2014-01-29 Christopher Schultz <ch...@christopherschultz.net>: > On 1/28/14, 9:39 PM, John Palmer wrote: >> Chris: Thanks for the response. I think we can end this discussion >> - you have pretty much nailed it, I think. >> >> The great thing about having to pull together all the information >> I've gathered over that last month to make this post, is that it >> lets me see what I've been too close to see, in this case, that the >> differences are IIS 5 vs 7.5 and Jakarta vs Bon Code. >> >> I took another look at the request headers returned by Jakarta (no >> certs, no SSL info, only about 5 request headers) as opposed to >> that returned by Bon Code (about 2 dozen request headers, most >> ignored by Tomcat), to realize that the request headers probably >> weren't the information source from Jakarta. >> >> Re-reading the Tomcat Connector docs and pages for the 1,000th or >> so time, the phrase "SSL attributes of the client connection are >> passed via the AJP protocol" jumped out at me, finally, as meaning >> that this wasn't sent by request headers, but as ATTRIBUTES. >> >> Sure enough, reading through the source (NOT my strong point) of >> the "Jakarta Isapi Redirector 1.2.37" reveals that it IS putting >> the SSL info into the request forwarded to the AJP connector >> (TomCat) as Attributes, and by contrast, the Bon Code source is >> NOT. >> >> I'll recommend/ask that Bilal look into this (I'm not prepared to >> attempt this myself, yet)... I may be all wrong still... and try to >> use the Jakarta for now, instead. > > This can probably be solved using a custom Valve which converts those > HTTP headers into request attributes. Honestly, I was surprised > reading-through the Bon Code documentation that such a Valve does not > ship by default with Bon Code... it seems to be entirely necessary. >
There exists "SSLValve" http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/valves/SSLValve.html >From a quick look it may be what you are looking for. It is not documented on the usual "config/valve.html" page. :/ Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
