Some more information.
I switched to implementing a GlassFishValve and now use the:
Manager manager = request.getContext().getManager();
Session session = manager.createSession(cid);
manager.changeSessionId(session);
request.changeSessionId(cid);
to store the gathered SSL Session as a new identifier for the Session object.
But this does not work.
Looking at the
http://www.docjar.com/html/api/org/apache/catalina/session/ManagerBase.java.html
public Session createSession(String sessionId) {
this does not look like it's working :)
Any further ideas highly appreciated ..
Thanks,
Markus
On 6 April 2011 11:59, Markus Eisele <myfear_at_web.de> wrote:
> Hi all,
>
> I am trying to assign an SSL Session Id as the WebContainer HTTPSession Id.
> There are a couple of posts around suggesting to use a import
> org.apache.catalina.Valve implementation.
> (compare Jan's post here http://blogs.sun.com/jluehe/date/200712 and
> this forum discussion http://forums.java.net/node/676577 )
> BUT ... I am not able to find a suitable replacement for:
>
> ...
> CoyoteRequest coyoReq = (CoyoteRequest) request;
> coyoReq.setRequestedSessionId(cid);
> ...
>
> what seems to have worked with v2 / v3 and doesn't with 3.1
>
> I am able to get the SSL Session ID with my Custom Valve:
>
> Integer cidsize =
> (Integer)request.getAttribute("javax.servlet.request.key_size"); //
> first
> String cid = (String)request.getAttribute("javax.servlet.request.ssl_session");
> // get the SSL Session
>
> Thanks for any hints!
>
> Rgds
> Markus
>