DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17656>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17656 scheme and secure Connector server.xml configuration attributes ignored by CoyoteConnector HTTP/1.1 Summary: scheme and secure Connector server.xml configuration attributes ignored by CoyoteConnector HTTP/1.1 Product: Tomcat 4 Version: 4.1.18 Platform: PC OS/Version: Linux Status: NEW Severity: Critical Priority: Other Component: Connector:Coyote HTTP/1.1 AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Overview Description: Use of the common scheme and secure attributes in Connector server.xml configuration for CoyoteConnector HTTP/1.1 is ignored in the released 4.1.18 build. This used to work as expected in 4.1.10, (see below). Our hosting architecture employs external SSL acceleration hardware in front of standalone Tomcat servers and needs to pass scheme and secure information to our webapps. To do this, we specify the following in the server.xml file: <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8543" minProcessors="8" maxProcessors="128" enableLookups="false" acceptCount="64" debug="0" connectionTimeout="300000" scheme="https" secure="true" useURIValidationHack="false" disableUploadTimeout="true"/> The specification of "https" and "true" no longer is effective in setting the standard Servlet 2.3 ServletRequest.getScheme() and ServletRequest.isSecure() return values. Instead, "http" and false are always returned, respectively. Because the static Connector configuration information is no longer propagated to our web application servlets, our application fails to run properly. Steps to Reproduce: 1. configure Tomcat 4.1.18 to use standalone CoyoteConnector. 2. specify Connector scheme attribute as something other than "http" and/or set secure attribute to "false". 3. access the standard request getScheme() and/or isSecure() methods in a servlet registered to the Connector. Actual Results: ServletRequest.getScheme() will return "http" and ServletRequest.isSecure() will return false when accessed from the servlet. Expected Results: ServletRequest.getScheme() and ServletRequest.isSecure() should reflect what is specified in the Connector configuration. Additional Information: It appears that this problem was introduced in 4.1.13 while making the following change to coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java and other files: ----------------------- revision 1.10 date: 2002/09/29 17:07:44; author: nacho; state: Exp; lines: +9 -14 Bug#12998 HTTPS gets changed to HTTP://servername:443 Reported by marcus.kellermann at bentley.com The processor (HTTP11 or ajp13) should set the scheme and port prior to this point, in an ajp13 connection doesnt make sense to get the secure flag from the connector secure flag. ----------------------- In prior versions of this file, settings for the request scheme was always copied from the Connector/CoyoteConnector configuration. With this change, the Processor is now responsible for setting the request information correctly. In our case, the Http11Processor cannot know about the external hardware and fails to upgrade the logical connection to https/secure. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]