tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anil Goyal -X (anigoyal - Aricent Technologies at Cisco)" <anigo...@cisco.com>
Subject RE: Customizing SSL in HttpClient
Date Tue, 11 Jun 2013 10:17:32 GMT
Hi,

Netstat -an | grep 443 gives below output

tcp        0      0 :::8443                     :::*                        LISTEN
tcp        0      0 :::443                      :::*                        LISTEN
unix  2      [ ]         DGRAM                    662443

-----Original Message-----
From: Martin Gainty [mailto:mgainty@hotmail.com] 
Sent: Tuesday, June 11, 2013 3:43 PM
To: Tomcat Users List
Subject: RE: Customizing SSL in HttpClient

Anil
 
if you want JSSE Handshaking to be enabled on server enable AprLifecycle Listener on server.xml
e.g.
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />

Any WebServer (including Tomcat) has no knowledge of external HTML Servers around it you should
use netstat
>netstat -ab | grep 443

Tell us what you see
Martin
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten
wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist
unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet
keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen
wir keine Haftung fuer den Inhalt uebernehmen.

Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire
prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe
quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information
seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les
email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune
responsabilité pour le contenu fourni.

 
> From: anigoyal@cisco.com
> To: users@tomcat.apache.org
> Subject: RE: Customizing SSL in HttpClient
> Date: Tue, 11 Jun 2013 06:29:05 +0000
> 
> 
> 
> -----Original Message-----
> From: Anil Goyal -X (anigoyal - Aricent Technologies at Cisco)
> Sent: Tuesday, June 11, 2013 11:23 AM
> To: Tomcat Users List
> Subject: RE: Customizing SSL in HttpClient
> 
> 
> 
> -----Original Message-----
> From: Christopher Schultz [mailto:chris@christopherschultz.net]
> Sent: Monday, June 10, 2013 7:51 PM
> To: Tomcat Users List
> Subject: Re: Customizing SSL in HttpClient
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Anil,
> 
> On 6/10/13 8:42 AM, Anil Goyal -X (anigoyal - Aricent Technologies at
> Cisco) wrote:
> > I am trying to create a http client and send a request to certain 
> > port of a server using below code:
> > 
> > HttpClient client = new HttpClient(); 
> > client.getHostConfiguration().setHost(address, portNumber, 
> > protocol);
> > 
> > Here portNumber that I am setting is 8444(https port of tomcat)
> > 
> > When I execute client.executemethod() and at the server side when I 
> > tried to retrieve request.getRequestURL(), I am getting the url with 
> > port 443 not 8444 which I set in client. Even request.getServerPort 
> > is giving 443 not 8444.
> 
> Is there any kind of port-forwarding or anything else going on?
> 
> > The things are working fine for 8081(http port of tomcat) i..e 
> > HttpClient client = new HttpClient(); 
> > client.getHostConfiguration().setHost(address, portNumber, 
> > protocol);
> > 
> > Here portNumber that I am setting is 8081(https port of tomcat)
> > 
> > When I execute client.executemethod() and at the server side when I 
> > tried to retrieve request.getRequestURL(), I am getting the url with 
> > port 8081 which I set in client. Even request.getServerPort is 
> > giving 8081.
> 
> Can you show us a bit more of the code? It's not clear from you client code that the
port number is set correctly, and you only mentioned the server. Can you give us some of that,
too? Also, what do your <Connector> elements look like in server.xml?
> 
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> 
> iQIcBAEBCAAGBQJRteC5AAoJEBzwKT+lPKRY8TUP/3QuIqKPxB5HjVaUywkPmIQt
> +LoZLdHhOLdrkwE2ojW1qk0YnX2wpgr6W3W6uBk5l5yrrdcHAFcOWcNIi9fjl8bo
> xW8uZi+vGkyv1Pdii5JJrfDjbxdtbsTpHBn7yoKMUzJ9V9xmHwqNsi89xi/mZLty
> hj6LNMvftgpQQdPmoPoLJr4ZfmQj2DAI+wX0u/fNgk8cf5wdHJZZu03COPIeRbam
> Gn+fOjfK0YL93ntmLP2PbGtlCprBaqPcZRh+AiKFhg4W7+qGVDXGa2SIvrcWbgdU
> qHRKxyJ+5j3o0Y74Q0wKRcSEUXbidEhDAtJCQgNOJJi+S4SYgl2OLOXhkxMABBkS
> xYIXsAPu4SoVcuiCpGvb2LhD5uqMOyH0NxCpv/TVFsEzOy2EZHLrts1DYNAyIo7M
> zqZv2efOTPwcaHRZxgzUB2s23uzs3aiXiKOzYHB7AALJnASCx4fNeOgZwMxdK6o0
> qs09m0EKL29QurG3iKXHCA0dOeZzxV4ZUduFZtR2eLIsayqoKpL6fh+asLZFW40y
> ZMOvPzlpXwdRX36IdzwTlwrvMOmynfgGfL/yAdCfqN0hlA0OVo7PYNryxSfZhX+2
> O1//zDFNSxs2BS9ErQkNyKP8xfVk76XbYUybsbNtivnxjv1a8N72h3qeuixA/ZUJ
> gJEvsTX0kD+rb8xYmIlJ
> =Qqhu
> -----END PGP SIGNATURE-----
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> Please consider the code flow as below:
> 
> HttpClient client = new HttpClient();
> portNumber = secure ? LocalNetworkConstants.DEFAULT_HTTPS_PORT : LocalNetworkConstants.DEFAULT_HTTP_PORT;
// DEFAULT_HTTPS_PORT=8444 and DEFAULT_HTTP_PORT=8081 define in  LocalNetworkConstants.java
 LOG.debug("the value of https port is"+String.valueOf(portNumber)); if (secure) {
>         Protocol protocol = new Protocol(LocalNetworkConstants.URISCHEME_HTTPS, new ExtendedProtocolSocketFactory(address,
locationData.isAcceptSelfSignedCertificates(), locationData.isAcceptCertificateErrors()) ,
portNumber);
>         client.getHostConfiguration().setHost(address, portNumber, protocol);
>          LOG.debug("setting the host for https"+String.valueOf(portNumber));
>     }
>     else {
>         client.getHostConfiguration().setHost(address, portNumber);
>         LOG.debug("setting the host for http"+String.valueOf(portNumber));
>     }
> 
> 
> GetMethod method = new 
> GetMethod(LocalNetworkConstants.INFO_FEEDER_PATH);
> int returnCode = client.executeMethod(method);
> 
> This is the code at the client side.
> 
> At the server side,
> 
> I have 8444 and 8081 port defined in server.xml
> 
> <Connector URIEncoding="UTF-8" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true"
enableLookups="false" maxHttpHeaderSize="8193" maxSpareThreads="25" maxThreads="25" minSpareThreads="10"
port="8081" protocol="HTTP/1.1" redirectPort="8444" server=" "/>
>     <Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" 
> ciphers=" " clientAuth="false" disableUploadTimeout="true" 
> enableLookups="false" keystoreFile="" keystorePass="" keystoreType="" 
> maxHttpHeaderSize="8192" maxSpareThreads="25" maxThreads="25" 
> minSpareThreads="10" port="8444" protocol="HTTP/1.1" scheme="https" 
> secure="true" server=" " sslProtocol="TLS"/>
> 
> Also I have these two ports entry in iptables.
> 
> Now in the tomcat redirection valve, I have below code written
> 
> int port = request.getServerPort();
> StringBuffer url = request.getRequestURL();
> 
> 
> So now the problem are is, when from client I disable ssl and send the request at port
8081 then in tomcat valve, port -8081 and url also contains port 8081.
> 
> But when from client , I enable ssl and send the request at port 8444, then here in valve
the request.getServerPort returns 443 and even in url also port is 443.
> 
> So I am not able to understand why the https port is converting into 443 from 8444 while
http port 8081 is working fine.
> 
> Even in tomcat access valve, the request is coming at port 8444 as 
> shown below
> [11/Jun/2013:11:16:58 +0530] 10.93.230.203 10.93.230.203 admin - 8444 
> GET /feeder/info HTTP/1.1 500 2581 123
> 
> For http port also the request is coming at port 8081 of tomcat
> [11/Jun/2013:11:18:29 +0530] 10.93.230.203 10.93.230.203 admin - 8081 
> GET /feeder/info HTTP/1.1 200 4377 286
> 
> But I am totally confused why request.getServerPort is giving 443 for https ???
> 
> Thanks
> Anil
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 
> When I replace request.getServerPort() with request.getLocalPort(), it is giving me the
port 8444.
> So things are working fine when I use request.getLocalPort().
> 
> So do you have any ideas why request.getServerPort is giving 443 and request.getLocalPort
is giving 8444 when I hit the url https://ip-address:8444/context to tomcat.
> And request.getServerPort() is giving 8081 and request.getLocalPort is also giving 8081
when in hit the url http://ip-address:8081/context to tomcat.??
> 
> Please suggest
> 
> Thanks
> Anil
> Т                                                                     
> ХF  V 7V'67& &R R   â W6W'2 V 7V'67& &T 
> F  6B 6 R  &pФf "FF F    6    G2 R   â W6W'2ֆV  
> F  6B 6 R  &pР
t  		 	   		  

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Mime
View raw message