tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mladen Turk <mt...@apache.org>
Subject Re: svn commit: r465303 - in /tomcat/tc6.0.x/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ webapps/docs/ webapps/docs/config/
Date Thu, 19 Oct 2006 06:54:32 GMT
Filip Hanik - Dev Lists wrote:
>>
>> Let's keep SSLEngine: it's explicit, and it works.
> not really, this wouldn't work
> <Connector port="8444" scheme="https" secure="true" 
> protocol="org.apache.coyote.http11.Http11AprProtocol" 
> SSLEngine="oneengine"/>
> <Connector port="8555" scheme="https" secure="true" 
> protocol="org.apache.coyote.http11.Http11AprProtocol" 
> SSLEngine="otherengine"/>
> 
> Fully valid configuration, and the docs don't mention that a uniqueness 
> have to be enforced, configuration should be as easy as possible,
> and I believe we have a spot here to make it easier, if it is a one per 
> server value, then lets put it where it would only be initialized once.
>

I do not understand what is the implication when someone sets:
1. scheme="https" secure="true"
2. scheme="https" secure="false"
3. scheme="http" secure="false"
4. scheme="http" secure="true"

IIUC you wish to make Connector thinking its ssl while in fact
the communication in not encrypted, correct?
According to the docs:
scheme="theScheme" -> request.getScheme()
secure="value" -> request.isSecure()

Are the cases [2] (https/false) and [4] (http/true) valid?

 From the servlet spec...
isSecure():
Returns a boolean indicating whether this request was made using a secure channel, such as
HTTPS.

So IMHO scheme="https" implicitly set the isSecure==true, or am I missing something?
I see no usage for having the ssl connection with scheme="https" and isSecure() returning
false.
If that is the case the secure="true|false" can be used to determine
if the transport is ssl or not, and fake the front end handled https/ssl connection.

Regards,
Mladen.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message