Hello all, My current client has web application deployed on tomcat that acts as an http proxy recording all the responses from remote web services in order to work "off-line" when needed.
The problem they asked me to solve is with a service that uses the https protocol. When I configure the application to talk via https to the "custom" proxy, it gets in return a return code of 400 (Bad Request). Enabling the access log on tomcat, done setting the valve for the host, I can see that the verb used during the first call is CONNECT. This is fine, as the https proxy should first ask the proxy for a port and then tunnel the communication encrypted. I tried to debug the HttpConnector and neighbourhood, and as far as I can understand, the class org.apache.catalina.connector.CoyoteAdapter, gets an url like www.gmail.com:443, that it can't normalize. In other parts of the code (org.apache.coyote.http11.Http11Processor maybe? I don't have the code with me right now) I see checks on the http verb used in the communication, but it only checks whether this is GET or POST. Is it correct to think that this kind of usage of tomcat is improper? To me it would be better to add the custom behaviour to a stand-alone proxy instead of trying to work (or even worse patching the code) with tomcat. What do you think? Does anybody have some experience to share about it? Thanks in advance Alessandro Novarini
