tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arieh Markel <Arieh.Mar...@Central.Sun.COM>
Subject Re: Bridging org.apache.tomcat.net.ServerSocketFactory with javax.net
Date Fri, 02 Jun 2000 19:14:59 GMT

> Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
> X-No-Archive: yes
> list-help: <mailto:tomcat-dev-help@jakarta.apache.org>
> list-unsubscribe: <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> list-post: <mailto:tomcat-dev@jakarta.apache.org>
> Delivered-To: mailing list tomcat-dev@jakarta.apache.org
> From: Costin Manolache <costin@eng.sun.com>
> To: tomcat-dev@jakarta.apache.org
> Subject: Re: Bridging org.apache.tomcat.net.ServerSocketFactory with javax.net
> X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N
> 
> Arieh Markel wrote:
> 
> > During my work on trying to get SSL to work with Jakarta/Tomcat, I ran
> > across the issue of (in)compatibility between the ServerSocketFactory
> > classes found in org.apache.tomcat.net and javax.net.
> >
> > I realized the utility of being able to bridge between both definitions.
> >
> > As a result I am proposing the incorporation of the following class,
> > which could then be extended by specialized factory implementations
> > (for SSL, at least):
> 
> What's the difference ? Can you give a bit more details ?

The difference results from the fact that the tomcat and the javax.net
classes have (almost) similar signatures, yet they are different.

The implementations of PoolTcp* use the apache classes.

I have been playing with extending the PoolTcpConnector class into
an SSLPoolTcpConnector that would just set a SSL-specific
SocketServerFactory.

The following are the classes I have begun defining:

	DefaultSSLServerSocketFactory.java
	SSLPoolTcpConnector.java
	SSLServerSocketFactory.java
	ServerSocketFactoryWrapper.java
	
Then, an addition of appropriate lines on the server.xml should
provide that.

        <Connector className="org.apache.tomcat.service.SSLPoolTcpConnector">
            <Parameter name="handler"
                value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
            <Parameter name="port" value="8090"/>
            <Parameter name="thread_pool" value="on"/>
            <Parameter name="max_threads" value="100"/>
            <Parameter name="max_spare_threads" value="30"/>
            <Parameter name="min_spare_threads" value="10"/>
            <Parameter name="key_store" value="etc/security/keystore">
            <Parameter name="cert_store" value="etc/security/certs">
        </Connector>
        
(Not sure if all parameters - see below - need to be explicit.
Also, what about the ability to specify on the configuration the
SSL ServerSocketFactory that needs to be used ?).


One of the issues that I am running across are the need to be able
to configure the following items:

	location of KeyStore
	location of Certificates
	
also, depending on implementations:

	protocol		(defaults to TLS)
	encoding algorithm	(X509)
	passphrase (location ?)
	
	
> 
> I am very interested in this topic -  I'm also working on Certificate-based
> authentication and bridging javax.net.ssl,  can you share some code  ?

I will provide the code as soon as I am happy with what I have
and see it running on my environment (probably early next week).

Arieh


> 
> Costin
> 

--
 Arieh Markel		                Sun Microsystems Inc.
 Network Storage                        500 Eldorado Blvd. MS UBRM11-194
 e-mail: arieh.markel@sun.COM           Broomfield, CO 80021
 Let's go Panthers !!!!                 Phone: (303) 272-8547 x78547
 (e-mail me with subject SEND PUBLIC KEY to get public key)


Mime
View raw message