getAttribute with the specified
name. The value is an Integer that tells you the length of the encryption key.
However, because the return type of getAttribute is Object, you have to perform
a typecast to Integer. Be sure to check if the result is null to handle
non-SSL requests. Here is a simple example:
String keyAttribute = "javax.servlet.request.key_size";
Integer keySize =
(Integer)request.getAttribute(keyAttribute);
if (keySize != null) { ... }
Looking Up the Encryption Algorithm
In version 2.3 and later of the servlet API, SSL requests also result in an attribute
named javax.servlet.request.cipher_suite being placed in the request
object. You can access it by calling request.getAttribute with the specified
name. The value is a String that describes the encryption algorithm being used.
However, because the return type of getAttribute is Object, you have to perform
a typecast to String. Be sure to check if the result is null to handle non-SSL
requests. Here is a simple example:
String cipherAttribute = "javax.servlet.request.cipher_suite";
String cipherSuite =
(String)request.getAttribute(cipherAttribute);
if (cipherSuite != null) { ... }
4.6 Example: Programmatic Security and SSL 197
Accessing Client X.509 Certificates
Rather than using a simple username and password, some browsers permit users to
authenticate themselves with X.509 certificates. X.509 certificates are discussed in
RFC 1421.
Pages:
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246