tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From atul <techat...@yahoo.com>
Subject Re: 6.x feature wishlist
Date Wed, 08 Aug 2007 16:21:44 GMT
Bill,

Thanks for your response.

I think it was true for the older browsers but with most new versions it should be configurable.
I tried it with Mozilla Firefox 2.0 and it asks me everytime. The setting is under options
---> advanced tab --> Encryption ---> Certificates - When website requires certificate
: Ask me every time.

On the server side I simply used 

certs = (X509Certificate[])
    m_Request.getAttribute("javax.servlet.request.X509Certificate");
if ((certs == null) || (certs.length < 1))
    certs = (X509Certificate[])
        m_Request.getAttribute("org.apache.coyote.request.X509Certificate");


I am sure other browsers such as IE 6? 7 will have similar setting.

Please let me know if any further info is needed.

Thanks
A t u l


----- Original Message ----
From: Bill Barker <wbarker@wilshire.com>
To: dev@tomcat.apache.org
Sent: Tuesday, August 7, 2007 10:01:46 PM
Subject: Re: 6.x feature wishlist


For most browsers, this won't really work.  Most browsers treat CLIENT-CERT 
login the same way that they treat BASIC, so once they have authenticated, 
they won't ask the user again, and just re-send the same credentials.  It is 
easy enough to write a Valve to do this, but as I said, it won't work the 
way you want it to.  As such, I'd be against including it in Tomcat unless 
you can write such a Valve and show that it works.

"atul" <techatool@yahoo.com> wrote in message 
news:131760.31547.qm@web36807.mail.mud.yahoo.com...
I was wondering if a feature to achieve SSL "logout" would make it in here 
too !

SSL Logout :

Provide a way to session-tear-off/logout for an authenticated session using 
X509Certificate based client/mutual SSL. So that when the user tries to 
access a protected resource again without closing the browser (user agent), 
the server re-negotiates ssl and ask for client certificate.

I was not able to find this in any of Tomcat 4.x, 5.x Or 6.x.
This would be great feature and I know quiet a few people are looking for 
it.

Thanks
A t u l


----- Original Message ----
From: Filip Hanik - Dev Lists <devlists@hanik.com>
To: Tomcat Developers List <dev@tomcat.apache.org>
Sent: Monday, August 6, 2007 10:36:24 PM
Subject: 6.x feature wishlist


I wanted to start a wish list of what we can move forward with, here is
a short list of items that I had in mind as a starter

1. Session replication - stateless backup location
   Store the backup location of a session as part of the sessionId,
similar to the jvmRoute but opposite.
   This way, you can scale a cluster horizontally, since the location of
the backup node doesn't have to be known until you fail over.

2. Add a block/no-block parameter to InputFilter.doRead and
OutputFilter.doWrite
    InputFilter -> public int doRead(ByteChunk chunk, Request unused,
boolean block) throws IOException;
    OutputFilter -> public int doWrite(ByteChunk chunk, Response unused,
boolean block) throws IOException;
    Servlet 3.0 will most likely expose non blocking read/write through
the servlet API, this will get us there ahead of time
    Haven't thought of how we expose this API yet though, but more will
follow

3. Consolidate connector code
   Currently we have
Http11Processor/Http11NioProcessor/Http11AprProcessor doing almost the
same thing, there is much that
   can be consolidated to make the code more maintainable
   Essentially, you create a Endpoint base line interface.
   At the same time we could consolidate the Internal(In/Out)put buffers
as they are copies too.
   We have some fairly tuned endpoints now, it would also be nice to
make these protocol agnostic.

4. Startup -> server.xml warnings
   If one enters an invalid element or attribute that is simply ignored
today, at least output an info or warn message letting the
   admin know if its misconfiguration.

5. Finish bayeux -> I started this in sandbox, took me a while to
understand the protocol, and its not as cool as I thought it would be
   but I still feel its important for it to be part of Tomcat

6. Auto context logging
   Automatically create loggers for each context, so that one doesn't
have to specify one per context in logging.properties
   Of course, you can turn on/off the auto context logger through
logging.properties

7. File cache - use MappedByteBuffers for the file cache, that way the
send file operation can benefit even more
   when you have two direct buffers, and you also avoid reading the disk
each time for a file
   ideas on this came from Jeanfrancois Arcand.

(http://fisheye5.cenqua.com/browse/glassfish/appserv-http-engine/src/java/com/sun/enterprise/web/connector/grizzly/FileCache.java?r=1.21)

8. Add getName()/setName() to the WebappClassLoader, name of the web app
classloader will correspond to the one of the Context container
   Applications like Terracotta or AOP apps can much easier plug in and
be able to share data when they know what loader the class came from

9. Add the configuration option to start the connectors after all apps
are deployed
   If some applications are taking long to startup, load balancers are
already trying to send requests to the Tomcat instance, which is just
bound to a port, but not yet taking requests

10.Turn our embedded thread pools into Tomcat Executor thread pools,
same performance but pluggable. Instead of having them hidden in the end
point code

11.Timestamps & System.currentTimeMillis
   System.currentTimeMillis is invoked everywhere during the chain of
events for a HTTP requests, even though most dates only need precision
down to the second.
   I've received feedback that this could be improved by keeping a time
service, that updates a timestamp every second, and therefor reduces the
number of system calls
   I think we would need to prove the theory before committing to the
implementation, but that should be pretty easy

12.Comet sample webapp
   While most folks want to start with Comet, it is a strange question,
tons of users on the user list just are having a hard time getting kick
started

I was thinking we can keep this list on Wiki or in a text file in SVN,
http://wiki.apache.org/tomcat/6xFeatures


thoughts
Filip





---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


      ____________________________________________________________________________________
Fussy? Opinionated? Impossible to please? Perfect.  Join Yahoo!'s user panel 
and lay it on us. 
http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7




---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


       
____________________________________________________________________________________
Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase.
http://farechase.yahoo.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message