Return-Path: 
 <tomcat-dev-return-25444-apmail-jakarta-tomcat-dev-archive=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org
Received: (qmail 16883 invoked by uid 500); 1 Aug 2001 18:30:12 -0000
Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:tomcat-dev-help@jakarta.apache.org>
list-unsubscribe: <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
list-post: <mailto:tomcat-dev@jakarta.apache.org>
Reply-To: tomcat-dev@jakarta.apache.org
Delivered-To: mailing list tomcat-dev@jakarta.apache.org
Received: (qmail 16864 invoked from network); 1 Aug 2001 18:30:12 -0000
Date: Wed, 1 Aug 2001 11:30:41 -0700 (PDT)
From: <cmanolache@yahoo.com>
X-X-Sender: <costin@costin>
To: <tomcat-dev@jakarta.apache.org>
Subject: Re: [PROPOSAL] Standalone SSL (status?)
In-Reply-To: <3B6842D4.C28ACFBA@mhsoftware.com>
Message-ID: <Pine.LNX.4.33.0108011120170.1107-100000@costin>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Rating: localhost.apache.org 1.6.2 0/1000/N

On Wed, 1 Aug 2001, Christopher Cain wrote:

> Yep, I can certainly implement it that way if you like. How does that
> jive with the current server.xml setup, though? Isn't there still a
> separate <Connector> tag in 3.3 for SSL? Does that then go away in favor
> of the Interceptor, or does the Interceptor become the "secured" cert
> option and the current connector become the "unsecured" option (with
> appropriate commenting, of course)?

The interceptors are the extension mechanism for tomcat3.3 ( well, all
functionality in 3.3 is implemented in interceptors/modules ).

That includes request processing, but also configuration, listening for
connections, threads, etc ( similar with Apache2.0 and MPM ).


> Also, I'm a little confused about why an Interceptor makes sense here.
> All I need to do is prompt for a password on container startup, then use
> that value to open the keystore rather than grabbing it from the
> "keystorePass" parameter on the <Connector> tag. Isn't the purpose of
> Interceptors to process client requests (can you tell I've never used
> them :-)? Maybe I just need a little clarification.

The "<Connector>" is just a module ( interceptor ) like any other.

BTW, server.xml is read by ServerXmlInterceptor, web.xml is read by
WebXmlInterceptor, users are read by SimpleRealm ( another interceptor ).

Tomcat itself just provide the core objects ( Request, etc), stores the
list of contexts and modules, and calls back the various hooks that are
implemented in modules.


> I assume you didn't like my "grab the keystorePass attribute if it's
> there, prompt if it's not idea"?

It should work ok, but it requires changes to the Http listener
interceptor, and I think it would be better to just use the normal setter.


Costin