SSL offloading and WebLogic server
A couple of weeks ago I wrote about using Apache to simulate an SSL load balancer and showed this diagram:
One of the important things to note is that by default in this architecture WebLogic and any J2EE applications won't know that the user is using SSL to access the server because any calls to HttpServletRequest.isSecure() will return false!There is a solution though - two configuration directives in the Weblogic web server plug-ins (mod_wl in Apache and OHS) allow you to tweak the behavior. Those directives are WLProxySSL and WLProxySSLPassThrough.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.