I've an Apache server using mod_ssl to complete client-authenticated SSL. Apache apparently sets atmosphere variables (see this mod_ssl doc) which contain anyone's certificate, etc, however i can't have them from System.getProperty().
I have set SSLOptions -StdEnvVars +ExportCertData within the httpd-ssl.conf file (would be that the right place?) with no success.
System.getProperty(...) will get a method property, that is different then an atmosphere variable. For atmosphere variables, use
System.getenv(...). As described in that method's Javadoc:
System qualities and atmosphere variables are generally conceptually mappings between names and values. Both systems may be used to pass user-defined information to some Java process. Atmosphere variables possess a more global effect, since they're visible to any or all descendants from the process which defines them, not only the immediate Java subprocess. They are able to have subtly different semantics, for example situation insensitivity, on different os's. Therefore, atmosphere variables may have unintentional unwanted effects. It is advisable to use system qualities where possible. Atmosphere variables ought to be used whenever a global effect is preferred, or when an exterior system interface requires an atmosphere variable (for example
Update in reaction to OP comment below: I truly have no idea the solution, but I'll list several things you can test to assist limit the issue (most of which you might curently have attempted):
- Make sure to restart Apache after any switch to the primary configuration files, because it processes them on start-up. (I am betting you know this, however it appears worth mentioning, just just in case.)
- The documentation for
ExportCertDatatalks of "additional CGI/SSI atmosphere variables" (instead of "the conventional set" controlled by
StdEnvVars). The documentation does not clearly state that
ExportCertDatais totally separate from
StdEnvVarsit can't shock me if you cannot get individuals additional variables without first obtaining the standard set. So, it might be really worth trying
SSLOptions +StdEnvVars +ExportCertData. (Even when that does not repair the problem around the try, I'd suggest adhering with
+StdEnvVarstil you have an answer that does work, and just then switching to
-StdEnvVars, since then make certain it's O.K. to do this.)
SSLOptionsis recorded to operate within an
.htaccess, so you might like to try putting it there (since that bypasses the question of
- The documentation states this configuration is "to supply several products of SSL information to supplement atmosphere variables towards the SSI and CGI namespace" (emphasis mine). I am unsure what which means poor ColdFusion-invoked Java it might be worth developing a real CGI script within the same directory and verifying it does not receive these variables, either.
- I'm not sure much about ColdFusion. Is it feasible it's in some way realizing these atmosphere variables as sensitive, so not passing these to the Java program? (Or is it feasible that it features a limit on the size of an atmosphere variable that it'll pass for an exterior program?) It might be worth adding code within the cfm page to check on of these variables, just to ascertain if there is a difference.
- Within your Java code,
new java.util.ArrayList<String>((System.getenv().keySet()).toString()is a
Stringthat contains a (lengthy) listing of all atmosphere variables that you simply are getting. It might be worth analyzing it, just to ascertain if maybe the secrets look a little different for whatever reason from what you'd expect. (The
ArrayListpart is most likely unnecessary &mdash on my small system just
System.getenv().keySet().toString()works &mdash however the JDK documentation does not appear to be sure the latter.)