You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Venkata Reddy P <Ve...@trianz.com> on 2016/05/13 16:55:49 UTC
tomcat6.0.43 ajp connector migration to tomcat8.0.33
Hi,
Can anyone please help me on this?
Existing implementation:-
In tomcat6.0.43 version, I have enabled the ssl on AJP connector by following the below steps
1) I did override the class "org.apache.jk.common.ChannelSocket" to "AjpSslChannelSocket extends ChannelSocket " to enable ssl on ajp port.
2) This overridden "AjpSslChannelSocket" class I have configured in server.xml file as below.
<Connector address="xx.xx.xx.xx"
class.channelSocket=" org.apache.jk.common. AjpSslChannelSocket "
enableLookups="false" maxThreads="150" port="8009"
protocol="AJP/1.3" tomcatAuthentication="false"/>
I believe, it is a AJP java connector(ChannelSocket) implementation which comes with tomcat6.0.43. am I correct?
what kind of ajp connector implementation on class “org.apache.jk.common.ChannelSocket” (APR,NIO,…)?
Migration to:-
Currently I have to do the same on tomcat8.0.33 version to replicate the above implemention to enable ssl on AJP port.
1) When I look at the tomcat8.0.33 source code, I don’t find any “org.apache.jk” package.
Did “org.apache.jk” replaced with any package?
2) It looks like the ajp connector attribute (class.channelSocket) also not available in tomcat8.0.33.
Do we have any similar attribute to configure customized connector implementation class?
3) Finally the class “ChannelSocket” is also missing in tomcat8.0.33.
What class has to be customized in tomcat8.0.33 to enable ssl on ajp port similar to above mentioned tomcat6.0.43 implementation?
Much appreciated, please advise me.
Thank
Venkata
Re: tomcat6.0.43 ajp connector migration to tomcat8.0.33
Posted by Mark Thomas <ma...@apache.org>.
On 16/05/2016 12:46, Venkata Reddy P wrote:
> Many Thanks Again. Can you point me the ajp documentation to understand different protocol(BIO, NIO,APR,..) implementations?
The AJP implementation is the same for all of them. All the individual
implementations do is plug in the appropriate Endpoint. You may want to
take a look at the various Endpoint implementations in
org.apache.tomcat.util.net
Mark
>
> -----Original Message-----
> From: Mark Thomas [mailto:markt@apache.org]
> Sent: Monday, May 16, 2016 5:13 PM
> To: Tomcat Users List
> Subject: Re: tomcat6.0.43 ajp connector migration to tomcat8.0.33
>
> On 16/05/2016 07:25, Venkata Reddy P wrote:
>> Hi,
>>
>>
>>
>> Many Thanks Mark. This is a more of POC release planned for jun-1st week, will give a try with the existing stable release and thanks for suggesting the 8.5.x.
>>
>>
>>
>> 1) As you said, I can see AjpProtocol class as the BIO connector. If I create a customized class SslEnabledBioAjpProtocol extends AjpProtocol, then is the below configuration correct?
>>
>> <Connector port="8009"
>> protocol="org.apache.coyote.ajp.SslEnabledBioAjpProtocol"
>> redirectPort="8443" />
>
> BIO support has been removed in 8.5.x. I suggest you base your implementation on the NIO connector.
>
> protocol is the correct attribute to use to configure it.
>
>
>> 2) In tomcat6, there http connector attribute to define the customized classname using attribute "sSLImplementation".
>>
>> <Connector SSLEnabled="true"
>>
>> sSLImplementation=" org.apache.tomcat.util.net.jsse.Tomcat6SSLImplementation"
>>
>> scheme="https" secure="true" />
>>
>> is it a still valid attribute in tomcat7.x/tomcat8.x?
>
> It still exists but you should not need to set it unless you are using some form of custom TLS implementation. Also, I suspect the API for such a class is version specific.
>
> Mark
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: tomcat6.0.43 ajp connector migration to tomcat8.0.33
Posted by Venkata Reddy P <Ve...@trianz.com>.
Many Thanks Again. Can you point me the ajp documentation to understand different protocol(BIO, NIO,APR,..) implementations?
-----Original Message-----
From: Mark Thomas [mailto:markt@apache.org]
Sent: Monday, May 16, 2016 5:13 PM
To: Tomcat Users List
Subject: Re: tomcat6.0.43 ajp connector migration to tomcat8.0.33
On 16/05/2016 07:25, Venkata Reddy P wrote:
> Hi,
>
>
>
> Many Thanks Mark. This is a more of POC release planned for jun-1st week, will give a try with the existing stable release and thanks for suggesting the 8.5.x.
>
>
>
> 1) As you said, I can see AjpProtocol class as the BIO connector. If I create a customized class SslEnabledBioAjpProtocol extends AjpProtocol, then is the below configuration correct?
>
> <Connector port="8009"
> protocol="org.apache.coyote.ajp.SslEnabledBioAjpProtocol"
> redirectPort="8443" />
BIO support has been removed in 8.5.x. I suggest you base your implementation on the NIO connector.
protocol is the correct attribute to use to configure it.
> 2) In tomcat6, there http connector attribute to define the customized classname using attribute "sSLImplementation".
>
> <Connector SSLEnabled="true"
>
> sSLImplementation=" org.apache.tomcat.util.net.jsse.Tomcat6SSLImplementation"
>
> scheme="https" secure="true" />
>
> is it a still valid attribute in tomcat7.x/tomcat8.x?
It still exists but you should not need to set it unless you are using some form of custom TLS implementation. Also, I suspect the API for such a class is version specific.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tomcat6.0.43 ajp connector migration to tomcat8.0.33
Posted by Mark Thomas <ma...@apache.org>.
On 16/05/2016 07:25, Venkata Reddy P wrote:
> Hi,
>
>
>
> Many Thanks Mark. This is a more of POC release planned for jun-1st week, will give a try with the existing stable release and thanks for suggesting the 8.5.x.
>
>
>
> 1) As you said, I can see AjpProtocol class as the BIO connector. If I create a customized class SslEnabledBioAjpProtocol extends AjpProtocol, then is the below configuration correct?
>
> <Connector port="8009" protocol="org.apache.coyote.ajp.SslEnabledBioAjpProtocol" redirectPort="8443" />
BIO support has been removed in 8.5.x. I suggest you base your
implementation on the NIO connector.
protocol is the correct attribute to use to configure it.
> 2) In tomcat6, there http connector attribute to define the customized classname using attribute "sSLImplementation".
>
> <Connector SSLEnabled="true"
>
> sSLImplementation=" org.apache.tomcat.util.net.jsse.Tomcat6SSLImplementation"
>
> scheme="https" secure="true" />
>
> is it a still valid attribute in tomcat7.x/tomcat8.x?
It still exists but you should not need to set it unless you are using
some form of custom TLS implementation. Also, I suspect the API for such
a class is version specific.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: tomcat6.0.43 ajp connector migration to tomcat8.0.33
Posted by Venkata Reddy P <Ve...@trianz.com>.
Hi,
Many Thanks Mark. This is a more of POC release planned for jun-1st week, will give a try with the existing stable release and thanks for suggesting the 8.5.x.
1) As you said, I can see AjpProtocol class as the BIO connector. If I create a customized class SslEnabledBioAjpProtocol extends AjpProtocol, then is the below configuration correct?
<Connector port="8009" protocol="org.apache.coyote.ajp.SslEnabledBioAjpProtocol" redirectPort="8443" />
2) In tomcat6, there http connector attribute to define the customized classname using attribute "sSLImplementation".
<Connector SSLEnabled="true"
sSLImplementation=" org.apache.tomcat.util.net.jsse.Tomcat6SSLImplementation"
scheme="https" secure="true" />
is it a still valid attribute in tomcat7.x/tomcat8.x?
Thanks
Venkata
-----Original Message-----
From: Mark Thomas [mailto:markt@apache.org]
Sent: 14 May 2016 00:04
To: Tomcat Users List
Subject: Re: tomcat6.0.43 ajp connector migration to tomcat8.0.33
On 13/05/2016 17:55, Venkata Reddy P wrote:
> Existing implementation:-
>
> In tomcat6.0.43 version, I have enabled the ssl on AJP connector by
> following the below steps
>
> 1) I did override the class "org.apache.jk.common.ChannelSocket" to "AjpSslChannelSocket extends ChannelSocket " to enable ssl on ajp port.
Tomcat does not support, and has never supported, AJP with TLS.
AjpSslChannelSocket must be a custom implementation.
> 2) This overridden "AjpSslChannelSocket" class I have configured in server.xml file as below.
>
> <Connector address="xx.xx.xx.xx"
> class.channelSocket=" org.apache.jk.common. AjpSslChannelSocket "
> enableLookups="false" maxThreads="150" port="8009"
> protocol="AJP/1.3" tomcatAuthentication="false"/>
>
> I believe, it is a AJP java connector(ChannelSocket) implementation which comes with tomcat6.0.43. am I correct?
No. See above.
> what kind of ajp connector implementation on class “org.apache.jk.common.ChannelSocket” (APR,NIO,…)?
BIO.
> Migration to:-
>
> Currently I have to do the same on tomcat8.0.33 version to replicate the above implemention to enable ssl on AJP port.
That isn't going to be possible unless you write some custom code.
> 1) When I look at the tomcat8.0.33 source code, I don’t find any “org.apache.jk” package.
>
> Did “org.apache.jk” replaced with any package?
Roughly, org.apache.coyote.ajp
> 2) It looks like the ajp connector attribute (class.channelSocket) also not available in tomcat8.0.33.
>
> Do we have any similar attribute to configure customized connector implementation class?
protocol
> 3) Finally the class “ChannelSocket” is also missing in tomcat8.0.33.
>
> What class has to be customized in tomcat8.0.33 to enable ssl on ajp port similar to above mentioned tomcat6.0.43 implementation?
Given that 8.0.x will be replaced by 8.5.x fairly soon (within 3-4 months I should think) and that their is a major refactoring of the connector code between 8.0.x and 8.5.x you should be looking at the 8.5.x code.
Look at the class hierarchy for AbstractAjpProtocol. You'll probably need to extend and override one of its sub-classes.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org<ma...@tomcat.apache.org>
For additional commands, e-mail: users-help@tomcat.apache.org<ma...@tomcat.apache.org>
Re: tomcat6.0.43 ajp connector migration to tomcat8.0.33
Posted by Mark Thomas <ma...@apache.org>.
On 13/05/2016 17:55, Venkata Reddy P wrote:
> Existing implementation:-
>
> In tomcat6.0.43 version, I have enabled the ssl on AJP connector by following the below steps
>
> 1) I did override the class "org.apache.jk.common.ChannelSocket" to "AjpSslChannelSocket extends ChannelSocket " to enable ssl on ajp port.
Tomcat does not support, and has never supported, AJP with TLS.
AjpSslChannelSocket must be a custom implementation.
> 2) This overridden "AjpSslChannelSocket" class I have configured in server.xml file as below.
>
> <Connector address="xx.xx.xx.xx"
> class.channelSocket=" org.apache.jk.common. AjpSslChannelSocket "
> enableLookups="false" maxThreads="150" port="8009"
> protocol="AJP/1.3" tomcatAuthentication="false"/>
>
> I believe, it is a AJP java connector(ChannelSocket) implementation which comes with tomcat6.0.43. am I correct?
No. See above.
> what kind of ajp connector implementation on class \u201corg.apache.jk.common.ChannelSocket\u201d (APR,NIO,\u2026)?
BIO.
> Migration to:-
>
> Currently I have to do the same on tomcat8.0.33 version to replicate the above implemention to enable ssl on AJP port.
That isn't going to be possible unless you write some custom code.
> 1) When I look at the tomcat8.0.33 source code, I don\u2019t find any \u201corg.apache.jk\u201d package.
>
> Did \u201corg.apache.jk\u201d replaced with any package?
Roughly, org.apache.coyote.ajp
> 2) It looks like the ajp connector attribute (class.channelSocket) also not available in tomcat8.0.33.
>
> Do we have any similar attribute to configure customized connector implementation class?
protocol
> 3) Finally the class \u201cChannelSocket\u201d is also missing in tomcat8.0.33.
>
> What class has to be customized in tomcat8.0.33 to enable ssl on ajp port similar to above mentioned tomcat6.0.43 implementation?
Given that 8.0.x will be replaced by 8.5.x fairly soon (within 3-4
months I should think) and that their is a major refactoring of the
connector code between 8.0.x and 8.5.x you should be looking at the
8.5.x code.
Look at the class hierarchy for AbstractAjpProtocol. You'll probably
need to extend and override one of its sub-classes.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org