I knew it did not work in tc 5. I did not check out the code. This obviously is not working according to the documentation. What is the secure="true" then for ? should it not be enough to set scheme ="https" ?
Then again in my experience this works with tomcat 4.1.31 with out problems (except it's tc 4.1.31) and I really thought it was a bug in tc 5.x
But the situation that I am in right now is a production server, that I rather work as little on as I can, and only want to update it if I must. there for I was looking for configuration errors, or someone stating that this was a bug in some version fixed in some other version. I could not see any mentions of this in the change-logs for tomcat, and there for I posted this question. I guess my only solution right now is upgrading it to 4.1.31 and hoping that will "fix" the problem.
I also hope that the secure="true" will return the behavior described in the documentation. the usecase has to do with reverse proxying through apache. apache holds the key for the SSL, and then forwards the requests I need into tomcat, where I execute serveral operations based on if request.isSecure() is true or false. In my case it's very difficoult to have the SSL key on the tomcat for several reasons, there for I must have the port doing http (not https) but still returning true for req.isSecure()...
Well this probably means some hacking, or an upgrade... thanx again, -reynir
Caldarale, Charles R wrote:
From: reynir [mailto:[EMAIL PROTECTED] Subject: Re: HTTPconnector problem
As I understand the documentation (and my past experience shows) you are not correct. :)
But we don't actually run the documentation. Here's the code of interest (from 5.0.25, the last one I downloaded the source for):
if (! req.scheme().isNull()) { // use processor specified scheme to determine secure state request.setSecure(req.scheme().equals("https")); } else { // use connector scheme and secure configuration, (defaults to // "http" and false respectively) req.scheme().setString(connector.getScheme()); request.setSecure(connector.getSecure()); }
If I'm reading this correctly, the connector's secure attribute will only be used if the scheme for the request has not been set. I suspect that, in your case, the scheme is "http", forcing the secure attribute for the request to false.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
