-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Anil,
On 6/11/13 1:53 AM, Anil Goyal -X (anigoyal - Aricent Technologies at Cisco) wrote: > > > -----Original Message----- From: Christopher Schultz > [mailto:ch...@christopherschultz.net] Sent: Monday, June 10, 2013 > 7:51 PM To: Tomcat Users List Subject: Re: Customizing SSL in > HttpClient > > Anil, > > On 6/10/13 8:42 AM, Anil Goyal -X (anigoyal - Aricent Technologies > at Cisco) wrote: >> I am trying to create a http client and send a request to certain >> port of a server using below code: > >> HttpClient client = new HttpClient(); >> client.getHostConfiguration().setHost(address, portNumber, >> protocol); > >> Here portNumber that I am setting is 8444(https port of tomcat) > >> When I execute client.executemethod() and at the server side when >> I tried to retrieve request.getRequestURL(), I am getting the url >> with port 443 not 8444 which I set in client. Even >> request.getServerPort is giving 443 not 8444. > > Is there any kind of port-forwarding or anything else going on? > >> The things are working fine for 8081(http port of tomcat) i..e >> HttpClient client = new HttpClient(); >> client.getHostConfiguration().setHost(address, portNumber, >> protocol); > >> Here portNumber that I am setting is 8081(https port of tomcat) > >> When I execute client.executemethod() and at the server side when >> I tried to retrieve request.getRequestURL(), I am getting the url >> with port 8081 which I set in client. Even request.getServerPort >> is giving 8081. > > Can you show us a bit more of the code? It's not clear from you > client code that the port number is set correctly, and you only > mentioned the server. Can you give us some of that, too? Also, what > do your <Connector> elements look like in server.xml? > > -chris > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > Please consider the code flow as below: > > HttpClient client = new HttpClient(); portNumber = secure ? > LocalNetworkConstants.DEFAULT_HTTPS_PORT : > LocalNetworkConstants.DEFAULT_HTTP_PORT; // DEFAULT_HTTPS_PORT=8444 > and DEFAULT_HTTP_PORT=8081 define in LocalNetworkConstants.java > LOG.debug("the value of https port > is"+String.valueOf(portNumber)); if (secure) { Protocol protocol = > new Protocol(LocalNetworkConstants.URISCHEME_HTTPS, new > ExtendedProtocolSocketFactory(address, > locationData.isAcceptSelfSignedCertificates(), > locationData.isAcceptCertificateErrors()) , portNumber); > client.getHostConfiguration().setHost(address, portNumber, > protocol); LOG.debug("setting the host for > https"+String.valueOf(portNumber)); } else { > client.getHostConfiguration().setHost(address, portNumber); > LOG.debug("setting the host for http"+String.valueOf(portNumber)); > } > > > GetMethod method = new > GetMethod(LocalNetworkConstants.INFO_FEEDER_PATH); int returnCode = > client.executeMethod(method); > > This is the code at the client side. > > At the server side, > > I have 8444 and 8081 port defined in server.xml > > <Connector URIEncoding="UTF-8" acceptCount="100" > connectionTimeout="20000" disableUploadTimeout="true" > enableLookups="false" maxHttpHeaderSize="8193" maxSpareThreads="25" > maxThreads="25" minSpareThreads="10" port="8081" > protocol="HTTP/1.1" redirectPort="8444" server=" "/> <Connector > SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" ciphers=" " > clientAuth="false" disableUploadTimeout="true" > enableLookups="false" keystoreFile="" keystorePass="" > keystoreType="" maxHttpHeaderSize="8192" maxSpareThreads="25" > maxThreads="25" minSpareThreads="10" port="8444" > protocol="HTTP/1.1" scheme="https" secure="true" server=" " > sslProtocol="TLS"/> > > Also I have these two ports entry in iptables. Which two ports? What have you done with them in iptables? > Now in the tomcat redirection valve, I have below code written > > int port = request.getServerPort(); StringBuffer url = > request.getRequestURL(); What is the "Tomcat redirection valve"? > So now the problem are is, when from client I disable ssl and send > the request at port 8081 then in tomcat valve, port -8081 and url > also contains port 8081. > > But when from client , I enable ssl and send the request at port > 8444, then here in valve the request.getServerPort returns 443 and > even in url also port is 443. If the URL contains port 443, then your client connection is not actually contacting port 8444. Can you confirm with a packet-sniffer or something else that you are connecting to 8444 and not 443? It's possible that there is a bug in HttpClient that makes it connect to whatever port you requested (8444) but then also sends "hostname:443" as the "Host" header. If that happens, Tomcat will use that ":443" as the return value for getServerPort (note that this is specified in the Servlet Javadocs). If you want the real port Tomcat answered on, use HttpServletRequest.getLocalPort. > So I am not able to understand why the https port is converting > into 443 from 8444 while http port 8081 is working fine. > > Even in tomcat access valve, the request is coming at port 8444 as > shown below [11/Jun/2013:11:16:58 +0530] 10.93.230.203 > 10.93.230.203 admin - 8444 GET /feeder/info HTTP/1.1 500 2581 123 > > For http port also the request is coming at port 8081 of tomcat > [11/Jun/2013:11:18:29 +0530] 10.93.230.203 10.93.230.203 admin - > 8081 GET /feeder/info HTTP/1.1 200 4377 286 > > But I am totally confused why request.getServerPort is giving 443 > for https ??? This must be coming from the "Host" header. Are you generating your own "Host" header, or is HttpClient doing it for you? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJRtzS1AAoJEBzwKT+lPKRYhrwP/3dFPVLm99UK3lMx7n+gGUIt FX43GMXvqceNB1MUgewz8w0rE+5GDbVA0LAcGIXWCBH3KcZcrJ0shLYNmM+vQ6Rm C1RyjGOqC7WO4prYcqliT3hXATow8/j+XRlywL9yzxKV66ZHcY9+fQzJTK5OD+FF 67qsdTQ/iU75DJ1f/nnZPP4I9N0QugXHbgvjwlU7qwhYZitIlj1zArT7rYDXbHHf ffMQOerEgLMtN/o8LiV/bZQcvUywdRDHaMlQjWbJhZXZOQZM1oe12pAmI/psLmYx oY3nS7855q/vT0p/IcqeZFFKAUKHPuDXYl9a16gp05cYBxGhmGk+M8AuYHg/mobP 7rerzLseMM79kYuJUFAi8M4km0Vx4V5dKAXzrQQBrmTAKohfoYaHZuOwWp5XcHav h3DnrnzqhUcWgGhPOm2pJ2gECIJ2oGiOsgoKtfa5KOHDr2UtbpggEwExhLYe+AeW G+YycLukAgMrGjFkRoGWH0vkbAs/TAgPU5+gvAguATRbbzRsXcvRamTN3/oM65iB BG3X+UY8tuLKIU07prZMn5jT/XFVjjCboOfQcGG+PJHfIxKG6mBEetImA+6KzT1K gm7YTQ+1y9gcOk9z/smS34nDLD3HyAQdzfZrK5ozR7z2Ou9/qckqYfmkscwpAsj8 T/Smccr+Lh+hWltSO9x7 =XB0n -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
