tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <cmanola...@yahoo.com>
Subject Re: [PROPOSAL] Standalone SSL (status?)
Date Wed, 01 Aug 2001 18:30:41 GMT
On Wed, 1 Aug 2001, Christopher Cain wrote:

> Yep, I can certainly implement it that way if you like. How does that
> jive with the current server.xml setup, though? Isn't there still a
> separate <Connector> tag in 3.3 for SSL? Does that then go away in favor
> of the Interceptor, or does the Interceptor become the "secured" cert
> option and the current connector become the "unsecured" option (with
> appropriate commenting, of course)?

The interceptors are the extension mechanism for tomcat3.3 ( well, all
functionality in 3.3 is implemented in interceptors/modules ).

That includes request processing, but also configuration, listening for
connections, threads, etc ( similar with Apache2.0 and MPM ).


> Also, I'm a little confused about why an Interceptor makes sense here.
> All I need to do is prompt for a password on container startup, then use
> that value to open the keystore rather than grabbing it from the
> "keystorePass" parameter on the <Connector> tag. Isn't the purpose of
> Interceptors to process client requests (can you tell I've never used
> them :-)? Maybe I just need a little clarification.

The "<Connector>" is just a module ( interceptor ) like any other.

BTW, server.xml is read by ServerXmlInterceptor, web.xml is read by
WebXmlInterceptor, users are read by SimpleRealm ( another interceptor ).

Tomcat itself just provide the core objects ( Request, etc), stores the
list of contexts and modules, and calls back the various hooks that are
implemented in modules.


> I assume you didn't like my "grab the keystorePass attribute if it's
> there, prompt if it's not idea"?

It should work ok, but it requires changes to the Http listener
interceptor, and I think it would be better to just use the normal setter.


Costin


Mime
View raw message