAttributeNames() not working properly
Product: Tomcat 5
Version: 5.0.16
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Other
Component: Connector:JK 2
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: makub@ics.muni.cz
When request attributes are sent by mod_jk from Apache to Tomcat5.0.16's Coyote
AJP/1.3 handler, these attributes are not listed by request.getAttributeNames().
They are accesible when specificaly asked for them using request.getAttribute(),
but even after this they are not listed by request.getAttributeNames().
Steps to reproduce:
1) set up Apache with SSL support and mod_jk (or mod_jk2)
2) enable sending SSL attributes in httpd.conf using
LoadModule jk_module libexec/mod_jk1.2.5.so
JkWorkersFile "/etc/httpd/workers.properties"
JkLogFile "/var/log/httpd/mod_jk.log"
JkLogLevel info
JkOptions +ForwardKeySize +ForwardURIEscaped -ForwardDirectories
JkExtractSSL On
JkEnvVar SSL_PROTOCOL "default"
JkEnvVar SSL_VERSION_INTERFACE "default"
JkMount /mywebapp/* myworker
<Location "/mywebapp/*">
SSLOptions +ExportCertData +StdEnvVars
</Location>
3) in Tomcat, in webapplication "mywebapp" create a JSP page with following code:
<b>Enumerated request attributes:</b><br>
<%java.util.Enumeration en1=request.getAttributeNames();
while(en1.hasMoreElements()) {
String name = (String)en1.nextElement();
out.println(name+"="+request.getAttribute(name)+"<br>");
}%>
<b>Asked request attributes:</b><br>
javax.servlet.request.cipher_suite=<%=request.getAttribute("javax.servlet.request.cipher_suite") %><br>
javax.servlet.request.key_size=<%=request.getAttribute("javax.servlet.request.key_size") %><br>
javax.servlet.request.X509Certificate=<%=request.getAttribute("javax.servlet.request.X509Certificate") %><br>
javax.servlet.request.ssl_session=<%=request.getAttribute("javax.servlet.request.ssl_session") %><br>
SSL_PROTOCOL=<%=request.getAttribute("SSL_PROTOCOL") %><br>
SSL_VERSION_INTERFACE=${SSL_VERSION_INTERFACE}<br>
<b>Again enumerated request attributes:</b><br>
<%java.util.Enumeration en2=request.getAttributeNames();
while(en2.hasMoreElements()) {
String name = (String)en2.nextElement();
out.println(name+"="+request.getAttribute(name)+"<br>");
}%>
4) access the page from a webbrowser. The page will display:
Enumerated request attributes:
Asked request attributes:
javax.servlet.request.cipher_suite=RC4-MD5
javax.servlet.request.key_size=128
javax.servlet.request.X509Certificate=[Ljava.security.cert.X509Certificate;@199197b
javax.servlet.request.ssl_session=78DE7EA098961A94E2C37B410FEFCAEA4B2ACD8D8A15199AF52CED901083D870
SSL_PROTOCOL=TLSv1
SSL_VERSION_INTERFACE=mod_ssl/2.8.15
Again enumerated request attributes:
javax.servlet.request.cipher_suite=RC4-MD5
javax.servlet.request.key_size=128
javax.servlet.request.X509Certificate=[Ljava.security.cert.X509Certificate;@199197b
It means, that some request attribute names are listed after they were
specificaly asked, but not before, and not all of them.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org