You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Christopher Cain <cc...@mhsoftware.com> on 2001/08/12 09:08:13 UTC
SSL Prompter not implementable
I've hit kind of a brick wall plugging my SSL prompter into both containers.
Interestingly enough, it's the same wall in both cases: I cannot get an event
that fires early enough in the process.
Under TC4, the Listener is not called until after connector initialization,
which calls the SSLSocketFactory initialization, which tries to access the
keystore. It therefore bombs before my class is even called.
Basically the same story in 3.3. The existing callback, addInterceptor(), is
called after initialization and will suffer the same problem. Even if I get a
new callback for before initialization, I will still have to modify the
connector itself in order to have it not step on my value.
At this point, we've definitely gone beyond the scope of a simple stopgap
module for SSL. I don't want to start making changes to the connectors
themselves just to suit SSL-prompting when a more comprehensive security
solution is already on the table.
So my question is, can we start hashing out my "LitterBox" proposal now? If I
can get a complete list of the external resource information that should be
covered by this module (Keystores, JDBC Realms, etc.), I'll take a look at each
mod and put together a detailed proposal on both the proposed solution as well
as the scope of the necessary changes to existing stuff.
I haven't had much luck getting feedback on my ideas lately. If I go to the
trouble to draft this all up and do it right, is anyone (especially any
committers) going to have anything to say, or should I just code it all myself
and then start submitting the code for comment?
- Christopher