You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2020/04/03 16:48:53 UTC
[tomcat] branch master updated: Remove useAprConnector flag and
auto switch to APR connector
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new ede5a2f Remove useAprConnector flag and auto switch to APR connector
ede5a2f is described below
commit ede5a2fbe93b1e802cfefba9ff552e1a7fa33bd1
Author: remm <re...@apache.org>
AuthorDate: Fri Apr 3 18:48:27 2020 +0200
Remove useAprConnector flag and auto switch to APR connector
As a first step towards possibly removing the APR connector, simplify
Connector by dropping auto use of the APR connector. The default is now
always the NIO connector. Using the APR connector is still possible by
using the full protocol name (as documented).
Auto use of OpenSSL for TLS support if the AprLifecycleListener is
available and the Tomcat native library is available is not changed.
Rephrase some strings (IMO no big need to change the existing
translations).
---
java/org/apache/catalina/connector/Connector.java | 25 ++++------------------
.../apache/catalina/core/AprLifecycleListener.java | 15 -------------
.../apache/catalina/core/LocalStrings.properties | 15 ++++++-------
webapps/docs/apr.xml | 16 ++++++++------
webapps/docs/changelog.xml | 9 ++++++++
webapps/docs/config/ajp.xml | 10 ++-------
webapps/docs/config/http.xml | 19 +++++-----------
webapps/docs/config/listeners.xml | 8 -------
8 files changed, 36 insertions(+), 81 deletions(-)
diff --git a/java/org/apache/catalina/connector/Connector.java b/java/org/apache/catalina/connector/Connector.java
index c1b1f5f..20118f7 100644
--- a/java/org/apache/catalina/connector/Connector.java
+++ b/java/org/apache/catalina/connector/Connector.java
@@ -73,21 +73,10 @@ public class Connector extends LifecycleMBeanBase {
public Connector(String protocol) {
- boolean aprConnector = AprLifecycleListener.isAprAvailable() &&
- AprLifecycleListener.getUseAprConnector();
-
if ("HTTP/1.1".equals(protocol) || protocol == null) {
- if (aprConnector) {
- protocolHandlerClassName = "org.apache.coyote.http11.Http11AprProtocol";
- } else {
- protocolHandlerClassName = "org.apache.coyote.http11.Http11NioProtocol";
- }
+ protocolHandlerClassName = "org.apache.coyote.http11.Http11NioProtocol";
} else if ("AJP/1.3".equals(protocol)) {
- if (aprConnector) {
- protocolHandlerClassName = "org.apache.coyote.ajp.AjpAprProtocol";
- } else {
- protocolHandlerClassName = "org.apache.coyote.ajp.AjpNioProtocol";
- }
+ protocolHandlerClassName = "org.apache.coyote.ajp.AjpNioProtocol";
} else {
protocolHandlerClassName = protocol;
}
@@ -661,15 +650,9 @@ public class Connector extends LifecycleMBeanBase {
* @return the Coyote protocol handler in use.
*/
public String getProtocol() {
- if (("org.apache.coyote.http11.Http11NioProtocol".equals(getProtocolHandlerClassName()) &&
- (!AprLifecycleListener.isAprAvailable() || !AprLifecycleListener.getUseAprConnector())) ||
- "org.apache.coyote.http11.Http11AprProtocol".equals(getProtocolHandlerClassName()) &&
- AprLifecycleListener.getUseAprConnector()) {
+ if ("org.apache.coyote.http11.Http11NioProtocol".equals(getProtocolHandlerClassName())) {
return "HTTP/1.1";
- } else if (("org.apache.coyote.ajp.AjpNioProtocol".equals(getProtocolHandlerClassName()) &&
- (!AprLifecycleListener.isAprAvailable() || !AprLifecycleListener.getUseAprConnector())) ||
- "org.apache.coyote.ajp.AjpAprProtocol".equals(getProtocolHandlerClassName()) &&
- AprLifecycleListener.getUseAprConnector()) {
+ } else if ("org.apache.coyote.ajp.AjpNioProtocol".equals(getProtocolHandlerClassName())) {
return "AJP/1.3";
}
return getProtocolHandlerClassName();
diff --git a/java/org/apache/catalina/core/AprLifecycleListener.java b/java/org/apache/catalina/core/AprLifecycleListener.java
index 0bde68c..8e1d85c 100644
--- a/java/org/apache/catalina/core/AprLifecycleListener.java
+++ b/java/org/apache/catalina/core/AprLifecycleListener.java
@@ -78,7 +78,6 @@ public class AprLifecycleListener
protected static boolean sslInitialized = false;
protected static boolean aprInitialized = false;
protected static boolean aprAvailable = false;
- protected static boolean useAprConnector = false;
protected static boolean useOpenSSL = true;
protected static boolean fipsModeActive = false;
@@ -254,10 +253,6 @@ public class AprLifecycleListener
Boolean.valueOf(Library.APR_HAS_SO_ACCEPTFILTER),
Boolean.valueOf(Library.APR_HAS_RANDOM)));
- initInfoLogMessages.add(sm.getString("aprListener.config",
- Boolean.valueOf(useAprConnector),
- Boolean.valueOf(useOpenSSL)));
-
aprAvailable = true;
}
@@ -401,16 +396,6 @@ public class AprLifecycleListener
return fipsModeActive;
}
- public void setUseAprConnector(boolean useAprConnector) {
- if (useAprConnector != AprLifecycleListener.useAprConnector) {
- AprLifecycleListener.useAprConnector = useAprConnector;
- }
- }
-
- public static boolean getUseAprConnector() {
- return useAprConnector;
- }
-
public void setUseOpenSSL(boolean useOpenSSL) {
if (useOpenSSL != AprLifecycleListener.useOpenSSL) {
AprLifecycleListener.useOpenSSL = useOpenSSL;
diff --git a/java/org/apache/catalina/core/LocalStrings.properties b/java/org/apache/catalina/core/LocalStrings.properties
index fda5ec3..dd9ec70 100644
--- a/java/org/apache/catalina/core/LocalStrings.properties
+++ b/java/org/apache/catalina/core/LocalStrings.properties
@@ -68,11 +68,10 @@ applicationServletRegistration.setServletSecurity.ise=Security constraints can''
applicationSessionCookieConfig.ise=Property [{0}] cannot be added to SessionCookieConfig for context [{1}] as the context has been initialised
-aprListener.aprDestroy=Failed shutdown of APR based Apache Tomcat Native library
-aprListener.aprInit=The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: [{0}]
-aprListener.aprInitDebug=The APR based Apache Tomcat Native library could not be found using names [{0}] on the java.library.path [{1}]. The errors reported were [{2}]
-aprListener.aprInitError=The APR based Apache Tomcat Native library failed to load. The error reported was [{0}]
-aprListener.config=APR/OpenSSL configuration: useAprConnector [{0}], useOpenSSL [{1}]
+aprListener.aprDestroy=Failed shutdown of the Apache Tomcat Native library
+aprListener.aprInit=The Apache Tomcat Native library which allows using OpenSSL was not found on the java.library.path: [{0}]
+aprListener.aprInitDebug=The Apache Tomcat Native library could not be found using names [{0}] on the java.library.path [{1}]. The errors reported were [{2}]
+aprListener.aprInitError=The Apache Tomcat Native library failed to load. The error reported was [{0}]
aprListener.currentFIPSMode=Current FIPS mode: [{0}]
aprListener.enterAlreadyInFIPSMode=AprLifecycleListener is configured to force entering FIPS mode, but library is already in FIPS mode [{0}]
aprListener.flags=APR capabilities: IPv6 [{0}], sendfile [{1}], accept filters [{2}], random [{3}].
@@ -83,9 +82,9 @@ aprListener.initializingFIPS=Initializing FIPS mode...
aprListener.requireNotInFIPSMode=AprLifecycleListener is configured to require the library to already be in FIPS mode, but it was not in FIPS mode
aprListener.skipFIPSInitialization=Already in FIPS mode; skipping FIPS initialization.
aprListener.sslInit=Failed to initialize the SSLEngine.
-aprListener.tcnInvalid=An incompatible version [{0}] of the APR based Apache Tomcat Native library is installed, while Tomcat requires version [{1}]
-aprListener.tcnValid=Loaded APR based Apache Tomcat Native library [{0}] using APR version [{1}].
-aprListener.tcnVersion=An older version [{0}] of the APR based Apache Tomcat Native library is installed, while Tomcat recommends a minimum version of [{1}]
+aprListener.tcnInvalid=An incompatible version [{0}] of the Apache Tomcat Native library is installed, while Tomcat requires version [{1}]
+aprListener.tcnValid=Loaded Apache Tomcat Native library [{0}] using APR version [{1}].
+aprListener.tcnVersion=An older version [{0}] of the Apache Tomcat Native library is installed, while Tomcat recommends a minimum version of [{1}]
aprListener.tooLateForFIPSMode=Cannot setFIPSMode: SSL has already been initialized
aprListener.tooLateForSSLEngine=Cannot setSSLEngine: SSL has already been initialized
aprListener.tooLateForSSLRandomSeed=Cannot setSSLRandomSeed: SSL has already been initialized
diff --git a/webapps/docs/apr.xml b/webapps/docs/apr.xml
index 1b4254b..b176402 100644
--- a/webapps/docs/apr.xml
+++ b/webapps/docs/apr.xml
@@ -146,13 +146,15 @@
documentation.</p>
<p>An example SSL Connector declaration is:</p>
- <source><![CDATA[<Connector port="443" maxHttpHeaderSize="8192"
- maxThreads="150"
- enableLookups="false" disableUploadTimeout="true"
- acceptCount="100" scheme="https" secure="true"
- SSLEnabled="true"
- SSLCertificateFile="${catalina.base}/conf/localhost.crt"
- SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" />]]></source>
+ <source><![CDATA[ <Connector port="443"
+ protocol="org.apache.coyote.http11.Http11AprProtocol"
+ SSLEnabled="true" scheme="https" secure="true"
+ socket.directBuffer="true" socket.directSslBuffer="true">
+ <SSLHostConfig protocols="TLSv1.3">
+ <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
+ type="RSA" />
+ </SSLHostConfig>
+ </Connector>]]></source>
</subsection>
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index ea9b3ab..dc8af5f 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -45,6 +45,15 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 10.0.0-M5 (markt)" rtext="in development">
+ <subsection name="Catalina">
+ <changelog>
+ <update>
+ Remove <code>useAprConnector</code> flag from
+ <code>AprLifecycleListener</code> so that the only way to use the APR
+ connectors is to set the full class name. (remm)
+ </update>
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 10.0.0-M4 (markt)" rtext="release in progress">
<subsection name="Catalina">
diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml
index 9f9d36c..579c9fa 100644
--- a/webapps/docs/config/ajp.xml
+++ b/webapps/docs/config/ajp.xml
@@ -193,14 +193,8 @@
an <a href="http.html">HTTP connector</a> rather than an AJP connector
will be configured.<br/>
The standard protocol value for an AJP connector is <code>AJP/1.3</code>
- which uses an auto-switching mechanism to select either a Java NIO based
- connector or an APR/native based connector. If the
- <code>PATH</code> (Windows) or <code>LD_LIBRARY_PATH</code> (on most unix
- systems) environment variables contain the Tomcat native library, the
- native/APR connector will be used. If the native library cannot be
- found, the Java NIO based connector will be used.<br/>
- To use an explicit protocol rather than rely on the auto-switching
- mechanism described above, the following values may be used:<br/>
+ which uses a Java NIO based connector.<br/>
+ To use an explicit protocol, the following values may be used:<br/>
<code>org.apache.coyote.ajp.AjpNioProtocol</code>
- non blocking Java NIO connector.<br/>
<code>org.apache.coyote.ajp.AjpNio2Protocol</code>
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 3d3c1df..2b25f26 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -205,18 +205,8 @@
<attribute name="protocol" required="false">
<p>Sets the protocol to handle incoming traffic. The default value is
- <code>HTTP/1.1</code> which uses an auto-switching mechanism to select
- either a Java NIO based connector or an APR/native based connector.
- If the <code>PATH</code> (Windows) or <code>LD_LIBRARY_PATH</code> (on
- most unix systems) environment variables contain the Tomcat native
- library, and the <code>AprLifecycleListener</code> that is used to
- initialize APR has its <code>useAprConnector</code> attribute set to
- <code>true</code>, the APR/native connector will be used. If the native library
- cannot be found or the attribute is not configured, the Java NIO based
- connector will be used. Note that the APR/native connector has different
- settings for HTTPS than the Java connectors.<br/>
- To use an explicit protocol rather than rely on the auto-switching
- mechanism described above, the following values may be used:<br/>
+ <code>HTTP/1.1</code> which uses a Java NIO based connector.<br/>
+ To use an explicit protocol, the following values may be used:<br/>
<code>org.apache.coyote.http11.Http11NioProtocol</code> -
non blocking Java NIO connector<br/>
<code>org.apache.coyote.http11.Http11Nio2Protocol</code> -
@@ -1528,8 +1518,9 @@
<subsection name="SSL Support - Connector - NIO and NIO2">
- <p>When APR/native is enabled, the connectors will default to using OpenSSL through JSSE,
- which may be more optimized than the JSSE Java implementation depending on the processor being used,
+ <p>When APR/native is enabled, the connectors will default to using
+ OpenSSL through JSSE, which may be more optimized than the JSSE Java
+ implementation depending on the processor being used,
and can be complemented with many commercial accelerator components.</p>
<p>The following NIO and NIO2 SSL configuration attributes are not specific to
diff --git a/webapps/docs/config/listeners.xml b/webapps/docs/config/listeners.xml
index 214b3ed..99af04e 100644
--- a/webapps/docs/config/listeners.xml
+++ b/webapps/docs/config/listeners.xml
@@ -126,14 +126,6 @@
<p>The default value is <code>off</code>.</p>
</attribute>
- <attribute name="useAprConnector" required="false">
- <p>This attribute controls the auto-selection of the connector
- implementation. When the <strong>protocol</strong> is specified as
- <code>HTTP/1.1</code> or <code>AJP/1.3</code> then if this attribute is
- <code>true</code> the APR/native connector will be used but if this
- attribute is false the NIO connector will be used.</p>
- </attribute>
-
<attribute name="useOpenSSL" required="false">
<p>This attribute controls the auto-selection of the OpenSSL JSSE
implementation. The default is <code>true</code> which will use OpenSSL
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org