hgomez 01/05/18 07:18:07
Modified:jk/src/doc AJPv14.txt
Log:
Updated AJP14 documentation
Revision ChangesPath
1.2 +452 -437 jakarta-tomcat-connectors/jk/src/doc/AJPv14.txt
Index: AJPv14.txt
===
RCS file: /home/cvs/jakarta-tomcat-connectors/jk/src/doc/AJPv14.txt,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- AJPv14.txt2001/05/14 09:16:57 1.1
+++ AJPv14.txt2001/05/18 14:18:01 1.2
@@ -1,437 +1,452 @@
-Proposal for Apache JServ 1.4 - Second Pass
-
-This document is a proposal of evolution of the current
-Apache JServ Protocol version 1.3, also known as ajp13.
-I'll not cover here the full protocol but only the add-on from ajp13.
-
-This second pass include comments from the tomca-dev list
-
-Missing features in AJP13
--
-
-ajp13 is a good protocol to link a servlet engine like tomcat to a web server like
Apache:
-
-* use persistants connections to avoid reconnect time at each request
-* encode many http commands to reduce stream size
-* send to servlet engine many info from web server (like SSL certs)
-
-But ajp13 lacks support for :
-
-* security between web server and servlet engine.
- Anybody can connect to an ajp13 port (no login mecanism used)
- You could connect, for example with telnet, and keep the remote thread
- up by not sending any data (no timeout in connection)
-
-* context information passed from servlet engine to web server.
- Part of the configuration of mod_jk, the web server connector, is to
- indicate to the web server which URI to handle.
- The mod_jk JkMount directive, told to web server which URI must be
- forwarded to servlet engine.
- A servlet engine allready knows which URI it handle and TC 3.3 is
- allready capable to generate a config file for mod_jk from the list
- of available contexts.
-
-* state update of contexts from servlet engine to web server.
- Big site with farm of Tomcat, like ISP and virtuals hosters,
- may need to stop a context for admin purposes. In that case the front
- web server must know that the context is currently down, to eventually
- relay the request to another Tomcat
-
-* verify state of connection before sending request.
- Actually mod_jk send the request to the servlet engine and next wait
- for the answer. But one of the beauty of the socket API, is you that
- you could write() to a closed connection without any error reporting,
- but a read() to a closed connection return you the error code.
-
-
-AJP14 add-ons to AJP13
---
-
-
-Let's descrive here the features and add-on that will be added to AJP13,
-which will became AJP14. Since this document is a proposal, a resonable level
-of chaos must be expected at start.
-Be sure that discussion on tomcat list will help clarify points, add
-features but the current list seems to be a 'minimun vital'
-
-* Advanced login features at connect time
-
-* Basic authorisation system, where a shared secret key is
- present in web server and servlet engine.
-
-* Basic protocol negociation, just to be sure that if functionnalities are added
- to AJP14 in the future, current implementations will still works.
-
-* Clean handling of 'Unknown packets'
-
-* Extended env vars passed from web-server to servlet engine.
-
-Advanced login
---
-
-1) WEB-SERVER send LOGIN INIT CMD + NEGOCIATION DATA + WEB SERVER INFO
-
-2) TOMCAT respond with LOGIN SEED CMD + RANDOM DATA
-
-3) WEB-SERVER calculted the MD5 of RANDOM DATA+SECRET DATA
-
-4) WEB-SERVER send LOGIN COMP CMD + MD5 (SECRET DATA + RANDOM DATA)
-
-5) TOMCAT respond with LOGIN STATUS CMD + NEGOCIED DATA + SERVLET ENGINE INFO
-
-
-To prevent DOS attack, the servlet engine will wait
-the LOGIN CMD only 15/30 seconds and reports the
-timeout exception for admins investigation.
-
-The login command will contains basic protocol
-negociation information like compressing ability,
-crypto, context info (at start up), context update at
-run-time (up/down), level of SSL env vars, AJP protocol
-supported (AJP14/AJP15/AJP16...)
-
-The Web server info will contain web server info and
-connector name (ie Apache 1.3.19 + mod_ssl 2.8.2 + mod_jk 3.3 + mod_perl 1.25).
-
-The servlet engine will mask the negociation mask with it's own
-mask (what it can do) and return it when loggin is accepted.
-
-This will help having a basic ajp14 implementation
-on a web-server working with a more advanced ajp14 on
-the servlet engine side or vice-versa.
-
-AJP13 was designed to be small and fast and so many
-SSL informations present in the