You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/03/05 07:27:56 UTC
DO NOT REPLY [Bug 17656] New: -
scheme and secure Connector server.xml configuration attributes ignored by CoyoteConnector HTTP/1.1
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17656>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17656
scheme and secure Connector server.xml configuration attributes ignored by CoyoteConnector HTTP/1.1
Summary: scheme and secure Connector server.xml configuration
attributes ignored by CoyoteConnector HTTP/1.1
Product: Tomcat 4
Version: 4.1.18
Platform: PC
OS/Version: Linux
Status: NEW
Severity: Critical
Priority: Other
Component: Connector:Coyote HTTP/1.1
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: rwatler@finali.com
Overview Description:
Use of the common scheme and secure attributes in Connector server.xml
configuration for CoyoteConnector HTTP/1.1 is ignored in the released
4.1.18 build. This used to work as expected in 4.1.10, (see below).
Our hosting architecture employs external SSL acceleration hardware in
front of standalone Tomcat servers and needs to pass scheme and secure
information to our webapps. To do this, we specify the following in
the server.xml file:
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8543" minProcessors="8" maxProcessors="128"
enableLookups="false" acceptCount="64" debug="0"
connectionTimeout="300000" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true"/>
The specification of "https" and "true" no longer is effective in
setting the standard Servlet 2.3 ServletRequest.getScheme() and
ServletRequest.isSecure() return values. Instead, "http" and false are
always returned, respectively.
Because the static Connector configuration information is no longer
propagated to our web application servlets, our application fails to
run properly.
Steps to Reproduce:
1. configure Tomcat 4.1.18 to use standalone CoyoteConnector.
2. specify Connector scheme attribute as something other than "http"
and/or set secure attribute to "false".
3. access the standard request getScheme() and/or isSecure() methods in
a servlet registered to the Connector.
Actual Results:
ServletRequest.getScheme() will return "http" and
ServletRequest.isSecure() will return false when accessed from the
servlet.
Expected Results:
ServletRequest.getScheme() and ServletRequest.isSecure() should reflect
what is specified in the Connector configuration.
Additional Information:
It appears that this problem was introduced in 4.1.13 while making the
following change to
coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java and other
files:
-----------------------
revision 1.10
date: 2002/09/29 17:07:44; author: nacho; state: Exp; lines: +9 -14
Bug#12998 HTTPS gets changed to HTTP://servername:443
Reported by marcus.kellermann at bentley.com
The processor (HTTP11 or ajp13) should set the scheme and port prior
to this point, in an ajp13 connection doesnt make sense to get the
secure flag from the connector secure flag.
-----------------------
In prior versions of this file, settings for the request scheme was
always copied from the Connector/CoyoteConnector configuration. With
this change, the Processor is now responsible for setting the request
information correctly. In our case, the Http11Processor cannot know
about the external hardware and fails to upgrade the logical connection
to https/secure.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org