A web container provides three custom HttpServletRequest
attributes that can be used to provide a servlet or a trust association
interceptor (TAI) with the certificate information for a request.
These HttpServletRequest attributes provide information about a
client, such as a web server plug-in, that is directly connected to
the web container:
- The com.ibm.websphere.ssl.direct_connection_peer_certificates
attribute contains a X509Certificate[] object of the certificate for
a direct peer.
- The com.ibm.websphere.ssl.direct_connection_cipher_suite attribute
contains a string object of a direct cipher suite.
- The com.ibm.websphere.webcontainer.is_direct_connection attribute
contains a boolean object that indicates whether the connection was
made through a Web server, or was made directly to WebSphere Application
Server.
These attributes are different from the usual JEE defined certificate
properties which provide information about the end user who is typically
connected to the web server. These attributes are available to all
applications and can be used when appropriate.