Package org.apache.catalina.valves
Class SSLValve
- java.lang.Object
- 
- org.apache.catalina.util.LifecycleBase
- 
- org.apache.catalina.util.LifecycleMBeanBase
- 
- org.apache.catalina.valves.ValveBase
- 
- org.apache.catalina.valves.SSLValve
 
 
 
 
- 
- All Implemented Interfaces:
- javax.management.MBeanRegistration,- Contained,- JmxEnabled,- Lifecycle,- Valve
 
 public class SSLValve extends ValveBase When using mod_proxy_http, the client SSL information is not included in the protocol (unlike mod_jk and mod_proxy_ajp). To make the client SSL information available to Tomcat, some additional configuration is required. In httpd, mod_headers is used to add the SSL information as HTTP headers. In Tomcat, this valve is used to read the information from the HTTP headers and insert it into the request.Note: Ensure that the headers are always set by httpd for all requests to prevent a client spoofing SSL information by sending fake headers. In httpd.conf add the following: <IfModule ssl_module> RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s" RequestHeader set SSL_CIPHER "%{SSL_CIPHER}s" RequestHeader set SSL_SESSION_ID "%{SSL_SESSION_ID}s" RequestHeader set SSL_CIPHER_USEKEYSIZE "%{SSL_CIPHER_USEKEYSIZE}s" </IfModule>In server.xml, configure this valve under the Engine element in server.xml:<Engine ...> <Valve className="org.apache.catalina.valves.SSLValve" /> <Host ... /> </Engine> 
- 
- 
Nested Class Summary- 
Nested classes/interfaces inherited from interface org.apache.catalina.LifecycleLifecycle.SingleUse
 
- 
 - 
Field Summary- 
Fields inherited from class org.apache.catalina.valves.ValveBaseasyncSupported, container, containerLog, next, sm
 - 
Fields inherited from class org.apache.catalina.util.LifecycleMBeanBasemserver
 - 
Fields inherited from interface org.apache.catalina.LifecycleAFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
 
- 
 - 
Constructor SummaryConstructors Constructor Description SSLValve()
 - 
Method SummaryAll Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.StringgetSslCipherHeader()java.lang.StringgetSslCipherUserKeySizeHeader()java.lang.StringgetSslClientCertHeader()java.lang.StringgetSslClientEscapedCertHeader()java.lang.StringgetSslSessionIdHeader()voidinvoke(Request request, Response response)Perform request processing as required by this Valve.java.lang.StringmygetHeader(Request request, java.lang.String header)voidsetSslCipherHeader(java.lang.String sslCipherHeader)voidsetSslCipherUserKeySizeHeader(java.lang.String sslCipherUserKeySizeHeader)voidsetSslClientCertHeader(java.lang.String sslClientCertHeader)voidsetSslClientEscapedCertHeader(java.lang.String sslClientEscapedCertHeader)voidsetSslSessionIdHeader(java.lang.String sslSessionIdHeader)- 
Methods inherited from class org.apache.catalina.valves.ValveBasebackgroundProcess, getContainer, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setContainer, setNext, startInternal, stopInternal, toString
 - 
Methods inherited from class org.apache.catalina.util.LifecycleMBeanBasedestroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregister
 - 
Methods inherited from class org.apache.catalina.util.LifecycleBaseaddLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop
 
- 
 
- 
- 
- 
Method Detail- 
getSslClientCertHeaderpublic java.lang.String getSslClientCertHeader() 
 - 
setSslClientCertHeaderpublic void setSslClientCertHeader(java.lang.String sslClientCertHeader) 
 - 
getSslClientEscapedCertHeaderpublic java.lang.String getSslClientEscapedCertHeader() 
 - 
setSslClientEscapedCertHeaderpublic void setSslClientEscapedCertHeader(java.lang.String sslClientEscapedCertHeader) 
 - 
getSslCipherHeaderpublic java.lang.String getSslCipherHeader() 
 - 
setSslCipherHeaderpublic void setSslCipherHeader(java.lang.String sslCipherHeader) 
 - 
getSslSessionIdHeaderpublic java.lang.String getSslSessionIdHeader() 
 - 
setSslSessionIdHeaderpublic void setSslSessionIdHeader(java.lang.String sslSessionIdHeader) 
 - 
getSslCipherUserKeySizeHeaderpublic java.lang.String getSslCipherUserKeySizeHeader() 
 - 
setSslCipherUserKeySizeHeaderpublic void setSslCipherUserKeySizeHeader(java.lang.String sslCipherUserKeySizeHeader) 
 - 
mygetHeaderpublic java.lang.String mygetHeader(Request request, java.lang.String header) 
 - 
invokepublic void invoke(Request request, Response response) throws java.io.IOException, ServletException Description copied from interface:ValvePerform request processing as required by this Valve. An individual Valve MAY perform the following actions, in the specified order: - Examine and/or modify the properties of the specified Request and Response.
- Examine the properties of the specified Request, completely generate the corresponding Response, and return control to the caller.
- Examine the properties of the specified Request and Response, wrap either or both of these objects to supplement their functionality, and pass them on.
- If the corresponding Response was not generated (and control was not
     returned, call the next Valve in the pipeline (if there is one) by
     executing getNext().invoke().
- Examine, but not modify, the properties of the resulting Response (which was created by a subsequently invoked Valve or Container).
 A Valve MUST NOT do any of the following things: - Change request properties that have already been used to direct the flow of processing control for this request (for instance, trying to change the virtual host to which a Request should be sent from a pipeline attached to a Host or Context in the standard implementation).
- Create a completed Response AND pass this Request and Response on to the next Valve in the pipeline.
- Consume bytes from the input stream associated with the Request, unless it is completely generating the response, or wrapping the request before passing it on.
- Modify the HTTP headers included with the Response after the
     getNext().invoke()method has returned.
- Perform any actions on the output stream associated with the
     specified Response after the getNext().invoke()method has returned.
 - Parameters:
- request- The servlet request to be processed
- response- The servlet response to be created
- Throws:
- java.io.IOException- if an input/output error occurs, or is thrown by a subsequently invoked Valve, Filter, or Servlet
- ServletException- if a servlet error occurs, or is thrown by a subsequently invoked Valve, Filter, or Servlet
 
 
- 
 
-