tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James House <james.ho...@medibuy.com>
Subject RE: How to tell if request came via HTTPS?
Date Mon, 09 Oct 2000 22:14:20 GMT

Thanks, but again, getAuthType() is related to AUTHENTICATION not to whether
or not the connection is secure (The JavaDOC just says that it's the
equivalent of CGI's AUTH_TYPE attribute). 

HTTP has authentication schemes for passing user login/password info:
allows for md5, des, etc.

Besides that, tomcat 3.1 just returns "null" from this call.

The maxim? 'Coders should read ALL of the JavaDOCs AND KNOW THE PROTOCOL
THEY'RE WORKING WITH!"

Why did this thread have to get nasty?  ... please let's drop it at this!

James

-----Original Message-----
From: Joe Shevland [mailto:shevlandj@kpi.com.au]
Sent: Monday, October 09, 2000 3:55 PM
To: tomcat-user@jakarta.apache.org
Subject: RE: How to tell if request came via HTTPS?


request.getAuthType()?

This returns "BASIC" or "SSL" according to the servlet 2.1 specification
(Tomcat may not return this correctly in 3.1). In all fairness though James,
this is just a basic method of the API which a quick download of the 2.1
JavaDocs would give you (which is what I just had to do ;)

The maxim? 'Coders help those that help themselves ;)'

Cheers,
Joe

> -----Original Message-----
> From: James House [mailto:james.house@medibuy.com]
> Sent: Tuesday, October 10, 2000 8:33 AM
> To: tomcat-user@jakarta.apache.org
> Subject: RE: How to tell if request came via HTTPS?
>
>
>
> Boy, you're friendly.
>
> I simply forgot to mention that I'm writing against the 2.1 spec.
>
> Does anyone (courteous) know if there's a way to do this in the 2.1 spec?
>
>
> -----Original Message-----
> From: forsythe@bart.netvoice.net [mailto:forsythe@bart.netvoice.net]On
> Behalf Of Charles Forsythe
> Sent: Monday, October 09, 2000 3:21 PM
> To: tomcat-user@jakarta.apache.org
> Subject: Re: How to tell if request came via HTTPS?
>
>
> James House wrote:
> > Can someone tell me if there is a way to determine whether or not a
> > request came in via HTTPS rather than HTTP?
>
> The Request object has a method called isSecure().  Guess what it does.
>
> I'm not sure that someone too stupid to read the basic documentation of
> the API he's trying to program should be trusted writing a secure
> application, but that's your employer's problem.
>
> -- Charles
>

Mime
View raw message