From: Greg W. <gr...@mo...> - 2003-09-26 01:56:25
|
I really don't like AJP13 plus mod_proxy is about 15% faster than it, so there are good reasons to use mod_proxy - if only they would add load balancing support. So please do send me a TCP/IP capture if it does not container anything too private. It sounds like a low cost option to add. cheers Ian Huynh wrote: > *chuckle* > > I have a very suspicious feeling that BEA did some hardcoding in their code to > capture the cert. > > I did some more testing and found out that IF the HTTP header containing the > Client Certificate produced by mod_proxy is called SSLClientCert, the javax.servlet.request.X509Certificate > will contain an object. Otherwise, it also returns null. > > So i'll bet $1.00 that they probably just look for the special name in the header > and turn it into a javax.servlet.request HTTP Request attribute. > > if u really are interestin in the TCP dump, let me know. > > I am not sure if this is a useful feature for Jetty or not since AJP13 and modJK > provides, in net effect, the same functionality. However, there are cases > where people just aren't able to use AJP simply b/c of company policies or > b/c the j2ee server behind it doesn't support it. > > > > >>-----Original Message----- >>From: Greg Wilkins [mailto:gr...@mo...] >>Sent: Thursday, September 25, 2003 3:51 PM >>To: Ian Huynh >>Cc: jet...@li... >>Subject: Re: [Jetty-support] why does >>javax.servlet.request.X509Certificate always returned as NULL >>from HTTP >>Request getAttribute() >> >> >> >>Ian Huynh wrote: >> >>>What you suggested below implies that I have enabled SSL on >> >>Jetty which I am not. >> >>>SSL is done in Apache which then proxy the HTTP (not HTTPS) >> >>request over to Jetty. >> >>> >>>Looks like the BEA folks some how was able to get at the >> >>SSL cert in the HTTP stream. >> >>> >> >>Sorry I misunderstood your question. >> >>Is it possible for you to do a TCP/IP capture of the traffic >>between apache and BEA, so we can see where they are putting the >>certificate details. >> >>regards >> >> >>-- >>Greg Wilkins<gr...@mo...> Phone/fax: +44 7092063462 >>Mort Bay Consulting Australia and UK. http://www.mortbay.com >> > > -- Greg Wilkins<gr...@mo...> Phone/fax: +44 7092063462 Mort Bay Consulting Australia and UK. http://www.mortbay.com |