You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Cummins College <cu...@gmail.com> on 2010/03/11 13:24:22 UTC
Disabling http connector
Hi,
I know that https by enabling the secure attribute to true. But what if I
want to "disable" the http connector?
To elaborate, I want the https connector to be disabled when http runs and
vice versa. What changes should be done?
However, not by changing the secure attribute.
We know most of you dont exactly agree or approve of our idea about fiddling
with the http connector, but please do help!
-Thank you
Re: Disabling http connector
Posted by Mikolaj Rydzewski <mi...@ceti.pl>.
Cummins College wrote:
> To elaborate, I want the https connector to be disabled when http runs and
> vice versa. What changes should be done?
> However, not by changing the secure attribute.
>
Not an answer, but you can enable/disable http/https access to
particular resources using transport-guarantee element in web.xml.
--
Mikolaj Rydzewski <mi...@ceti.pl>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Disabling http connector
Posted by Peter Crowther <pe...@melandra.com>.
On 11 March 2010 12:24, Cummins College <cu...@gmail.com> wrote:
> We know most of you dont exactly agree or approve of our idea about
> fiddling
> with the http connector, but please do help!
>
> I don't have enough information to agree, disagree or help. I've never
seen a sufficiently clear message about what - from a human point of view -
you are trying to achieve. How does what you are trying to do help any of
the following people? Be specific!
- The end-user of the application (there may be several kinds);
- The system administrator of the application;
- The developer of the application;
- The person who is paying for development of the application;
- The person who is auditing the application for compliance with policies.
At the moment, I don't know how any of these people - or anyone else -
benefits from what you are trying to do, whereas I can see how it causes
trouble for them. So I don't know how to help you!
- Peter
RE: Disabling http connector
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Cummins College [mailto:cummins.group21@gmail.com]
> Subject: Re: Disabling http connector
>
> Regarding our question and intention, there is not much to convince.
> Actually we have been given this task and we have no option but to do
> it even though it is crazy.
Just say no. The whole concept is ridiculous.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Disabling http connector
Posted by Cummins College <cu...@gmail.com>.
Hi,
Regarding our question and intention, there is not much to convince.
Actually we have been given this task and we have no option but to do it
even though it is crazy.
We figured out a way to make the removeConnector() method work, ie we are
disabling/removing the http/https connector. now to create a connector we
are using this method.
*
private* String createConnector(String parent, String address, *int* port,*
boolean* isAjp,*boolean* isSSL) *throws* Exception
So please could anyone tell us what to pass as the 'parent' parameter? The
address we are passing as "localhost" and port either 8443 or 8080. Are
these parameters correct?
Please do help.
Thanks
RE: Disabling http connector
Posted by Martin Gainty <mg...@hotmail.com>.
i would first check the configuration for the connector
you *might* have a builtin dependency on Executor ThreadPool e.g.
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-" maxThreads="150" minSpareThreads="4"/>
<Connector executor="tomcatThreadPool" port="8007" protocol="HTTP/1.1" connectionTimeout="20000" />
anyone ?
Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
> Date: Fri, 19 Mar 2010 15:07:39 +0530
> Subject: Re: Disabling http connector
> From: cummins.group21@gmail.com
> To: users@tomcat.apache.org
>
> Hi,
>
> We found this MBeanfactory method. It has a remove connector method. This
> takes argument <String> as the Mbean-name of component to be removed.
>
> We have tried passing 'HTTPConnector',
> 'CoyoteConnector','Catalina','http-8080' and 'http11connector'.
>
> Could you tell us how to find the mbean names of the connectors?
>
> Thanks.
_________________________________________________________________
Hotmail is redefining busy with tools for the New Busy. Get more from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID27925::T:WLMTAGL:ON:WL:en-US:WM_HMP:032010_2
Re: Disabling http connector
Posted by André Warnier <aw...@ice-sa.com>.
Cummins College wrote:
> Hi,
>
> We found this MBeanfactory method. It has a remove connector method. This
> takes argument <String> as the Mbean-name of component to be removed.
>
> We have tried passing 'HTTPConnector',
> 'CoyoteConnector','Catalina','http-8080' and 'http11connector'.
>
> Could you tell us how to find the mbean names of the connectors?
>
You still have not managed to convince us of why you would need to ever
do such a thing, as opposed to not configuring the respective Connectors
in the first place.
As for me personally, even if I knew, I would not help you, as I would
consider it unethical to help someone here shoot himself in the foot,
which is what your explanations so far - or the lack of them - lead me
to believe you are doing.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Disabling http connector
Posted by Cummins College <cu...@gmail.com>.
Hi,
We found this MBeanfactory method. It has a remove connector method. This
takes argument <String> as the Mbean-name of component to be removed.
We have tried passing 'HTTPConnector',
'CoyoteConnector','Catalina','http-8080' and 'http11connector'.
Could you tell us how to find the mbean names of the connectors?
Thanks.
Re: Disabling http connector
Posted by Pid <pi...@pidster.com>.
On 11/03/2010 12:24, Cummins College wrote:
> Hi,
>
> I know that https by enabling the secure attribute to true.
No. More is required.
> But what if I want to "disable" the http connector?
You don't. You just want to force the user to use HTTPS, which is not
the same thing at all.
> To elaborate, I want the https connector to be disabled when http runs and
> vice versa.
Again, no you don't.
Worse, you don't usually want to redirect a secure session back to HTTP,
unless the user is being logged out.
> What changes should be done?
Read the Servlet Spec, it provides for this requirement, as Mikolaj
hinted. "transport-guarantee" is a setting in your web.xml.
> However, not by changing the secure attribute.
>
> We know most of you dont exactly agree or approve of our idea about fiddling
> with the http connector, but please do help!
It's not a case of agree or approve, your idea/understanding is just
wrong and you've already wasted many hours trying to making it work.
Disabling the HTTP/S connector will affect *all* users, not just a
single one. Please confirm that you understand this.
p
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Disabling http connector
Posted by André Warnier <aw...@ice-sa.com>.
Cummins College wrote:
> Hi,
>
> I know that https by enabling the secure attribute to true. But what if I
> want to "disable" the http connector?
>
> To elaborate, I want the https connector to be disabled when http runs and
> vice versa. What changes should be done?
> However, not by changing the secure attribute.
>
> We know most of you dont exactly agree or approve of our idea about fiddling
> with the http connector, but please do help!
It is not that we don't /agree/, it is that we can't really see the
point, or what you are trying to achieve, or how it could possibly work
in the practice.
Let me give you an example :
Say users start by getting a "menu" page from your site, using a http link :
http://yoursite.yourcompany.com/welcome.html
Now inside that page which the browser just got from your site, and
which is now in the browser's memory, there are links to various things
the users can do on your site. For example :
<a href="/students/sign-up.html">sign up as a student</a>
<a href="/students/sign-off.html">cancel your acoount</a>
<a href="/info/programs.html">study programs</a>
etc...
So, when the user is going to click on such a link, the /browser/ will
interpret this in function of the protocol and host which was used to
get "welcome.html", and for example for the first link, it is going to
issue a request to :
http://yoursite.yourcompany.com/students/sign-up.html
That means that the browser is going to try to set up a connection with
the server, using the HTTP protocol, over a non-secure connection.
Now suppose that in the meantime, you have disabled HTTP on port 80, and
forced it to be HTTPS.
Well then, this request from the client is going to fail, because it is
still going to try for a HTTP connection, because /that is the meaning
of the link it has in the page currently loaded in the browser/.
And the Connector on port 80, which is suddenly accepting only HTTPS
connections, is going to refuse that HTTP connection request.
Changing the connector's protocol is not going to suddenly and magically
update all the welcome.html pages which have been already loaded by the
browsers accessing your site, and the links in those pages.
It is also not going to magically update all the pages on your site
which already have these links in them, even if browsers have not
received them yet.
If you want a client, at some point, to stop using HTTP and switch to
HTTPS, then the correct method is not to mysteriously change the nature
of the protocol "under their nose".
One correct method is to insure that for links which you want to be used
under HTTPS, your return in your pages the appropriate link, like :
<a href="https://yoursite.yourcompany.com/students/sign-up.html">sign up
as a student</a>
instead of
<a href="http://yoursite.yourcompany.com/students/sign-up.html">sign up
as a student</a>
Another correct method is, when the browser requests a page using HTTP,
to return a "redirect" response to the browser saying :
"for this page, which you wanted as
"http://yoursite.yourcompany.com/students/sign-up.html", please use this
address instead :
https://yoursite.yourcompany.com/students/sign-up.html
That is called a "redirect" response, with a HTTP status code 302.
Upon receiving such a response, the browser will, automatically and
transparently, without even asking the user, make a new request to the
server, this time for
https://yoursite.yourcompany.com/students/sign-up.html
And on the server side, this new request will be received and processed
by the HTTPS connector, not the HTTP one.
The HTTP and the HTTPS Connector are both set up in advance, ready to
received requests on their respective ports and using their respective
type of TCP/IP connection, and they do not interfere with one another.
If you want to take a Connector which is currently active and using one
protocol, and change its protocol on the fly, then please state a valid
reason to do this, that we could understand what you are trying to
achieve, and which the current HTTP RFC and associated webservers cannot
do in some standard way.
Note that in the above, I am simplifying the problem which would happen,
because switching from HTTP to HTTPS is not just a matter of having a
browser being refused a connection. It would also cause any existing
live connection between browsers and the server to be aborted, for
reasons that would appear mysterious to anyone watching the logfiles or
the traffic for instance.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Disabling http connector
Posted by Konstantin Kolinko <kn...@gmail.com>.
2010/3/11 Cummins College <cu...@gmail.com>:
> Hi,
>
> I know that https by enabling the secure attribute to true. But what if I
> want to "disable" the http connector?
>
> To elaborate, I want the https connector to be disabled when http runs and
> vice versa.
I do not understand your question.
Each Connector accepts requests only on a single port and only by a
single protocol (HTTP, HTTPS, AJP). A single connector cannot accept
HTTP and HTTPS requests at the same time.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org