tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Bremford" <mi...@paperx.com>
Subject RE: RE: SSL help need urgently.
Date Tue, 17 Oct 2000 11:08:35 GMT
Hi Simon - here's the process which we're using, which definately works with
3.2 and should with 3.1 as well.

1. Browser connects to Apache via SSL.

2. Apache decrypts and checks the request. If you've mapped the request to
Tomcat, it forwards it on via mod_jserv or mod_jk. If not, it loads the
requested file itself, encrypts and sends it back.

3a.If you mapped it to tomcat using the Ajpv12 protocol (mod_jserv?
definately. mod_jk? possibly), Tomcat has no idea if the request was made
via HTTP or HTTPS (i.e. isSecure and getScheme will always return false and
HTTP. As a workaround you can check if it was on port 443)

3b. If you used mod_jk and the Ajpv13 protocol, Tomcat knows if the request
was secure or not, and handles redirections and the like correctly.

4. Either way, tomcat runs the servlet or JSP and sends the result back to
apache

5. Apaache reads the result from tomcat, encrypts it and sends it back to
the user.

Hope that helps. I would have drawn pictures, but ASCII art is not up to the
task.


Cheers... Mike

PS. 3.2 final should be out soon, so you could always stall your employers
for a few days....

> -----Original Message-----
> From: Simon Lam [mailto:simonlam@dhc.com.cn]
> Sent: 17 October 2000 00:00
> To: tomcat-user@jakarta.apache.org
> Subject: Re: RE: SSL help need urgently.
>
>
> Dear Stubenrauch,Andreas,
>
> 	Thanks.
> 	I use Apache as http server and Tomcat as servlets/JSP
> container. Almost all my webpages are generated by
> servlets/JSP. So under this kind of condition, which one will
> handle my SSL request? Apache or Tomcat?
>
> At 2000-10-17 9:52:00 you wrote:
> >Yes you can, but it depends on what you want to do with SSL.
> If it is just
> >for securing the transmission you can take Apache+mod_ssl as
> front door and
> >mount tomcat (with mod_jk) behind it. If need to access the
> SSL-headers
> >(client-authentification, SSL-Session etc.) or even just
> want to know if its
> >SSL talking to your web-app you will need Tomcat 3.2
> >
> >Regards,
> >Andreas
> >
> >> -----Original Message-----
> >> From: Simon Lam [mailto:simonlam@dhc.com.cn]
> >> Sent: Tuesday, October 17, 2000 2:00 AM
> >> To: Tomcat User
> >> Subject: SSL help need urgently.
> >> Importance: High
> >>
> >>
> >> Hi,
> >> 	It seems that Tomcat 3.2 can support SSL. But our
> >> client requires us to use only release builds. So Tomcat 3.1
> >> is the choice currently. I wonder if Tomcat 3.1 can support
> >> SSL. Besides, Apache also supports SSL. Can I use Apache's
> >> SSL support instead of Tomcat's?
> >> 	Thanks in advance.
> >>
> >>
> >> Regards,                 Z
> >> Simon Lam               Z
> >>                        z
> >>                       z
> >>                  |||
> >>                m(_ _)m
> >> ----------------------------------------
> >> Simon Lam(Lin Yang) ICQ:33310990
> >> Email: simonlam@engineer.com
> >>        simonlam@sjtu.edu
> >>  ___ _                  _
> >> / __(_)_ __  ___ _ _   | |   __ _ _ __
> >> \__ \ | '  \/ _ \ ' \  | |__/ _` | '  \
> >> |___/_|_|_|_\___/_||_| |____\__,_|_|_|_|
> >> ----------------------------------------
> >>
>
>
> Regards,                 Z
> Simon Lam               Z
>                        z
>                       z
>                  |||
>                m(_ _)m
> ----------------------------------------
> Simon Lam(Lin Yang) ICQ:33310990
> Email: simonlam@engineer.com
>        simonlam@sjtu.edu
>  ___ _                  _
> / __(_)_ __  ___ _ _   | |   __ _ _ __
> \__ \ | '  \/ _ \ ' \  | |__/ _` | '  \
> |___/_|_|_|_\___/_||_| |____\__,_|_|_|_|
> ----------------------------------------
>
>


Mime
View raw message