Return-Path: 
 <users-return-242153-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
X-Original-To: apmail-tomcat-users-archive@www.apache.org
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 98F4E10F53
	for <apmail-tomcat-users-archive@www.apache.org>;
 Thu,  6 Jun 2013 05:24:31 +0000 (UTC)
Received: (qmail 79140 invoked by uid 500); 6 Jun 2013 05:24:27 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 78931 invoked by uid 500); 6 Jun 2013 05:24:16 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 78922 invoked by uid 99); 6 Jun 2013 05:24:15 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Jun 2013 05:24:15 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of xsdg@google.com designates
 209.85.128.47 as permitted sender)
Received: from [209.85.128.47] (HELO mail-qe0-f47.google.com) (209.85.128.47)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Jun 2013 05:24:09 +0000
Received: by mail-qe0-f47.google.com with SMTP id 1so1616172qec.6
        for <users@tomcat.apache.org>; Wed, 05 Jun 2013 22:23:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=JLKfTZ0hrY5pUMNF3ut+aqfQrcOtWYt+vB6P7h10xs8=;
        b=IKLJZc0bBFb0SWtK4ALKkE9yze7m/NIiimdUAbfG9QtRpELFvW8jCpFLB2m/oahHOD
         yPZ92gHRCPss4xPUZeFOzzEtEoYY2Rn+KYc05DZDZ50tYvV6xzQrWicUS3l76Zbh514e
         MNsti7OhmhglptHGJzNS5yO7ENIO4xRcBDeEZzQVAcUXIQROuRxL9qRejZlo9u3VwumF
         apZj3MTkTz4klC82mSZAvs0pNbWloXXaUnSBlXGkpH1AJnakV3CYgL2fiqcGsIyylnHk
         FOjPwc3pKxYLG8gSalBgkNIXo7d3tqvBpTw1icXa/46Do9OeA3eCqfdU6UKJ9HwIB9Sp
         7tjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type
         :x-gm-message-state;
        bh=JLKfTZ0hrY5pUMNF3ut+aqfQrcOtWYt+vB6P7h10xs8=;
        b=DNejqmSKYRZLsgmBCnNVOXsCEhBBUBwF92v7YMVx0TqidBle2Xtlfo0mGQ31BrrPiT
         Z/nwr+QLsfiZ8PHuylQvJ+kEU0lEtABjiOMyzcRJkEKroLPl2YxyHSv0hLIYA/0B8jDt
         SzxcYwY8ZTYrq1ulyWi5HfEr/r9rE8jcw1M5FFC7rElgO8mF2RtIRgsNh5YmRLd1V4yk
         n65vQEr296Jl9lTgTaGLLjwN1Ma6gymcINaVlgT7yKxRvsUGcNcjz5U+xDcUWX7le6rU
         3MoKo8dczwMzUDTiKzHbttRnsRKwIE1dEBIE+z6k1Rby2b2apDVkK7zVkqNs9Dk1BKNY
         M6hQ==
MIME-Version: 1.0
X-Received: by 10.224.46.66 with SMTP id i2mr33029574qaf.45.1370496228031;
 Wed, 05 Jun 2013 22:23:48 -0700 (PDT)
Received: by 10.229.135.198 with HTTP; Wed, 5 Jun 2013 22:23:47 -0700 (PDT)
Date: Wed, 5 Jun 2013 22:23:47 -0700
Message-ID: 
 <CAA8ki2vBsTXvkygS6r=FMn-9q3PYoe+Ck1ASibDphWRXwYpxfw@mail.gmail.com>
Subject: How to get SSL connection information from Apache HTTPD over AJP?
From: Omari Stephens <xsdg@google.com>
To: users@tomcat.apache.org
Content-Type: text/plain; charset=UTF-8
X-Gm-Message-State: 
 ALoCoQnJpLaZ6WFnWxyY3+t4pGNs7uXNUd8J08utW8kdluGOJG+FBUbZmDpL52eLy5L+wi3sES1zi1BfeVEFg8YiI23m19oOkQmALBqOW6ITUqdFR/wwiBXwvWiuFKyAg8KtRFFjLaFCVcfKzu5AZLukK3BUYqYNgRg9t5D08ZumWz01IcFy4OAs8AKBloar3mwP7pNRph1P
X-Virus-Checked: Checked by ClamAV on apache.org

Howdy, y'all

I'm working on porting a pure java CGI to a servlet.  I'm using Tomcat
6 behind Apache HTTPD 2.2.

At this point, I have everything talking to each other fine.  When I
hit the right URL on httpd, my servlet gets run.  yay.

My question: incoming connections to httpd are over SSL.  For the CGI,
apache sets user-identifying information in the environment, so that I
can read a particular environment variable and uniquely identify the
user making the request.

So far, I can't figure out how to uniquely identify the user from the
Tomcat side.  All of the obvious methods (like #getRemoteUser()) from
HttpServletRequest return null.  I see "JkEnvVar" at
http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html,
but either that only copies variables from Apache's environment
(rather than ones that it sets for CGI), or I'm not using it
correctly.

Lastly, I'm not hitting Tomcat SSL directly because I depend on a
module that only exists for Apache HTTPD.

Thanks,
--xsdg

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org