Legolas Woodland wrote On 04/20/07 03:23 PM,:
> Hi
> Is there any comment for this usecase?
> I think it is a common use case to put ssl acceleration on web server.
Yes, this is supported.
I'm not familiar with how to configure the SSL accelerator on Sun's
webserver product. What I do know is that we've developed a pluggable
proxy handler interface (com.sun.appserv.ProxyHandler [1]) in
GlassFish and earlier SJSAS releases, which allows an appserver
instance to retrieve information about the original client request
(such as client certificate chain and SSL keysize) that was intercepted by
an SSL offloading proxy.
An SSL offloader will communicate this information to the appserver
instance thru HTTP request headers with product-specific names.
Sun's webserver uses request headers with names "Proxy-auth-cert" and
"Proxy-keysize", respectively, to forward the client cert chain and SSL
keysize
to the appserver instance, and the default implementation of the
com.sun.appserv.ProxyHandler interface looks for these header names.
[1]
http://fisheye5.cenqua.com/browse/~raw,r=1.4/glassfish/common-util/src/java/com/sun/appserv/ProxyHandler.java
Jan