Hi Ian,
couple of things for you to know:
if you want to change the headers served by Tomcat from default
behaviour, you'll have to change them yourself, meaning write your own
filter.
below is a Filter-Example which we've used to add an Expires-Header.
It adds the current month + one month, so that the content should be
cached in any way:
package com.cr.manuals.filter;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
import java.util.Locale;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class for Servlet: HeaderFilter
*
*/
public class HeaderFilter implements javax.servlet.Filter {
private static String PARAM_ADD_TO_CURRENT_MONTH =
"ADD_TO_CURRENT_MONTH";
private FilterConfig filterConfig = null;
private int months2Add = 0;
/* (non-Java-doc)
* @see javax.servlet.http.HttpServlet#HttpServlet()
*/
public HeaderFilter() {
super();
}
/**
* init() : init() method called when the filter is instantiated.
* This filter is instantiated the first time j_security_check is
* invoked for the application (When a protected servlet in the
* application is accessed).
*/
public void init(FilterConfig aFilterConfig) throws ServletException {
filterConfig = aFilterConfig;
months2Add =
Integer.parseInt(filterConfig.getInitParameter(PARAM_ADD_TO_CURRENT_MONTH));
}
/**
* destroy() : destroy() method called when the filter is taken
* out of service.
*/
public void destroy() {
filterConfig = null;
}
/**
* doFilter() : doFilter() method called before the servlet to
* which this filteris mapped is invoked. Since this filter is
* mapped to j_security_check,this method is called before
* j_security_check action is posted.
*/
public void doFilter(ServletRequest aRequest, ServletResponse aResponse,
FilterChain chain) throws
java.io.IOException, ServletException {
//System.out.println ("******** filter *******");
HttpServletRequest request = (HttpServletRequest)aRequest;
HttpServletResponse response = (HttpServletResponse)aResponse;
// call next filter in the chain : let j_security_check
authenticate
// user
response.setHeader("Expires", createExpiresHeader(months2Add));
chain.doFilter(request, response);
}
/**
* Create a String in the format EEE, d MMM yyyy HH:mm:ss z"
* Example: Fri, 4 Aug 2006 09:07:44 CEST
* The value of the init-parama ADD_TO_CURRENT_MONTH is added to the
* month-field of the current date
* @return
*/
private String createExpiresHeader(int someMonths2Add) {
SimpleDateFormat sdf = new SimpleDateFormat("EEE, d MMM yyyy
HH:mm:ss z", Locale.US);
Calendar cal = Calendar.getInstance();
cal.add(Calendar.MONTH, someMonths2Add);
long millis = cal.getTimeInMillis();
Date d = new Date(millis);
return sdf.format(d);
}
}
This is a snippedt from the web.xml (you'll have to add it into all
your servlets that should use this filter:
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";>
<servlet>
<description></description>
<display-name>YourServlet</display-name>
<servlet-name>YourServlet</servlet-name>
<servlet-class>com.your.company.ServletClass</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>YourServlet</servlet-name>
<url-pattern>/YourServlet</url-pattern>
</servlet-mapping>
<filter id="Filter_1">
<filter-name>HeaderFilter</filter-name>
<filter-class>com.cr.manuals.filter.HeaderFilter</filter-class>
<init-param>
<param-name>ADD_TO_CURRENT_MONTH</param-name>
<param-value>1</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>HeaderFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
After compiling your Filter, just put it into the according
WEB-INF/lib-directory.
However, there's a pitfall:
IE sometimes does not care about headers when it comes to caching:
This depends on the IE-setting "Empty temporary Internetfolder when
browser is closed". Therefore, I reccommend not only to send headers
with the response but also set Meta-Information in the genereated HTML
(i.e. Meta cache-control no-cache etc.). According to our testing this
overwrites the IE-settings.
Please also have a look at my post in this mailing-list "Hint: Tomcat,
Form-Login and HTTP 408-Error" which gives a little bit more
background-info on that.
Now coming to your question about 3rd party-apps not being launched by
IE when running SSL (such as pdf's): There's a known bug of IE
described in the MS Knowledge-base (too lazy too look up the URL for
you), howver, there's a workaround:
Usually, we send the headers "Connection: Keep-Alive" and "Keep-Alive:
timeout=15,max=83
However, when it comes to third-party-components like PDF, we change
this via a rule in Apache: We send the header "Connection:close", and
it works perfectly.
The Apache-rules are
in mod_setenvif (mod_setenvif must be activated):
#
# see http://httpd.apache.org/docs-2.0/mod/mod_setenvif.html
#
<IfModule mod_setenvif.c>
SetEnvIf Request_URI "\.pdf$" object_is_pdf
SetEnvIf Request_URI "loginForm.html$" object_is_no_cache
SetEnvIf Request_URI "j_security_check$" object_is_no_cache
SetEnvIf Request_URI "help_contents.htm$" object_is_no_cache
</IfModule>
in mod_headers.conf (mod_headers must be activated):
<IfModule mod_headers.c>
Header unset Pragma
Header set Connection: close env=object_is_pdf
Header set Cache-Control "public,must-revalidate"
Header set Cache-Control "no-store" env=object_is_no_cache
</IfModule>
Coming to issue 2:
Your config looks a bit awkward:
Usually, Apache in front, you must not configure Tomcat to run SSL.
this is done by Apache. Apache connects to Tomcat via mod_jk. We have
this config and do not experience any performance-issue (however,
we're running on a "real OS" like Linux ;)
Hope that gives you a start
Greg
--
what's puzzlin' you, is the nature of my game
---------------------------------------------------------------------
To start a new topic, e-mail: [email protected]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
