Manni Wood wrote:
One of the things I thought AJP did that HTTP proxying to Tomcat could not (but correct me here if I'm wrong) is let the servelt container know whether or not the connection is HTTP vs. HTTPS. This sort of information needs to get passed back to the servlet container to satisfy the servlet specification.
Of course HTTPS and SSL infos are forwarded from Apache to Tomcat.
Typcially, in an Apache/Tomcat configuration, Apache deals with all of the https connections (because it's better at it), and requests for servlet/JSP stuff are passed back to Tomcat, with information on whether or not the connection Apache has with the browser is HTTP or HTTPS.
Exact, so Tomcat avoid crypto works workload.
Anyway, for business sites, any servlet being able to know if the original connection was secure or not is a total deal-breaker on whether or not to use a particular technology (in this case, Apache/Tomcat) to host a web site.
Could you develop ?