There's been one request for follow up so I'll post our current findings. This is what we've identified that we need to do to get Tomcat running after moving from 5.5 to 7.0. At this point web application porting can commence.
1. We used several Tomcat classes (e.g. EndPoint, ServerSocketFactory) Application code had to be ported. 2. We chose Tomcat 7.0.23 so the attribute 'sslImplementationName' is spelled correctly. 3. In our SSL Implementation - public ServerSocketFactory getServerSocketFactory() + public ServerSocketFactory getServerSocketFactory(AbstractEndpoint) 4. In our ServerSocketFactoryImplementation - public class BrightmailServerSocketFactory extends ServerSocketFactory + public class BrightmailServerSocketFactory implements ServerSocketFactory Plus appropriate porting since ServerSocketFactory is an interface in 7.0 5. To initialize FIPS mode, we used to kick that off in our security listener at Lifecyle.INIT_EVENT, but in 7.0 INIT_EVENT is deprecated and we use Lifecycle.AFTER_INIT_EVENT Example in server.xml: <Listener className="your.class.here.SecurityProviderSetup"></Listener> 6. <Connector> element was correct in OP, but needed steps 1-5 previous. 7. In catalina properties we moved our security classes to the common classloader. 8. set org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false or else we have to escape every instance of double quote in every jsp ever. Clearly jsps should be reviewed. 9. In application web.xml add <jsp-config> around <taglib> elements. 10. The best way to create server.xml and web.xml was to take the default files as starting points and add application specific settings piece by piece. On 1/6/12 4:38 PM, "ma...@apache.org" <ma...@apache.org> wrote: >Mark Lim <mark_...@symantec.com> wrote: > >>It seems that tomcat is trying the default JSSE implementation despite >>the sslImplementationName attribute being set. Are there internal >>precedence controls or does the classloader hierarchy matter or what? > >No, but what makes you assume what you are trying will work? > >You have two options. >1. Configure the JSSE implementation to be used at the JVM. >2. Write a wrapper along the lines of the default one used in 7.0.x but >for the custom JSSE implementation you are using and then specify that in >the connector. > >Mark > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
