-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John,
On 1/28/14, 9:39 PM, John Palmer wrote: > Chris: Thanks for the response. I think we can end this discussion > - you have pretty much nailed it, I think. > > The great thing about having to pull together all the information > I've gathered over that last month to make this post, is that it > lets me see what I've been too close to see, in this case, that the > differences are IIS 5 vs 7.5 and Jakarta vs Bon Code. > > I took another look at the request headers returned by Jakarta (no > certs, no SSL info, only about 5 request headers) as opposed to > that returned by Bon Code (about 2 dozen request headers, most > ignored by Tomcat), to realize that the request headers probably > weren't the information source from Jakarta. > > Re-reading the Tomcat Connector docs and pages for the 1,000th or > so time, the phrase "SSL attributes of the client connection are > passed via the AJP protocol" jumped out at me, finally, as meaning > that this wasn't sent by request headers, but as ATTRIBUTES. > > Sure enough, reading through the source (NOT my strong point) of > the "Jakarta Isapi Redirector 1.2.37" reveals that it IS putting > the SSL info into the request forwarded to the AJP connector > (TomCat) as Attributes, and by contrast, the Bon Code source is > NOT. > > I'll recommend/ask that Bilal look into this (I'm not prepared to > attempt this myself, yet)... I may be all wrong still... and try to > use the Jakarta for now, instead. This can probably be solved using a custom Valve which converts those HTTP headers into request attributes. Honestly, I was surprised reading-through the Bon Code documentation that such a Valve does not ship by default with Bon Code... it seems to be entirely necessary. >> If it turns out that Bon Code is the problem, I believe that >> Bilal lurks on the list. I've added "Bon Code" to the subject to >> get his attention. > > Thanks - I meant to do that, and forgot... > > >> Why not try configuring mod_jk ISAPI redirector in your new >> environment to see if Bon Code is the problem? > > I will... > > Thanks for the encouragement, and making me feel that I'm not alone > in this. No problem. Bon Code is relatively new, and I honestly hope it succeeds. I'm certain Bilal would be willing to investigate this and either tell you what you've been missing, or fix Bon Code to work with an out-of-the-box Tomcat configuration. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS6RsOAAoJEBzwKT+lPKRYfVEP/2lZzfQO/fZr/9c7nmybBaEI dqTVWYN1cUU+bl7mfRrLBRqsd8KGtMzYEd7G8PRuPQjMo/W7y1sJy0u5qjY2GGx5 ncQ5Zy7zV9gnF7AalnGctmFZ1B6M/ER4bWRSY4/JmX+WYU26pNmREQY0AgYfPO/W hr4brQM5x7Tvtddb17PQXLG4DyxpHZbvkHpsstShy9Syop/V0RIrJiKfMwWaWUBP dPbjfaFWVYPQ4Bn54cPg2IaPu5hF+39UICpMDhX+KseqfnlTXy/509h9EJMIxNc4 fvWG6ITT5/AX/EtIXzPmqJ55ALJCK7xPrzdyGrK6f0VO3/E+gGTeEFWh4S0c3kXW wYodt335eqzo39YRPBtrnUTw0qDUtQSo8neX+0YzXrnprz33cW0xRF76xR963W6f 8LFOWsrpcr35tC708tkwqBJbbEEJF7tYWHHtLOvwuju1WyCqOL3FzfrQ9eeZbf29 lww4XJMoiuBHi4MxJIC/mUIv3ayDg6y0/bTQP9kYsxaZbIm0qspUJBlMnZ7ZVWIF tw9tToAFCmyF4dJWJuRKgsgO4/yVr0EX2YTGmqhN++ckf/TcKUmOU2QbtYFY7FxO kIu1IxB/mWz4xiCC42QhCFDdIdXTX+igQtHYsFSodzd1KGLVAKjuG9nTwWAptdSJ yvz/QrZg67SPLBdueZDZ =nTlu -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
