Re: [Jetty-support] why does javax.servlet.request.X509Certificate always returned as NULL from HTT

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

I really don't like AJP13 plus mod_proxy is about 15% faster
than it, so there are good reasons to use mod_proxy - if only they
would add load balancing support.

So please do send me a TCP/IP capture if it does not container anything
too private.   It sounds like a low cost option to add.

cheers

Ian Huynh wrote:
> *chuckle* 
> 
> I have a very suspicious feeling that BEA did some hardcoding in their code to
> capture the cert.
> 
> I did some more testing and found out that IF the HTTP header containing the 
> Client Certificate produced by mod_proxy is called SSLClientCert, the javax.servlet.request.X509Certificate
> will contain an object. Otherwise, it also returns null.
> 
> So i'll bet $1.00 that they probably just look for the special name in the header
> and turn it into a javax.servlet.request  HTTP Request attribute.
> 
> if u really are interestin in the TCP dump, let me know.
> 
> I am not sure if this is a useful feature for Jetty or not since AJP13 and modJK 
> provides, in net effect, the same functionality. However, there are cases
> where people just aren't able to use AJP simply b/c of company policies or
> b/c the j2ee server behind it doesn't support it.  
> 
> 
> 
> 
>>-----Original Message-----
>>From: Greg Wilkins [mailto:gr...@mo...]
>>Sent: Thursday, September 25, 2003 3:51 PM
>>To: Ian Huynh
>>Cc: jet...@li...
>>Subject: Re: [Jetty-support] why does
>>javax.servlet.request.X509Certificate always returned as NULL 
>>from HTTP
>>Request getAttribute()
>>
>>
>>
>>Ian Huynh wrote:
>>
>>>What you suggested below implies that I have enabled SSL on 
>>
>>Jetty which I am not.
>>
>>>SSL is done in Apache which then proxy the HTTP (not HTTPS) 
>>
>>request over to Jetty.
>>
>>> 
>>>Looks like the BEA folks some how was able to get at the 
>>
>>SSL cert in the HTTP stream.
>>
>>> 
>>
>>Sorry I misunderstood your question.
>>
>>Is it possible for you to do a TCP/IP capture of the traffic
>>between apache and BEA, so we can see where they are putting the
>>certificate details.
>>
>>regards
>>
>>
>>-- 
>>Greg Wilkins<gr...@mo...>             Phone/fax: +44 7092063462
>>Mort Bay Consulting Australia and UK.          http://www.mortbay.com
>>
> 
> 

-- 
Greg Wilkins<gr...@mo...>             Phone/fax: +44 7092063462
Mort Bay Consulting Australia and UK.          http://www.mortbay.com

Re: [Jetty-support] why does javax.servlet.request.X509Certificate always returned as NULL from HTT

Re: [Jetty-support] why does javax.servlet.request.X509Certificate always returned as NULL from HTTP Request getAttribute()