You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Hartmut Keil <Ha...@adnovum.ch> on 2001/06/20 10:35:48 UTC
[PATCH] SSL session hash
Hi everybody
im writting a filter for doing some SSL related stuff,
like client-cert authentication or sever-gated-cryptography.
Therefore you must have the possibility to identify
the SSL sessin of the request. (of course you must then also
controll the SSL sessions, but that's another topic. i.e.
configuring a implementation of
org.apache.catalina.net.ServerSocketFactory
as factory for the connector.)
In general I would say:
"If there is a SSL session associated with the request,
an identifier of type 'string' must be exposed by the servlet container
to the servlet or filter programmer. It must be accessible via
a 'ServletRequest' attribute with the name
'javax.servlet.request.session_hash'."
In case of SSL session established using the javax.net.ssl API
that identifier would be SSLSession.getId() converted to a String.
I implemented that minor code change, and maybe
some of you would like to commit it. (see following diff)
In addition I will post that change for the 2.3 specification.
Thanks for supporting
Hartmut
Index: CertificatesValve.java
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/valves/CertificatesValve.java,v
retrieving revision 1.6
diff -u -r1.6 CertificatesValve.java
--- CertificatesValve.java 2001/01/23 02:53:03 1.6
+++ CertificatesValve.java 2001/06/20 07:49:08
@@ -384,6 +384,9 @@
}
request.getRequest().setAttribute(Globals.KEY_SIZE_ATTR,
keySize);
+ if(session.getId() != null)
+
request.getRequest().setAttribute(Globals.SESSION_HASH,new
String(session.getId()));
+
// if (debug >= 2)
// log(" expose: Has cipher suite " + cipherSuite +
// " and key size " + keySize);
Index: Globals.java
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/Globals.java,v
retrieving revision 1.27
diff -u -r1.27 Globals.java
--- Globals.java 2001/05/15 03:25:47 1.27
+++ Globals.java 2001/06/20 07:47:47
@@ -92,6 +92,13 @@
public static final String CIPHER_SUITE_ATTR =
"javax.servlet.request.cipher_suite";
+ /**
+ * The request attribute under which we store the identifier of the
+ * SSL connection (as an object of type java.lang.String).
+ *
+ */
+ public static final String SESSION_HASH =
+ "javax.servlet.request.session_hash";
/**
* The servlet context attribute under which we store the class
loader
--
+---------------------------------------------------------------------+
Hartmut Keil mailto:Hartmut.Keil@adnovum.ch
Software Engineer Diplom Physiker
AdNovum Informatik AG http://www.adnovum.ch phone: +41 (1) 272 6111
Roentgenstrasse 22, CH-8005 Zuerich fax: +41 (1) 272 6312
+---------------------------------------------------------------------+
AdNovum Software Inc. San Mateo, CA 94404 phone: +1 (650) 52 59322
1400 Fashion Island Boulevard, Suite 309 fax: +1 (650) 52 59324
+---------------------------------------------------------------------+