SSLValve (Apache Tomcat 7.0.109 API Documentation)

java.lang.Object
- org.apache.catalina.util.LifecycleBase
- - org.apache.catalina.util.LifecycleMBeanBase
  - - org.apache.catalina.valves.ValveBase
    - - org.apache.catalina.valves.SSLValve

All Implemented Interfaces:

MBeanRegistration, Contained, JmxEnabled, Lifecycle, Valve
```
public class SSLValve
extends ValveBase
```
When using mod_proxy_http, the client SSL information is not included in the protocol (unlike mod_jk and mod_proxy_ajp). To make the client SSL information available to Tomcat, some additional configuration is required. In httpd, mod_headers is used to add the SSL information as HTTP headers. In Tomcat, this valve is used to read the information from the HTTP headers and insert it into the request.
Note: Ensure that the headers are always set by httpd for all requests to prevent a client spoofing SSL information by sending fake headers.
In httpd.conf add the following:
```
 <IfModule ssl_module>
   RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
   RequestHeader set SSL_CIPHER "%{SSL_CIPHER}s"
   RequestHeader set SSL_SESSION_ID "%{SSL_SESSION_ID}s"
   RequestHeader set SSL_CIPHER_USEKEYSIZE "%{SSL_CIPHER_USEKEYSIZE}s"
 </IfModule>
 
```
In server.xml, configure this valve under the Engine element in server.xml:
```
 <Engine ...>
   <Valve className="org.apache.catalina.valves.SSLValve" />
   <Host ... />
 </Engine>
 
```

Nested Class Summary
- Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle
  Lifecycle.SingleUse

Field Summary
- Fields inherited from class org.apache.catalina.valves.ValveBase
  asyncSupported, container, containerLog, info, next, sm
- Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase
  mserver
- Fields inherited from interface org.apache.catalina.Lifecycle
  AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Constructors
Constructor and Description

SSLValve()

Constructors
Constructor and Description
`SSLValve()`

Method Summary

Methods
Modifier and Type	Method and Description
`String`	`getSslCipherHeader()`
`String`	`getSslCipherUserKeySizeHeader()`
`String`	`getSslClientCertHeader()`
`String`	`getSslSessionIdHeader()`
`void`	`invoke(Request request, Response response)` The implementation-specific logic represented by this Valve.
`String`	`mygetHeader(Request request, String header)`
`void`	`setSslCipherHeader(String sslCipherHeader)`
`void`	`setSslCipherUserKeySizeHeader(String sslCipherUserKeySizeHeader)`
`void`	`setSslClientCertHeader(String sslClientCertHeader)`
`void`	`setSslSessionIdHeader(String sslSessionIdHeader)`

Methods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, event, getContainer, getDomainInternal, getInfo, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setContainer, setNext, startInternal, stopInternal, toString

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister

Methods inherited from class org.apache.catalina.util.LifecycleBase
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail
- SSLValve
```
public SSLValve()
```

Method Detail

getSslClientCertHeader

public String getSslClientCertHeader()

setSslClientCertHeader

public void setSslClientCertHeader(String sslClientCertHeader)

getSslCipherHeader
```
public String getSslCipherHeader()
```

setSslCipherHeader

public void setSslCipherHeader(String sslCipherHeader)

getSslSessionIdHeader
```
public String getSslSessionIdHeader()
```

setSslSessionIdHeader

public void setSslSessionIdHeader(String sslSessionIdHeader)

getSslCipherUserKeySizeHeader

public String getSslCipherUserKeySizeHeader()

setSslCipherUserKeySizeHeader

public void setSslCipherUserKeySizeHeader(String sslCipherUserKeySizeHeader)

mygetHeader

public String mygetHeader(Request request,
                 String header)

invoke
```
public void invoke(Request request,
          Response response)
            throws IOException,
                   ServletException
```
Description copied from class: ValveBase

The implementation-specific logic represented by this Valve. See the Valve description for the normal design patterns for this method.
This method MUST be provided by a subclass.

Specified by:

invoke in interface Valve

Specified by:

invoke in class ValveBase

Parameters:
request - The servlet request to be processed
response - The servlet response to be created

Throws:

IOException - if an input/output error occurs

ServletException - if a servlet error occurs

Class SSLValve

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle

Field Summary

Fields inherited from class org.apache.catalina.valves.ValveBase

Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase

Fields inherited from interface org.apache.catalina.Lifecycle

Constructor Summary

Method Summary

Methods inherited from class org.apache.catalina.valves.ValveBase

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase

Methods inherited from class org.apache.catalina.util.LifecycleBase

Methods inherited from class java.lang.Object

Constructor Detail

SSLValve

Method Detail

getSslClientCertHeader

setSslClientCertHeader

getSslCipherHeader

setSslCipherHeader

getSslSessionIdHeader

setSslSessionIdHeader

getSslCipherUserKeySizeHeader

setSslCipherUserKeySizeHeader

mygetHeader

invoke