tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 17656] New: - scheme and secure Connector server.xml configuration attributes ignored by CoyoteConnector HTTP/1.1
Date Wed, 05 Mar 2003 06:27:56 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17656>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17656

scheme and secure Connector server.xml configuration attributes ignored by CoyoteConnector
HTTP/1.1

           Summary: scheme and secure Connector server.xml configuration
                    attributes ignored by CoyoteConnector HTTP/1.1
           Product: Tomcat 4
           Version: 4.1.18
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Critical
          Priority: Other
         Component: Connector:Coyote HTTP/1.1
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: rwatler@finali.com


Overview Description:

    Use of the common scheme and secure attributes in Connector server.xml
    configuration for CoyoteConnector HTTP/1.1 is ignored in the released
    4.1.18 build. This used to work as expected in 4.1.10, (see below).

    Our hosting architecture employs external SSL acceleration hardware in
    front of standalone Tomcat servers and needs to pass scheme and secure
    information to our webapps. To do this, we specify the following in
    the server.xml file:

    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
               port="8543" minProcessors="8" maxProcessors="128"
               enableLookups="false" acceptCount="64" debug="0"
               connectionTimeout="300000" scheme="https" secure="true"
               useURIValidationHack="false" disableUploadTimeout="true"/>

    The specification of "https" and "true" no longer is effective in
    setting the standard Servlet 2.3 ServletRequest.getScheme() and
    ServletRequest.isSecure() return values. Instead, "http" and false are
    always returned, respectively.

    Because the static Connector configuration information is no longer
    propagated to our web application servlets, our application fails to
    run properly.

Steps to Reproduce:

    1. configure Tomcat 4.1.18 to use standalone CoyoteConnector.
    2. specify Connector scheme attribute as something other than "http"
       and/or set secure attribute to "false".
    3. access the standard request getScheme() and/or isSecure() methods in
       a servlet registered to the Connector.

Actual Results:

    ServletRequest.getScheme() will return "http" and
    ServletRequest.isSecure() will return false when accessed from the
    servlet.

Expected Results:

    ServletRequest.getScheme() and ServletRequest.isSecure() should reflect
    what is specified in the Connector configuration.

Additional Information:

    It appears that this problem was introduced in 4.1.13 while making the
    following change to
    coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java and other
    files:

    -----------------------
    revision 1.10
    date: 2002/09/29 17:07:44;  author: nacho;  state: Exp;  lines: +9 -14
    Bug#12998 HTTPS gets changed to HTTP://servername:443
    Reported by marcus.kellermann at bentley.com

    The processor (HTTP11 or ajp13) should set the scheme and port prior
    to this point, in an ajp13 connection doesnt make sense to get the
    secure flag from the connector secure flag.
    -----------------------

    In prior versions of this file, settings for the request scheme was
    always copied from the Connector/CoyoteConnector configuration. With
    this change, the Processor is now responsible for setting the request
    information correctly. In our case, the Http11Processor cannot know
    about the external hardware and fails to upgrade the logical connection
    to https/secure.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message