tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Customizing SSL in HttpClient
Date Tue, 11 Jun 2013 14:31:17 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Anil,

On 6/11/13 1:53 AM, Anil Goyal -X (anigoyal - Aricent Technologies at
Cisco) wrote:
> 
> 
> -----Original Message----- From: Christopher Schultz
> [mailto:chris@christopherschultz.net] Sent: Monday, June 10, 2013
> 7:51 PM To: Tomcat Users List Subject: Re: Customizing SSL in
> HttpClient
> 
> Anil,
> 
> On 6/10/13 8:42 AM, Anil Goyal -X (anigoyal - Aricent Technologies
> at Cisco) wrote:
>> I am trying to create a http client and send a request to certain
>> port of a server using below code:
> 
>> HttpClient client = new HttpClient(); 
>> client.getHostConfiguration().setHost(address, portNumber,
>> protocol);
> 
>> Here portNumber that I am setting is 8444(https port of tomcat)
> 
>> When I execute client.executemethod() and at the server side when
>> I tried to retrieve request.getRequestURL(), I am getting the url
>> with port 443 not 8444 which I set in client. Even
>> request.getServerPort is giving 443 not 8444.
> 
> Is there any kind of port-forwarding or anything else going on?
> 
>> The things are working fine for 8081(http port of tomcat) i..e 
>> HttpClient client = new HttpClient(); 
>> client.getHostConfiguration().setHost(address, portNumber,
>> protocol);
> 
>> Here portNumber that I am setting is 8081(https port of tomcat)
> 
>> When I execute client.executemethod() and at the server side when
>> I tried to retrieve request.getRequestURL(), I am getting the url
>> with port 8081 which I set in client. Even request.getServerPort
>> is giving 8081.
> 
> Can you show us a bit more of the code? It's not clear from you
> client code that the port number is set correctly, and you only
> mentioned the server. Can you give us some of that, too? Also, what
> do your <Connector> elements look like in server.xml?
> 
> -chris
> 
> ---------------------------------------------------------------------
>
> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> Please consider the code flow as below:
> 
> HttpClient client = new HttpClient(); portNumber = secure ?
> LocalNetworkConstants.DEFAULT_HTTPS_PORT :
> LocalNetworkConstants.DEFAULT_HTTP_PORT; // DEFAULT_HTTPS_PORT=8444
> and DEFAULT_HTTP_PORT=8081 define in  LocalNetworkConstants.java 
> LOG.debug("the value of https port
> is"+String.valueOf(portNumber)); if (secure) { Protocol protocol =
> new Protocol(LocalNetworkConstants.URISCHEME_HTTPS, new
> ExtendedProtocolSocketFactory(address,
> locationData.isAcceptSelfSignedCertificates(),
> locationData.isAcceptCertificateErrors()) , portNumber); 
> client.getHostConfiguration().setHost(address, portNumber,
> protocol); LOG.debug("setting the host for
> https"+String.valueOf(portNumber)); } else { 
> client.getHostConfiguration().setHost(address, portNumber); 
> LOG.debug("setting the host for http"+String.valueOf(portNumber)); 
> }
> 
> 
> GetMethod method = new
> GetMethod(LocalNetworkConstants.INFO_FEEDER_PATH); int returnCode =
> client.executeMethod(method);
> 
> This is the code at the client side.
> 
> At the server side,
> 
> I have 8444 and 8081 port defined in server.xml
> 
> <Connector URIEncoding="UTF-8" acceptCount="100"
> connectionTimeout="20000" disableUploadTimeout="true"
> enableLookups="false" maxHttpHeaderSize="8193" maxSpareThreads="25"
> maxThreads="25" minSpareThreads="10" port="8081"
> protocol="HTTP/1.1" redirectPort="8444" server=" "/> <Connector
> SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" ciphers=" "
> clientAuth="false" disableUploadTimeout="true"
> enableLookups="false" keystoreFile="" keystorePass=""
> keystoreType="" maxHttpHeaderSize="8192" maxSpareThreads="25"
> maxThreads="25" minSpareThreads="10" port="8444"
> protocol="HTTP/1.1" scheme="https" secure="true" server=" "
> sslProtocol="TLS"/>
> 
> Also I have these two ports entry in iptables.

Which two ports? What have you done with them in iptables?

> Now in the tomcat redirection valve, I have below code written
> 
> int port = request.getServerPort(); StringBuffer url =
> request.getRequestURL();

What is the "Tomcat redirection valve"?

> So now the problem are is, when from client I disable ssl and send 
> the request at port 8081 then in tomcat valve, port -8081 and url 
> also contains port 8081.
> 
> But when from client , I enable ssl and send the request at port 
> 8444, then here in valve the request.getServerPort returns 443 and
> even in url also port is 443.

If the URL contains port 443, then your client connection is not
actually contacting port 8444. Can you confirm with a packet-sniffer
or something else that you are connecting to 8444 and not 443?

It's possible that there is a bug in HttpClient that makes it connect
to whatever port you requested (8444) but then also sends
"hostname:443" as the "Host" header. If that happens, Tomcat will use
that ":443" as the return value for getServerPort (note that this is
specified in the Servlet Javadocs).

If you want the real port Tomcat answered on, use
HttpServletRequest.getLocalPort.

> So I am not able to understand why the https port is converting
> into 443 from 8444 while http port 8081 is working fine.
> 
> Even in tomcat access valve, the request is coming at port 8444 as
> shown below [11/Jun/2013:11:16:58 +0530] 10.93.230.203
> 10.93.230.203 admin - 8444 GET /feeder/info HTTP/1.1 500 2581 123
> 
> For http port also the request is coming at port 8081 of tomcat 
> [11/Jun/2013:11:18:29 +0530] 10.93.230.203 10.93.230.203 admin -
> 8081 GET /feeder/info HTTP/1.1 200 4377 286
> 
> But I am totally confused why request.getServerPort is giving 443
> for https ???

This must be coming from the "Host" header. Are you generating your
own "Host" header, or is HttpClient doing it for you?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJRtzS1AAoJEBzwKT+lPKRYhrwP/3dFPVLm99UK3lMx7n+gGUIt
FX43GMXvqceNB1MUgewz8w0rE+5GDbVA0LAcGIXWCBH3KcZcrJ0shLYNmM+vQ6Rm
C1RyjGOqC7WO4prYcqliT3hXATow8/j+XRlywL9yzxKV66ZHcY9+fQzJTK5OD+FF
67qsdTQ/iU75DJ1f/nnZPP4I9N0QugXHbgvjwlU7qwhYZitIlj1zArT7rYDXbHHf
ffMQOerEgLMtN/o8LiV/bZQcvUywdRDHaMlQjWbJhZXZOQZM1oe12pAmI/psLmYx
oY3nS7855q/vT0p/IcqeZFFKAUKHPuDXYl9a16gp05cYBxGhmGk+M8AuYHg/mobP
7rerzLseMM79kYuJUFAi8M4km0Vx4V5dKAXzrQQBrmTAKohfoYaHZuOwWp5XcHav
h3DnrnzqhUcWgGhPOm2pJ2gECIJ2oGiOsgoKtfa5KOHDr2UtbpggEwExhLYe+AeW
G+YycLukAgMrGjFkRoGWH0vkbAs/TAgPU5+gvAguATRbbzRsXcvRamTN3/oM65iB
BG3X+UY8tuLKIU07prZMn5jT/XFVjjCboOfQcGG+PJHfIxKG6mBEetImA+6KzT1K
gm7YTQ+1y9gcOk9z/smS34nDLD3HyAQdzfZrK5ozR7z2Ou9/qckqYfmkscwpAsj8
T/Smccr+Lh+hWltSO9x7
=XB0n
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message