Filip Hanik - Dev Lists wrote:
Let's keep SSLEngine: it's explicit, and it works.
not really, this wouldn't work
<Connector port="8444" scheme="https" secure="true"
protocol="org.apache.coyote.http11.Http11AprProtocol"
SSLEngine="oneengine"/>
<Connector port="8555" scheme="https" secure="true"
protocol="org.apache.coyote.http11.Http11AprProtocol"
SSLEngine="otherengine"/>
Fully valid configuration, and the docs don't mention that a uniqueness
have to be enforced, configuration should be as easy as possible,
and I believe we have a spot here to make it easier, if it is a one per
server value, then lets put it where it would only be initialized once.
I do not understand what is the implication when someone sets:
1. scheme="https" secure="true"
2. scheme="https" secure="false"
3. scheme="http" secure="false"
4. scheme="http" secure="true"
IIUC you wish to make Connector thinking its ssl while in fact
the communication in not encrypted, correct?
According to the docs:
scheme="theScheme" -> request.getScheme()
secure="value" -> request.isSecure()
Are the cases [2] (https/false) and [4] (http/true) valid?
From the servlet spec...
isSecure():
Returns a boolean indicating whether this request was made using a secure
channel, such as HTTPS.
So IMHO scheme="https" implicitly set the isSecure==true, or am I missing
something?
I see no usage for having the ssl connection with scheme="https" and isSecure()
returning false.
If that is the case the secure="true|false" can be used to determine
if the transport is ssl or not, and fake the front end handled https/ssl
connection.
Regards,
Mladen.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
