org.apache.catalina.valves
Class SSLValve
java.lang.Object
org.apache.catalina.util.LifecycleBase
org.apache.catalina.util.LifecycleMBeanBase
org.apache.catalina.valves.ValveBase
org.apache.catalina.valves.SSLValve
- All Implemented Interfaces:
- MBeanRegistration, Contained, Lifecycle, Valve
public class SSLValve
- extends ValveBase
When using mod_proxy_http, the client SSL information is not included in the
protocol (unlike mod_jk and mod_proxy_ajp). To make the client SSL
information available to Tomcat, some additional configuration is required.
In httpd, mod_headers is used to add the SSL information as HTTP headers. In
Tomcat, this valve is used to read the information from the HTTP headers and
insert it into the request.
Note: Ensure that the headers are always set by httpd for all requests to
prevent a client spoofing SSL information by sending fake headers.
In httpd.conf add the following:
<IfModule ssl_module>
RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
RequestHeader set SSL_CIPHER "%{SSL_CIPHER}s"
RequestHeader set SSL_SESSION_ID "%{SSL_SESSION_ID}s"
RequestHeader set SSL_CIPHER_USEKEYSIZE "%{SSL_CIPHER_USEKEYSIZE}s"
</IfModule>
In server.xml, configure this valve under the Engine element in server.xml:
<Engine ...>
<Valve className="org.apache.catalina.valves.SSLValve" />
<Host ... />
</Engine>
Fields inherited from interface org.apache.catalina.Lifecycle |
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT |
Methods inherited from class org.apache.catalina.valves.ValveBase |
backgroundProcess, event, getContainer, getDomainInternal, getInfo, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setContainer, setNext, startInternal, stopInternal, toString |
Methods inherited from class org.apache.catalina.util.LifecycleBase |
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, init, removeLifecycleListener, setState, setState, start, stop |
SSLValve
public SSLValve()
mygetHeader
public String mygetHeader(Request request,
String header)
invoke
public void invoke(Request request,
Response response)
throws IOException,
ServletException
- Description copied from class:
ValveBase
- The implementation-specific logic represented by this Valve. See the
Valve description for the normal design patterns for this method.
This method MUST be provided by a subclass.
- Specified by:
invoke
in interface Valve
- Specified by:
invoke
in class ValveBase
- Parameters:
request
- The servlet request to be processedresponse
- The servlet response to be created
- Throws:
IOException
- if an input/output error occurs
ServletException
- if a servlet error occurs
Copyright © 2000-2012 Apache Software Foundation. All Rights Reserved.