Re: tomcat6.0.43 ajp connector migration to tomcat8.0.33
On 16/05/2016 12:46, Venkata Reddy P wrote: > Many Thanks Again. Can you point me the ajp documentation to understand > different protocol(BIO, NIO,APR,..) implementations? The AJP implementation is the same for all of them. All the individual implementations do is plug in the appropriate Endpoint. You may want to take a look at the various Endpoint implementations in org.apache.tomcat.util.net Mark > > -Original Message- > From: Mark Thomas [mailto:ma...@apache.org] > Sent: Monday, May 16, 2016 5:13 PM > To: Tomcat Users List > Subject: Re: tomcat6.0.43 ajp connector migration to tomcat8.0.33 > > On 16/05/2016 07:25, Venkata Reddy P wrote: >> Hi, >> >> >> >> Many Thanks Mark. This is a more of POC release planned for jun-1st week, >> will give a try with the existing stable release and thanks for suggesting >> the 8.5.x. >> >> >> >> 1) As you said, I can see AjpProtocol class as the BIO connector. If I >> create a customized class SslEnabledBioAjpProtocol extends AjpProtocol, then >> is the below configuration correct? >> >> > protocol="org.apache.coyote.ajp.SslEnabledBioAjpProtocol" >> redirectPort="8443" /> > > BIO support has been removed in 8.5.x. I suggest you base your implementation > on the NIO connector. > > protocol is the correct attribute to use to configure it. > > >> 2) In tomcat6, there http connector attribute to define the customized >> classname using attribute "sSLImplementation". >> >> > >> sSLImplementation=" >> org.apache.tomcat.util.net.jsse.Tomcat6SSLImplementation" >> >> scheme="https" secure="true" /> >> >> is it a still valid attribute in tomcat7.x/tomcat8.x? > > It still exists but you should not need to set it unless you are using some > form of custom TLS implementation. Also, I suspect the API for such a class > is version specific. > > Mark > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat6.0.43 ajp connector migration to tomcat8.0.33
Many Thanks Again. Can you point me the ajp documentation to understand different protocol(BIO, NIO,APR,..) implementations? -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, May 16, 2016 5:13 PM To: Tomcat Users List Subject: Re: tomcat6.0.43 ajp connector migration to tomcat8.0.33 On 16/05/2016 07:25, Venkata Reddy P wrote: > Hi, > > > > Many Thanks Mark. This is a more of POC release planned for jun-1st week, > will give a try with the existing stable release and thanks for suggesting > the 8.5.x. > > > > 1) As you said, I can see AjpProtocol class as the BIO connector. If I > create a customized class SslEnabledBioAjpProtocol extends AjpProtocol, then > is the below configuration correct? > > protocol="org.apache.coyote.ajp.SslEnabledBioAjpProtocol" > redirectPort="8443" /> BIO support has been removed in 8.5.x. I suggest you base your implementation on the NIO connector. protocol is the correct attribute to use to configure it. > 2) In tomcat6, there http connector attribute to define the customized > classname using attribute "sSLImplementation". > > > sSLImplementation=" > org.apache.tomcat.util.net.jsse.Tomcat6SSLImplementation" > > scheme="https" secure="true" /> > > is it a still valid attribute in tomcat7.x/tomcat8.x? It still exists but you should not need to set it unless you are using some form of custom TLS implementation. Also, I suspect the API for such a class is version specific. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat6.0.43 ajp connector migration to tomcat8.0.33
On 16/05/2016 07:25, Venkata Reddy P wrote: > Hi, > > > > Many Thanks Mark. This is a more of POC release planned for jun-1st week, > will give a try with the existing stable release and thanks for suggesting > the 8.5.x. > > > > 1) As you said, I can see AjpProtocol class as the BIO connector. If I > create a customized class SslEnabledBioAjpProtocol extends AjpProtocol, then > is the below configuration correct? > > protocol="org.apache.coyote.ajp.SslEnabledBioAjpProtocol" redirectPort="8443" > /> BIO support has been removed in 8.5.x. I suggest you base your implementation on the NIO connector. protocol is the correct attribute to use to configure it. > 2) In tomcat6, there http connector attribute to define the customized > classname using attribute "sSLImplementation". > > > sSLImplementation=" > org.apache.tomcat.util.net.jsse.Tomcat6SSLImplementation" > > scheme="https" secure="true" /> > > is it a still valid attribute in tomcat7.x/tomcat8.x? It still exists but you should not need to set it unless you are using some form of custom TLS implementation. Also, I suspect the API for such a class is version specific. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat6.0.43 ajp connector migration to tomcat8.0.33
Hi, Many Thanks Mark. This is a more of POC release planned for jun-1st week, will give a try with the existing stable release and thanks for suggesting the 8.5.x. 1) As you said, I can see AjpProtocol class as the BIO connector. If I create a customized class SslEnabledBioAjpProtocol extends AjpProtocol, then is the below configuration correct? 2) In tomcat6, there http connector attribute to define the customized classname using attribute "sSLImplementation". is it a still valid attribute in tomcat7.x/tomcat8.x? Thanks Venkata -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: 14 May 2016 00:04 To: Tomcat Users List Subject: Re: tomcat6.0.43 ajp connector migration to tomcat8.0.33 On 13/05/2016 17:55, Venkata Reddy P wrote: > Existing implementation:- > > In tomcat6.0.43 version, I have enabled the ssl on AJP connector by > following the below steps > > 1) I did override the class "org.apache.jk.common.ChannelSocket" to > "AjpSslChannelSocket extends ChannelSocket " to enable ssl on ajp port. Tomcat does not support, and has never supported, AJP with TLS. AjpSslChannelSocket must be a custom implementation. > 2) This overridden "AjpSslChannelSocket" class I have configured in > server.xml file as below. > > class.channelSocket=" org.apache.jk.common. AjpSslChannelSocket " > enableLookups="false" maxThreads="150" port="8009" > protocol="AJP/1.3" tomcatAuthentication="false"/> > > I believe, it is a AJP java connector(ChannelSocket) implementation which > comes with tomcat6.0.43. am I correct? No. See above. > what kind of ajp connector implementation on class > “org.apache.jk.common.ChannelSocket” (APR,NIO,…)? BIO. > Migration to:- > > Currently I have to do the same on tomcat8.0.33 version to replicate the > above implemention to enable ssl on AJP port. That isn't going to be possible unless you write some custom code. > 1) When I look at the tomcat8.0.33 source code, I don’t find any > “org.apache.jk” package. > > Did “org.apache.jk” replaced with any package? Roughly, org.apache.coyote.ajp > 2) It looks like the ajp connector attribute (class.channelSocket) also > not available in tomcat8.0.33. > > Do we have any similar attribute to configure customized connector > implementation class? protocol > 3) Finally the class “ChannelSocket” is also missing in tomcat8.0.33. > > What class has to be customized in tomcat8.0.33 to enable ssl on ajp port > similar to above mentioned tomcat6.0.43 implementation? Given that 8.0.x will be replaced by 8.5.x fairly soon (within 3-4 months I should think) and that their is a major refactoring of the connector code between 8.0.x and 8.5.x you should be looking at the 8.5.x code. Look at the class hierarchy for AbstractAjpProtocol. You'll probably need to extend and override one of its sub-classes. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org<mailto:users-unsubscr...@tomcat.apache.org> For additional commands, e-mail: users-h...@tomcat.apache.org<mailto:users-h...@tomcat.apache.org>
Re: tomcat6.0.43 ajp connector migration to tomcat8.0.33
On 13/05/2016 17:55, Venkata Reddy P wrote: > Existing implementation:- > > In tomcat6.0.43 version, I have enabled the ssl on AJP connector by following > the below steps > > 1) I did override the class "org.apache.jk.common.ChannelSocket" to > "AjpSslChannelSocket extends ChannelSocket " to enable ssl on ajp port. Tomcat does not support, and has never supported, AJP with TLS. AjpSslChannelSocket must be a custom implementation. > 2) This overridden "AjpSslChannelSocket" class I have configured in > server.xml file as below. > > class.channelSocket=" org.apache.jk.common. AjpSslChannelSocket " > enableLookups="false" maxThreads="150" port="8009" > protocol="AJP/1.3" tomcatAuthentication="false"/> > > I believe, it is a AJP java connector(ChannelSocket) implementation which > comes with tomcat6.0.43. am I correct? No. See above. > what kind of ajp connector implementation on class > “org.apache.jk.common.ChannelSocket” (APR,NIO,…)? BIO. > Migration to:- > > Currently I have to do the same on tomcat8.0.33 version to replicate the > above implemention to enable ssl on AJP port. That isn't going to be possible unless you write some custom code. > 1) When I look at the tomcat8.0.33 source code, I don’t find any > “org.apache.jk” package. > > Did “org.apache.jk” replaced with any package? Roughly, org.apache.coyote.ajp > 2) It looks like the ajp connector attribute (class.channelSocket) also > not available in tomcat8.0.33. > > Do we have any similar attribute to configure customized connector > implementation class? protocol > 3) Finally the class “ChannelSocket” is also missing in tomcat8.0.33. > > What class has to be customized in tomcat8.0.33 to enable ssl on ajp port > similar to above mentioned tomcat6.0.43 implementation? Given that 8.0.x will be replaced by 8.5.x fairly soon (within 3-4 months I should think) and that their is a major refactoring of the connector code between 8.0.x and 8.5.x you should be looking at the 8.5.x code. Look at the class hierarchy for AbstractAjpProtocol. You'll probably need to extend and override one of its sub-classes. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
