----- Original Message ----- From: "Anton Ushakov" <[EMAIL PROTECTED]> To: "Tomcat Developers List" <[EMAIL PROTECTED]> Sent: Friday, March 26, 2004 4:24 PM Subject: Re: Coyote's ServerSocketFactory problem
> Should I make a bug entry for this? I wanted to get someone from the > tomcat dev team to see if I was missing something before flagging this > as a bug. > The Catalina SocketFactory is deprecated for use with Coyote in 5.x, and it would probably should be for 4.x as well except for the fact that it is still required to set SSL attributes. This means that anything involving this SocketFactory will just get marked as WONTFIX. Passing the socketFactory attribute on to the Protocol might be something (except for the fact that it is working in 5.x means it may not get a lot of attention :). > thank you > -anton > > > > On Wed, 2004-03-24 at 17:16, Anton Ushakov wrote: > > In CoyoteConnector.initialize() there's an assumption that if the > > factory is an instance of CoyoteServerSocketFactory, it's gonna be SSL, > > and it sets secure=true. Then in > > Http11ConnectionHandler.checkSocketFactory() in the Http11Protocol.java, > > it interprets that "secure" flag as SSL and uses SSLImplementation to > > get the socket factory. > > > > In our case, the scheme is not ssl, so unfortunately this doesn't work. > > > > Http11Protocol just wasn't written to accept a socket factory object, > > and the one it makes from the passed classname is of a different type > > than CoyoteConnector's socket factory. It's not enough to make the types > > the same, it really should take a whole factory object, since the > > factory's attributes need to be set from the conf. > > > > > > On Wed, 2004-03-24 at 16:03, Jim Hopp wrote: > > > We have a similar need (though for a different reason) and extend > > > CoyoteServerSocketFactory. We're running TC 4.1.29. > > > > > > Here's our Connector element: > > > <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" > > > port="7002" > > > scheme="https" > > > secure="true" > > > address="127.0.0.1" > > > enableLookups="false"> > > > <Factory className="nyw.catalina.NYWCoyoteServerSocketFactory" > > > clientAuth="true"/> > > > </Connector> > > > > > > Works great. > > > > > > -Jim > > > > > > Anton Ushakov wrote: > > > > Hello Tomcat Developers! > > > > > > > > I'm working with Tomcat 4.1.29 and I'd like to use my own > > > > ServerSocketFactory, as I'm working on a custom implementation of httpg > > > > (HTTP over GSSAPI authenticated sockets). This seems impossible by > > > > design, which I think may be a bug. > > > > > > > > Instead of using the deprecated HttpConnector I'm trying to use the > > > > CoyoteConnector. The trouble is, with CoyoteConnector there is no way to > > > > override the ServerSocketFactory to be used. My > > > > CustomServerSocketFactory implements > > > > org.apache.catalina.net.ServerSocketFactory, and I tried using the > > > > following in server.xml: > > > > > > > > <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" > > > > port="6688" minProcessors="5" maxProcessors="75" > > > > enableLookups="true" redirectPort="8443" > > > > acceptCount="100" debug="50" connectionTimeout="20000" > > > > scheme="httpg" > > > > useURIValidationHack="false" disableUploadTimeout="true"> > > > > <Factory className="my.own.CustomServerSocketFactory" > > > > principal="service/[EMAIL PROTECTED]" > > > > keytab="/etc/keytab" /> > > > > </Connector> > > > > > > > > > > > > This will successfully set the factory in CoyoteConnector, but it does > > > > NOT propagate to org.apache.coyote.http11.Http11Protocol, and the actual > > > > factory getting used at runtime is the default one in Http11Protocol. > > > > The CoyoteConnector's "factory" datamember is totally ignored. > > > > > > > > I would think that in org/apache/coyote/tomcat4/CoyoteConnector.java > > > > around lines 1111-1135 there should be something to propagate the socket > > > > factory to the protocolHandler. However even then, Http11Protocol > > > > insists on using org.apache.tomcat.util.net.ServerSocketFactory, not > > > > the org.apache.catalina.net.ServerSocketFactory required by the > > > > CoyoteConnector. (?) > > > > > > > > Bottom line - how is one supposed to specify a custom > > > > ServerSocketFactory with the CoyoteConnector? > > > > > > > > Bill Barker has emailed me a suggestion of using the > > > > socketFactory="fully.qualified.name.of.MyOwnServerSocketFactory" > > > > attribute on the <Connector> element. While I appreciate the response, > > > > that doesn't set the factory datamember in the Connector, and neither > > > > does it change the socketFactory in the protocolHandler. > > > > > > > > I appreciate your help on this > > > > > > > > -anton > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] >
This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
