I have seen this work before as well - using 4.0.4 under Linux using org.apache.ajp.tomcat4.Ajp13Connector. I didn't really think that it could be the Tomcat side that was causing the problem - (since my relative experience between the two favors Tomcat...)
I am now using the org.apache.coyote.tomcat4.CoyoteConnector - but haven't set tomcatAuthentication="false". I'll have to wait until my database exam, and programming languages exam is finished before I dig through the source and figure out what it does... - from what you suggest, it doesn't sound like this attribute is connector specific...? However under Linux - I was using the org.apache.ajp.tomcat4.Ajp13Connector as well. I'll dig around for a while and see what I find... Thanks for the clarification... Randy ----- Original Message ----- From: "Milt Epstein" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Thursday, October 31, 2002 10:22 AM Subject: RE: Tomcat SSL w/ Apache > On Thu, 31 Oct 2002, Turner, John wrote: > Surprise! > > The isSecure() check (as well as getScheme()) refers to the original > request. So, all of what you say otherwise is correct, but isSecure() > (and getScheme()) should reflect what was true of the original > request, whether it came to Apache or Tomcat. > > I verified this using SnoopServlet in the Tomcat distrib examples > context. On a machine I have, I have that available to both my http > and https web server hosts/instances. Then I tried the URLs: > > http://www.machinename.com//examples/snoop > https://www.machinename.com//examples/snoop > > (snoop is mapped to SnoopServlet in the examples context web.xml file.) > > For the first URL, "Scheme" (which shows the value of getScheme()) was > "http", and "Request Is Secure" (which shows the value of isSecure()) > was "false". For the second, the values were "https" and "true", > respectively. > > Now, one caveat I'll add is that this is with 4.0.4. I imagine it's > possible that this behavior changed between versions. But it would > seem an odd change, because it's a major change to a basic behavior > (and one that I think goes against the spec). Further, some > tomcat-dev people post to this list, so I would've thought they'd have > commented if this were the case. > > I didn't respond directly to Randy's note because I didn't have any > idea what might be causing the problem. It's possible that there is > some configuration that needs to be set to get this behavior. But > from a quick glance at my configuration, I didn't see what that might > be. > > Oh, I just did a search of the archives (at marc.theaimsgroup.com), > and looks like someone brought up this same issue quite recently (and > I think I was combining/confusing the two threads). There was only > one followup to the initial response there (the subject was "Possible > bug with isSecure()/getScheme() methods in tomcat 4."), which said: > > IIRC there is a bug in the coyote connector in TC 4.1.10. > > You have to use the org.apache.ajp.tomcat4.Ajp13Connector connector > and set an attribute tomcatAuthentication="false" to achieve the > result you desire. > > In fact, I am using the Ajp13Connector, and I do have > tomcatAuthentication set to false (that's to allow the authentication > to be done by Apache, but maybe there's some interaction there). So > there are a couple of things to try to see if it has any effect. > -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
