Return-Path: <Andrew.Brady@ecmwf.int>
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 61254 invoked from network); 12 Jun 2000 17:41:33 -0000
Received: from ns0.ecmwf.int (193.61.196.131)
  by locus.apache.org with SMTP; 12 Jun 2000 17:41:33 -0000
Received: (from gproxy@localhost) by ns0.ecmwf.int (8.9.3/8.7.3) id RAA266304
 for <tomcat-user@jakarta.apache.org>; Mon, 12 Jun 2000 17:41:06 GMT
X-Authentication-Warning: ns0.ecmwf.int: gproxy set sender to
 <Andrew.Brady@ecmwf.int> using -f
Received: from elrond(136.156.160.99) by ns0 via smap (V2.1)
	id xma266161; Mon, 12 Jun 00 17:40:59 GMT
Received: from ecmwf.int (ringhorn [136.156.112.140]) by ecmwf.int
 (8.8.5/8.7.3) with ESMTP id RAA13308 for <tomcat-user@jakarta.apache.org>;
 Mon, 12 Jun 2000 17:40:59 GMT
Sender: syb@ecmwf.int
Message-ID: <394520AB.90EC58EE@ecmwf.int>
Date: Mon, 12 Jun 2000 18:40:59 +0100
From: Andrew Brady <Andrew.Brady@ecmwf.int>
Organization: ECMWF
X-Mailer: Mozilla 4.73C-syb [en] (X11; U; IRIX64 6.5 IP28)
MIME-Version: 1.0
To: tomcat-user@jakarta.apache.org
Subject: [Fwd: Re: Accessing SSL information within servlet]
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N

Apologies. I stupidly sent the following to the java-apache-users
list. It should have come to tomcat-users.

> I am using Apache 1.3.12, tomcat/3.1 , mod_ssl/2.6.4.
> 
> I have following conf:
> 
>   SSLOptions +StdEnvVars
>   ApJservEnvVar SSL_CLIENT_S_DN SSL_CLIENT_S_DN
> 
> and a servlet that trys for:
> 
>   HttpServletRequest.getAttribute("org.apache.jserv.SSL_CLIENT_S_DN");
> 
> The servlet works ok , but I get back null.
> 
> If I put a netcat listening on the tomcat port instead of tomcat,
> I can see that apache is passing SSL_CLIENT_S_DN.
> 
> Is there some difference in the name of the attribute.
> 
> There is a similar question (3.9 in the tomcat) FAQ-o-matic
> which has no answer.

My java is not strong, so the following may not be strictly
true, but .....

If I understand the tomcat code correctly, then passing of
arbitrary variables from apache to tomcat, using ApJservEnvVar
is not yet implemented on the tomcat servlet side.

The tomcat source file:

  jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Ajp12ConnectionHandler.java

contains the code:

    /**
      * Marker = 5 will be used by mod_jserv to send environment 
      * as key+value (dynamically configurable).
      * can be considered as "reserved", and safely ignored by ot
      * env_vars is (above in this  code) commented out for perfo
      * so theses env vars are simply ignored. (just here for com
      * but it is where mod_jserv would place SSL_* env vars (by 
      * See the new parameter for mod_jserv (version > 1.1):
      * ApJServEnvVar localname remotename
      *                                            - jluc
    */
        case 5: // Environment vars
           token1 = ajpin.readString(null);
           token2 = ajpin.readString("");
    //     env_vars.put(token1, token2);
           break;

which appears to be the relevent part. The code does not
extract the variables into env_vars as it is commented out.

Even if this code is activated, there is no other code to access
such variables in the request.

Could someone with more knowledge confirm this?

Thanks,

Andy

--
Andy Brady                          Email : a.brady@ecmwf.int
Web Services Group                    Tel : +44(0)118 9499252
E.C.M.W.F.                            Fax : +44(0)118 9869450
Shinfield Park, Reading, RG2 9AX      Web : http://www.ecmwf.int