Apache Tomcat 7.0.28

org.apache.catalina.valves
Class SSLValve

java.lang.Object
  extended by org.apache.catalina.util.LifecycleBase
      extended by org.apache.catalina.util.LifecycleMBeanBase
          extended by org.apache.catalina.valves.ValveBase
              extended by org.apache.catalina.valves.SSLValve
All Implemented Interfaces:
MBeanRegistration, Contained, Lifecycle, Valve

public class SSLValve
extends ValveBase

When using mod_proxy_http, the client SSL information is not included in the protocol (unlike mod_jk and mod_proxy_ajp). To make the client SSL information available to Tomcat, some additional configuration is required. In httpd, mod_headers is used to add the SSL information as HTTP headers. In Tomcat, this valve is used to read the information from the HTTP headers and insert it into the request.

Note: Ensure that the headers are always set by httpd for all requests to prevent a client spoofing SSL information by sending fake headers.

In httpd.conf add the following:

 <IfModule ssl_module>
   RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
   RequestHeader set SSL_CIPHER "%{SSL_CIPHER}s"
   RequestHeader set SSL_SESSION_ID "%{SSL_SESSION_ID}s"
   RequestHeader set SSL_CIPHER_USEKEYSIZE "%{SSL_CIPHER_USEKEYSIZE}s"
 </IfModule>
 
In server.xml, configure this valve under the Engine element in server.xml:
 <Engine ...>
   <Valve className="org.apache.catalina.valves.SSLValve" />
   <Host ... />
 </Engine>
 


Field Summary
 
Fields inherited from class org.apache.catalina.valves.ValveBase
asyncSupported, container, containerLog, info, next, sm
 
Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase
mserver
 
Fields inherited from interface org.apache.catalina.Lifecycle
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
 
Constructor Summary
SSLValve()
           
 
Method Summary
 void invoke(Request request, Response response)
          The implementation-specific logic represented by this Valve.
 String mygetHeader(Request request, String header)
           
 
Methods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, event, getContainer, getDomainInternal, getInfo, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setContainer, setNext, startInternal, stopInternal, toString
 
Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister
 
Methods inherited from class org.apache.catalina.util.LifecycleBase
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, init, removeLifecycleListener, setState, setState, start, stop
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

SSLValve

public SSLValve()
Method Detail

mygetHeader

public String mygetHeader(Request request,
                          String header)

invoke

public void invoke(Request request,
                   Response response)
            throws IOException,
                   ServletException
Description copied from class: ValveBase
The implementation-specific logic represented by this Valve. See the Valve description for the normal design patterns for this method.

This method MUST be provided by a subclass.

Specified by:
invoke in interface Valve
Specified by:
invoke in class ValveBase
Parameters:
request - The servlet request to be processed
response - The servlet response to be created
Throws:
IOException - if an input/output error occurs
ServletException - if a servlet error occurs

Apache Tomcat 7.0.28

Copyright © 2000-2012 Apache Software Foundation. All Rights Reserved.