-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alessandro,
On 12/14/11 6:02 PM, Alessandro Novarini wrote: > My current client has web application deployed on tomcat that acts > as an http proxy recording all the responses from remote web > services in order to work "off-line" when needed. Is the Origin server also running Tomcat, or is this exclusively a problem with the proxy? How are you connecting from your proxy webapp to the origin server? Tomcat does not include any call-out-HTTP connectors so you must be using either Java's URLConnection class or some kind of wrapper for it (or, I suppose, something that is entirely separate, thought I'm not sure why anyone would bother with that). > The problem they asked me to solve is with a service that uses the > https protocol. Does the request come to your proxy over HTTPS? Do you call-out over HTTPS or is the request to the origin server over HTTP? > When I configure the application to talk via https to the "custom" > proxy, it gets in return a return code of 400 (Bad Request). The client gets 400 Bad Request? Can you post the complete HTTP conversation for this client->proxy request/response? > Enabling the access log on tomcat, done setting the valve for the > host, I can see that the verb used during the first call is > CONNECT. This is fine, as the https proxy should first ask the > proxy for a port and then tunnel the communication encrypted. Okay. > I tried to debug the HttpConnector and neighbourhood, and as far as > I can understand, the class > org.apache.catalina.connector.CoyoteAdapter, gets an url like > www.gmail.com:443, that it can't normalize. That URL is trivially normalizable (and not really complete, as it has neither a protocol nor a path) -- Tomcat should have no problem with that. > In other parts of the code > (org.apache.coyote.http11.Http11Processor maybe? I don't have the > code with me right now) I see checks on the http verb used in the > communication, but it only checks whether this is GET or POST. That will be only for certain operations where GET and POST are relevant. If you can't remember what you saw, please re-check it and post with more details. > Is it correct to think that this kind of usage of tomcat is > improper? Making an HTTPS request to Tomcat is not unusual. > To me it would be better to add the custom behaviour to a > stand-alone proxy instead of trying to work (or even worse patching > the code) with tomcat. So, are you asking how to make it work inside of Tomcat or how to make it work outside of Tomcat? If you don't need Java for anything else (do you?), then why are you using Tomcat at all? There are plenty of high-performance proxy servers available like squid that will probably do this job better. > What do you think? Does anybody have some experience to share about > it? Nobody that I know of has bothered to write an HTTP proxy module for Tomcat probably because there are perfectly good solutions out there already that don't require Tomcat at all. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7qDRUACgkQ9CaO5/Lv0PDVQgCeJt/A7VUaRn7k/8XGbGgABdu+ TrIAn3uWP+iugaQHtYK6UtnGUEebevwg =zZ/M -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
