-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Chuck,
On 1/8/15 6:21 PM, Caldarale, Charles R wrote: >> From: dmccrthy [mailto:dmccr...@gmail.com] Subject: Re: Tomcat >> 7.0.56 - How to configure Tomcat/JRE 7u72 for client HTTPS Mutual >> Authentication connections > >> I found the link below from 2008. It looks like a minor change to >> the Catalina WebAppLoader class might solve the problem and let >> me provide a custom HTTPS URL protocol handler. Have I misread >> this? > >> http://tomcat.10.x6.nabble.com/Custom-URL-handlers-in-Tomcat-web-app-td2006418.html > >> > This is for requests coming _into_ Tomcat, not any outbound > requests your webapp is doing - which Tomcat is not involved in (or > even aware of) at all. Again, you need some sort of proxy, if your > webapp cannot be changed to do the right thing. No, this is for constructing URLs and using classes like URLConnection to access them. If the underlying code (e.g. Apache httpclient) uses URLConnection under the hood, then this technique will work. This is actually what my initial suggestion was in my first reply to this thread: install a stream handler for a particular protocol. The thing is, I don't think you'd want to do this for *all* http:// URLs... only those that should be converted into secure ones. So you'd have to be able to change the URL. Another thought: use stunnel. It's probably the simplest possible thing to set up. Have stunnel listen on a nearby host (perhaps localhost) for non-secure HTTP connections, and connect the other end to the "real" server's HTTPS port. We do this at $work to deal with a product that doesn't support HTTPS internally, just as the OP is doing. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUr+ivAAoJEBzwKT+lPKRYGyAQALIalsmLuFWjgu2bGbqC1VyE 1LmOEaotCgxTzf6Y1ZYcOSFh9x1lzEp4iipbNN/qKQQsixtBVAv5f8OOvg28Y7TM syu+Kh1WAzja1e8MJAvhQoIv/ORYPLl9UFcc9+QyNuBZqh0QwLLEBx/RrepQM3IV XixHeLGt+rXL51NtH+xYSHmyJIHHI+bBaJwUSWnhxn214s0xssbOEaXMmggXmDwu Qz0bgHVWwbKBo3IDEHI2vOxNDkujmon274kg8681rywt+yqHNZXjv0WXK53pElTL W43RGQ7slhMoQd5Yf6Rt+2RqVbZeMK0jhTCFTGUJiznjYrMlZSJayEmRAGTvdX9Q ZcOLynCUxwh2iLKZj7rPwYUd4VjiSjpbFHIXjsz3M0kVtMXSfB2jemHiiBN2pAhW 6DdTG1sAET0Qb2DHrck3gqLYreHiF+CB8bn8uUPzATP3E9mUAyvWlpcyxF2N4Zj/ BPtS4fd+vXASTKuDZXOKbGEnv0Mlr1/06AHG4e3MMnaIWoaw1waH/jUHwXUYHmHQ bX5yJx8dyzx5lE8nfnvKosvro2Zh0l14Ds4ZRpfh9fDvy/hVuYEwb7vOe1GlRj7z oqLeACIEO0UDiJIdGOxKLanJ4v+jbH2e3bKK5taaqOKicUppQUN0XrDa9nwsrqV7 Q9ENacRORksscFncx/Ch =V0lH -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
