tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jam...@cardsetc.com
Subject Re: Certificate information is not transferred by Tomcat
Date Tue, 27 Jun 2000 23:17:18 GMT

According to section 5.7 of the Servlet 2.2 spec, 'SSL attributes'; the
certificate should be visible as an attribute named
'javax.servlet.request.X509Certificate', that value of which should be an
array of type 'javax.security.cert.X509Certificate'.

ServletRequest.isSecure() should return the appropriate answer whether the
request came in via HTTPS (SSL) or not.

If you write your servlets to look for SSL information in any other
attributes, or the header of the request, then it is not going to be
portable between servlet containers (although, by the sounds of it , its
not going to be portable with JRun if your servlet IS spec-compliant ;-)

Now whether Tomcat and its interceptors currently support this behaviour, I
am not sure, but I am certainly keen to know!  I'd love to know whether
this functionality will be found in 3.2 (particularly for Apache).  I'm
currently running 3.1final.

Regards,
James W.

--------------------------------------------------------------------------
Visit us at Cards Australia 2000 on Stand 31A.  Cards Australia will be
held at the Melbourne Convention Centre from July 4-6 2000.
--------------------------------------------------------------------------
This e-mail is from Cards Etc Pty Ltd (ACN: 069 533 302). It may contain
privileged and confidential information. It is intended for the named
recipient(s) only. If you are not an intended recipient, please notify us
immediately by reply e-mail or by phone on +61 2 9212 7773 & delete this
e-mail from your system.
--------------------------------------------------------------------------



Mime
View raw message