tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fha...@apache.org
Subject svn commit: r465303 - in /tomcat/tc6.0.x/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ webapps/docs/ webapps/docs/config/
Date Wed, 18 Oct 2006 17:10:46 GMT
Author: fhanik
Date: Wed Oct 18 10:10:44 2006
New Revision: 465303

URL: http://svn.apache.org/viewvc?view=rev&rev=465303
Log:
Implemented SSLEngine attribute on the Java HTTP connectors.
This allows one to specify secure=true and scheme=https to prevent tomcat from redirecting

when using a SSL accelerator in front of tomcat

Modified:
    tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
    tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java
    tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java
    tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
    tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml
    tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml

Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java?view=diff&rev=465303&r1=465302&r2=465303
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java Wed Oct 18
10:10:44 2006
@@ -103,7 +103,7 @@
         response.setOutputBuffer(outputBuffer);
         request.setResponse(response);
 
-        ssl = endpoint.getSecure();
+        ssl = "on".equalsIgnoreCase(endpoint.getSSLEngine());
 
         initializeFilters();
 

Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java?view=diff&rev=465303&r1=465302&r2=465303
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java Wed Oct 18 10:10:44
2006
@@ -516,6 +516,8 @@
 
     public String getKeystoreFile() { return ep.getKeystoreFile();}
     public void setKeystoreFile(String s ) { ep.setKeystoreFile(s);}
+    public void setKeystore(String s) { setKeystoreFile(s);}
+    public String getKeystore(){ return getKeystoreFile();}
     
     public String getAlgorithm() { return ep.getAlgorithm();}
     public void setAlgorithm(String s ) { ep.setAlgorithm(s);}
@@ -534,6 +536,10 @@
     
     public String getCiphers() { return ep.getCiphers();}
     public void setCiphers(String s) { ep.setCiphers(s);}
+    
+    public String getSSLEngine() { return ep.getSSLEngine(); }
+    public void setSSLEngine(String SSLEngine) { ep.setSSLEngine(SSLEngine); }
+    
     
 
     // --------------------  Connection handler --------------------

Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java?view=diff&rev=465303&r1=465302&r2=465303
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java Wed Oct 18 10:10:44
2006
@@ -146,7 +146,7 @@
 
         // Verify the validity of the configured socket factory
         try {
-            if (secure) {
+            if ("on".equalsIgnoreCase(getSSLEngine())) {
                 sslImplementation =
                     SSLImplementation.getInstance(sslImplementationName);
                 socketFactory = sslImplementation.getServerSocketFactory();
@@ -251,7 +251,10 @@
     protected boolean secure;
     public boolean getSecure() { return secure; }
     public void setSecure(boolean b) { secure = b; }
-    
+
+    protected String SSLEngine = "off";
+    public String getSSLEngine() { return SSLEngine;}
+    public void setSSLEngine(String SSLEngine) {this.SSLEngine = SSLEngine;}    
     
     /**
      * Name of the socket factory.

Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?view=diff&rev=465303&r1=465302&r2=465303
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java Wed Oct 18 10:10:44
2006
@@ -350,8 +350,10 @@
     // --------------------  SSL related properties --------------------
     protected String keystoreFile = System.getProperty("user.home")+"/.keystore";
     public String getKeystoreFile() { return keystoreFile;}
-    public void setKeystoreFile(String s ) { this.keystoreFile = s;}
-
+    public void setKeystoreFile(String s ) { this.keystoreFile = s; }
+    public void setKeystore(String s ) { setKeystoreFile(s);}
+    public String getKeystore() { return getKeystoreFile();}
+    
     protected String algorithm = "SunX509";
     public String getAlgorithm() { return algorithm;}
     public void setAlgorithm(String s ) { this.algorithm = s;}
@@ -396,6 +398,13 @@
         }
     }
     
+    /**
+     * SSL engine.
+     */
+    protected String SSLEngine = "off";
+    public String getSSLEngine() { return SSLEngine;}
+    public void setSSLEngine(String SSLEngine) {this.SSLEngine = SSLEngine;}
+
     protected boolean secure = false;
     public boolean getSecure() { return secure;}
     public void setSecure(boolean b) { secure = b;}
@@ -500,7 +509,7 @@
         }
 
         // Initialize SSL if needed
-        if (secure) {
+        if ("on".equalsIgnoreCase(getSSLEngine())) {
             // Initialize SSL
             char[] passphrase = getKeystorePass().toCharArray();
 

Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml?view=diff&rev=465303&r1=465302&r2=465303
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml Wed Oct 18 10:10:44 2006
@@ -148,19 +148,35 @@
       number specified here.</p>
     </attribute>
 
+    <attribute name="SSLEngine" required="false">
+      <p>
+      Use this attribute to enable SSL traffic on a connector.
+      To turn on SSL handshake/encryption/decryption on a connector
+      set this value to <code>on</code>.
+      The default value is <code>off</code>.
+      When turning this value <code>on</code> you will want to set the 
+      <code>scheme</code> and the <code>secure</code> attributes
as well
+      to pass the correct <code>request.getScheme()</code> and 
+      <code>request.isSecure()</code> values to the servlets
+      See <a href="#SSL Support">SSL Support</a> for more information.
+      </p>
+    </attribute>
+
     <attribute name="scheme" required="false">
       <p>Set this attribute to the name of the protocol you wish to have
       returned by calls to <code>request.getScheme()</code>.  For
       example, you would set this attribute to "<code>https</code>"
       for an SSL Connector.  The default value is "<code>http</code>".
-      See <a href="#SSL Support">SSL Support</a> for more information.</p>
+      </p>
     </attribute>
 
     <attribute name="secure" required="false">
       <p>Set this attribute to <code>true</code> if you wish to have
       calls to <code>request.isSecure()</code> to return <code>true</code>
-      for requests received by this Connector (you would want this on an
-      SSL Connector).  The default value is <code>false</code>.</p>
+      for requests received by this Connector. You would want this on an
+      SSL Connector or a non SSL connector that is receiving data from a 
+      SSL accelerator, like a crypto card, a SSL appliance or even a webserver.
+      The default value is <code>false</code>.</p>
     </attribute>
 
     <attribute name="URIEncoding" required="false">

Modified: tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml?view=diff&rev=465303&r1=465302&r2=465303
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml Wed Oct 18 10:10:44 2006
@@ -17,8 +17,9 @@
 
 <section name="Quick Start">
 
-   <p><b>IMPORTANT NOTE: This Howto refers to usage of JSSE. When using APR,
Tomcat will
-   use OpenSSL, which uses a different configuration.</b></p>
+   <p><b>IMPORTANT NOTE: This Howto refers to usage of JSSE, that comes included
with
+    jdk 1.5 and higher. When using APR, Tomcat will
+    use OpenSSL, which uses a different configuration.</b></p>
 
     <blockquote><em>
     <p>The description below uses the variable name $CATALINA_HOME
@@ -33,11 +34,6 @@
 <p>To install and configure SSL support on Tomcat 6, you need to follow
 these simple steps.  For more information, read the rest of this HOW-TO.</p>
 <ol>
-<li>If you are running a 1.3 JVM, download JSSE 1.0.3 (or later) from
-   <a href="http://java.sun.com/products/jsse/">http://java.sun.com/products/jsse/</a>
-   and either make it an <em>installed extension</em> on the system, or else
-   set an environment variable <code>JSSE_HOME</code> that points at the
-   directory into which you installed JSSE.  </li><br/><br/>
 <li>Create a certificate keystore by executing the following command:
 <p>Windows:</p>
 <source>
@@ -177,30 +173,6 @@
 
 <section name="Configuration">
 
-<subsection name="Download and Install JSSE (if needed)">
-<p>Note that JSSE is bundled with Sun's JDK 1.4 and later, so if you're using
-JDK 1.4 and later, you can skip this step.</p>
-
-
-<p>Download the <em>Java Secure Socket Extensions</em> (JSSE) package,
-version 1.0.3 or later, from
-<a href="http://java.sun.com/products/jsse/">http://java.sun.com/products/jsse/</a>.
-If you built Tomcat from source, you have probably already downloaded this
-package.</p>
-
-<p>After expanding the package, there are two ways to make it available to
-Tomcat (choose one or the other):</p>
-<ul>
-<li>Make JSSE an <em>installed extension</em> by copying all three JAR
files
-    (<code>jcert.jar</code>, <code>jnet.jar</code>, and <code>jsse.jar</code>)
-    into your <code>$JAVA_HOME/jre/lib/ext</code> directory.</li>
-<li>Create a new environment variable <code>JSSE_HOME</code> that contains
-    the absolute path to the directory into which you unpacked the
-    JSSE binary distribution.</li>
-</ul>
-
-</subsection>
-
 <subsection name="Prepare the Certificate Keystore">
 
 <p>Tomcat currently operates only on <code>JKS</code> or <code>PKCS12</code>
@@ -297,9 +269,11 @@
 &lt;-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --&gt;
 &lt;!--
 &lt;Connector 
-           port="8443" minProcessors="5" maxProcessors="75"
-           enableLookups="true" disableUploadTimeout="true"
-           acceptCount="100" debug="0" scheme="https" secure="true";
+           port="8443" minSpareThreads="5" maxSpareThreads="75"
+           enableLookups="true" disableUploadTimeout="true" 
+           acceptCount="100"  maxThreads="200"
+           scheme="https" secure="true" SSLEngine="on"
+           keystoreFile="${user.home}/.keystore" keystorePass="changeit"
            clientAuth="false" sslProtocol="TLS"/&gt;
 --&gt;
 </source>
@@ -344,6 +318,18 @@
         to request a client Certificate, but not fail if one isn't presented.
     </td>
   </tr>
+  <tr><td><code>SSLEngine</code></td>
+    <td>
+      Use this attribute to enable SSL traffic on a connector.
+      To turn on SSL handshake/encryption/decryption on a connector
+      set this value to <code>on</code>.
+      The default value is <code>off</code>.
+      When turning this value <code>on</code> you will want to set the 
+      <code>scheme</code> and the <code>secure</code> attributes
as well
+      to pass the correct <code>request.getScheme()</code> and 
+      <code>request.isSecure()</code> values to the servlets
+    </td>
+  </tr>  
   <tr>
     <td><code>keystoreFile</code></td>
     <td>Add this attribute if the keystore file you created is not in



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message