tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Cain <cc...@mhsoftware.com>
Subject Cert Lockdown - 3.3 Integration
Date Wed, 01 Aug 2001 23:52:11 GMT
Costin:

Okay, I've looked over the whole Interceptor/Callback scheme, as well as
the HTTP and SSL-related implementation classes, and I have a question.
As I'm sure you know, it's all a little daunting for a newcomer like
myself, so please bear with me =)

I followed the whole startup routine from Tomcat.startTomcat() all the
way through where the ContextManager calls the
ServerXMLReader.addInterceptor(). That's where the whole hairy-chested
XML parsing begins, and my brain started hurting :-) Up to the point, I
have a pretty good grasp of the process.

I then followed it from the final HTTP implementations backwards. That
led me through the various implementation classes, such as
PoolTCPConnector, ServerSocketFactory, Http10Interceptor, etc. I now
understand how the implementation happens, including the SSL stuff. I
also followed it back to BaseInterceptor, so I understand the basic
concept of how an Interceptor basically encoils the specific
implementation stuff.

So basically, the only part of the entire process that I'm missing is
the one that I need: How we get from a <RequestInterceptor> tag in
server.xml to an instantiated class that extends BaseInterceptor. I have
the following knowledge:

- The PoolTCPConnector has an "attributes" hashtable

- It also has a "setKeyspass()" method which sets a "keypass" value in
the hashtable (which a grep of the source tree turned up no specific
calls to)

- The SSLSocketFactory tried to read the "keypass" value off the
hashtable, and if it doesn't find one it goes with the default

- Http10Interceptor extends PoolTCPConnector, and it is the "className"
referenced in the current <RequestInterceptor> tag in server.xml

So my question to you is, can you fill in the last piece of the puzzle
for me? I know, I know ... I really should be smart enough to follow the
startup code through the XMLMapper jungle, and I feel stupid for asking.
After mapping through the entire process for several hours now, I guess
my brain just finally exhausted its available thread pool and cannot
process any additional code paths at this time ... "Server Busy: Try
Again Later" ;-)

So if you don't mind, can you please point me to where the server.xml
concept of a "RequestInterceptor" is instantiated into a concrete
instance of the "className" class, and how the various attributes of the
tag are transferred over to, presumably, the "attributes" hashtable? My
guess is that somewhere in the XML parsing routine, the tag attributes
are enumerated and somehow added to the "attributes" hashtable on
PoolTCPConnector. It can't be a straight shot, however, because the tag
attribute is called "keystorePass" and the SSLSocketFactory is looking
for a "keypass" entry. I just can't for the life of me find how the tag
attribute is translated into what the factory is looking for (and again,
no luck with grep).

Finally, is the right answer to create a class that extends
Http10Interceptor? It would inherit everything as-is, then adds a calls
out to my (self-contained for portability) "prompt getter" class,
calling the existing PoolTCPConnector.setKeypass() method with the
result. This would then be the "className" in a second SSL
<RequestInterceptor> tag, which would of course be commented out and
placed just below the existing one. The new <!-- --> comments would tell
the user to uncomment the first one out if they want to specify the
keystorePass in the file, or uncomment the second one if they wish to be
prompted for the password at startup. Am I on the right track?

A thousand thanks!

- Christopher

Mime
View raw message