Web container request attributes

A web container provides three custom HttpServletRequest attributes that can be used to provide a servlet or a trust association interceptor (TAI) with the certificate information for a request.

These HttpServletRequest attributes provide information about a client, such as a web server plug-in, that is directly connected to the web container:

The com.ibm.websphere.ssl.direct_connection_peer_certificates attribute contains a X509Certificate[] object of the certificate for a direct peer.
The com.ibm.websphere.ssl.direct_connection_cipher_suite attribute contains a string object of a direct cipher suite.
The com.ibm.websphere.webcontainer.is_direct_connection attribute contains a boolean object that indicates whether the connection was made through a Web server, or was made directly to WebSphere Application Server.

These attributes are different from the usual JEE defined certificate properties which provide information about the end user who is typically connected to the web server. These attributes are available to all applications and can be used when appropriate.