The variables supported by the servlet interface are the following:
-
javax.servlet.request.X509Certificate -
javax.servlet.request.cipher_suite -
javax.servlet.request.ssl_session -
javax.servlet.request.key_size
To get the client certificate or any SSL information from the browser you have
to use mod_header to add the SSL information to header. To do that add in
httpd.conf of Apache httpd the following:
RequestHeader set SSL_CLIENT_CERT "%s"
RequestHeader set SSL_CIPHER "%s"
RequestHeader set SSL_SESSION_ID "%s"
RequestHeader set SSL_CIPHER_USEKEYSIZE "%s"Then you need a valve in Tomcat to extract the information from the request Headers. See the original code. The valve has been integrated in Tomcat and in JBossWeb (since 2007).
Once you have build the valves.jar copy it in server/lib/ and edit
server.xml to add <Valve className="SSLValve"/> in the <Engine/> part
of the file.