tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: The Service Component
Date Fri, 07 Mar 2014 17:21:44 GMT
Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Leo,
> 
> On 3/7/14, 10:44 AM, Leo Donahue wrote:
>> Who uses more than one Service in their server.xml and why?  I get 
>> that you can have multiple Connectors if you have multiple Service 
>> components but why use multiple connectors?
> 
> You can already have multiple <Connector>s per <Service> but the
> difference is that all Connectors in Service can access all web
> applications in that Service.
> 
>> Are there any docs on the use cases for these features?
> 
> Let's say that you wanted to deploy a non-secure webapp (/open) and a
> secure webapp (/secure). And let's say that you were terribly paranoid
> about proper setup: you want to make sure that nobody can access your
> /secure webapp without going through HTTPS.
> 
> If you were to simply do this:
> 
> <Service>
>   <Connector port="80" /><!-- let's just be brief -->
>   <Connector port="443" />
>   <Host appBase="webapps" />
> </Service>
> 
> ... then anyone could access either web application via http:// and
> https://. (Of course, you'd set "CONFIDENTIAL" in your web.xml, but
> remember, we're being paranoid, here).
> 
> Instead, you can do this:
> 
> <Service>
>   <Connector port="80" /><!-- let's just be brief -->
>   <Host appBase="insecure-webapps" />
> </Service>
> <Service>
>   <Connector port="443" />
>   <Host appBase="secure-webapps" />
> </Service>
> 
> This way, anyone requesting http:///secure would get a 404.
> 
> I'm sure you could come up with a real-world use-case for the above,
> because it's obviously not a very good example I've laid out there.
> 
> Perhaps a better use-case might be something like a server connected
> to several VPNs where services need to be separated by port number for
> isolation. (I'm not sure why you'd isolate the port numbers in that
> case and not also isolate the JVMs, but it's just a thought).
> 

I would be almost ready to bet that nobody has ever tried 2 <Service>'s.
It almost sounds like 2 separate Tomcat instances, except that they share the same JVM and

the same TOMCAT_BASE, hence the same configuration files (of course), which makes it 
difficult to think of a real use case, as compared to 2 separate (JVM + Tomcat) instances

running off the same codebase.
My guess would be : when designing Tomcat, it came to pass that somewhere in the logic, 
Connector's and Engine were related things, but that there was no clear way to design it 
so that one would be a child of the other or vice-versa.  So they just created a Service 
on top of both, and made them siblings.
It may just be so as to make it easier to start the Engine, before starting the 
corresponding Connector's. Or to run them separately and asynchronously.

It is a good question though. I wonder why nobody ever asked on this list before (in my 
memory).

Also, (and also in my memory) I could swear that at some point, there was a document 
available on the Tomcat website, which gave some overview of the overall Tomcat design. 
But I can't seem to find that anymore.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message