Author: markt
Date: Fri Sep 3 16:40:16 2010
New Revision: 992363
URL: http://svn.apache.org/viewvc?rev=992363&view=rev
Log:
Add SSL with APR support to the admin app
Modified:
tomcat/tc5.5.x/trunk/STATUS.txt
tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11AprProtocol.java
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/connector/mbeans-descriptors.xml
tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/ApplicationResources.properties
tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/connector/AddConnectorAction.java
tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/connector/ConnectorForm.java
tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/connector/EditConnectorAction.java
tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/connector/SaveConnectorAction.java
tomcat/tc5.5.x/trunk/container/webapps/admin/connector/connector.jsp
tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=992363&r1=992362&r2=992363&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Fri Sep 3 16:40:16 2010
@@ -88,10 +88,3 @@ PATCHES PROPOSED TO BACKPORT:
and thus I am letting this pass. The SingleSignOn valve is usually added
to
a <Host> (looking at the default server.xml), so we have to call
request.getContext() to get a Context there?
-
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49774
- Add SSL support using the APR connector to the admin app
- https://issues.apache.org/bugzilla/attachment.cgi?id=25954
- +1: markt, jim, mturk
- -1:
-
Modified:
tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11AprProtocol.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11AprProtocol.java?rev=992363&r1=992362&r2=992363&view=diff
==============================================================================
---
tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11AprProtocol.java
(original)
+++
tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11AprProtocol.java
Fri Sep 3 16:40:16 2010
@@ -498,14 +498,20 @@ public class Http11AprProtocol implement
* SSL engine.
*/
public String getSSLEngine() { return ep.getSSLEngine(); }
- public void setSSLEngine(String SSLEngine) { ep.setSSLEngine(SSLEngine); }
+ public void setSSLEngine(String SSLEngine) {
+ ep.setSSLEngine(SSLEngine);
+ setAttribute("SSLEngine", SSLEngine);
+ }
/**
* SSL protocol.
*/
public String getSSLProtocol() { return ep.getSSLProtocol(); }
- public void setSSLProtocol(String SSLProtocol) {
ep.setSSLProtocol(SSLProtocol); }
+ public void setSSLProtocol(String SSLProtocol) {
+ ep.setSSLProtocol(SSLProtocol);
+ setAttribute("SSLProtocol", SSLProtocol);
+ }
/**
@@ -513,77 +519,110 @@ public class Http11AprProtocol implement
* will ask for a password).
*/
public String getSSLPassword() { return ep.getSSLPassword(); }
- public void setSSLPassword(String SSLPassword) {
ep.setSSLPassword(SSLPassword); }
+ public void setSSLPassword(String SSLPassword) {
+ ep.setSSLPassword(SSLPassword);
+ setAttribute("SSLPassword", SSLPassword);
+ }
/**
* SSL cipher suite.
*/
public String getSSLCipherSuite() { return ep.getSSLCipherSuite(); }
- public void setSSLCipherSuite(String SSLCipherSuite) {
ep.setSSLCipherSuite(SSLCipherSuite); }
+ public void setSSLCipherSuite(String SSLCipherSuite) {
+ ep.setSSLCipherSuite(SSLCipherSuite);
+ setAttribute("SSLCipherSuite", SSLCipherSuite);
+ }
/**
* SSL certificate file.
*/
public String getSSLCertificateFile() { return ep.getSSLCertificateFile();
}
- public void setSSLCertificateFile(String SSLCertificateFile) {
ep.setSSLCertificateFile(SSLCertificateFile); }
+ public void setSSLCertificateFile(String SSLCertificateFile) {
+ ep.setSSLCertificateFile(SSLCertificateFile);
+ setAttribute("SSLCertificateFile", SSLCertificateFile);
+ }
/**
* SSL certificate key file.
*/
public String getSSLCertificateKeyFile() { return
ep.getSSLCertificateKeyFile(); }
- public void setSSLCertificateKeyFile(String SSLCertificateKeyFile) {
ep.setSSLCertificateKeyFile(SSLCertificateKeyFile); }
+ public void setSSLCertificateKeyFile(String SSLCertificateKeyFile) {
+ ep.setSSLCertificateKeyFile(SSLCertificateKeyFile);
+ setAttribute("SSLCertificateKeyFile", SSLCertificateKeyFile);
+ }
/**
* SSL certificate chain file.
*/
public String getSSLCertificateChainFile() { return
ep.getSSLCertificateChainFile(); }
- public void setSSLCertificateChainFile(String SSLCertificateChainFile) {
ep.setSSLCertificateChainFile(SSLCertificateChainFile); }
+ public void setSSLCertificateChainFile(String SSLCertificateChainFile) {
+ ep.setSSLCertificateChainFile(SSLCertificateChainFile);
+ setAttribute("SSLCertificateChainFile", SSLCertificateChainFile);
+ }
/**
* SSL CA certificate path.
*/
public String getSSLCACertificatePath() { return
ep.getSSLCACertificatePath(); }
- public void setSSLCACertificatePath(String SSLCACertificatePath) {
ep.setSSLCACertificatePath(SSLCACertificatePath); }
+ public void setSSLCACertificatePath(String SSLCACertificatePath) {
+ ep.setSSLCACertificatePath(SSLCACertificatePath);
+ setAttribute("SSLCACertificatePath", SSLCACertificatePath);
+ }
/**
* SSL CA certificate file.
*/
public String getSSLCACertificateFile() { return
ep.getSSLCACertificateFile(); }
- public void setSSLCACertificateFile(String SSLCACertificateFile) {
ep.setSSLCACertificateFile(SSLCACertificateFile); }
+ public void setSSLCACertificateFile(String SSLCACertificateFile) {
+ ep.setSSLCACertificateFile(SSLCACertificateFile);
+ setAttribute("SSLCACertificateFile", SSLCACertificateFile);
+ }
/**
* SSL CA revocation path.
*/
public String getSSLCARevocationPath() { return
ep.getSSLCARevocationPath(); }
- public void setSSLCARevocationPath(String SSLCARevocationPath) {
ep.setSSLCARevocationPath(SSLCARevocationPath); }
+ public void setSSLCARevocationPath(String SSLCARevocationPath) {
+ ep.setSSLCARevocationPath(SSLCARevocationPath);
+ setAttribute("SSLCARevocationPath", SSLCARevocationPath);
+ }
/**
* SSL CA revocation file.
*/
public String getSSLCARevocationFile() { return
ep.getSSLCARevocationFile(); }
- public void setSSLCARevocationFile(String SSLCARevocationFile) {
ep.setSSLCARevocationFile(SSLCARevocationFile); }
+ public void setSSLCARevocationFile(String SSLCARevocationFile) {
+ ep.setSSLCARevocationFile(SSLCARevocationFile);
+ setAttribute("SSLCARevocationFile", SSLCARevocationFile);
+ }
/**
* SSL verify client.
*/
public String getSSLVerifyClient() { return ep.getSSLVerifyClient(); }
- public void setSSLVerifyClient(String SSLVerifyClient) {
ep.setSSLVerifyClient(SSLVerifyClient); }
+ public void setSSLVerifyClient(String SSLVerifyClient) {
+ ep.setSSLVerifyClient(SSLVerifyClient);
+ setAttribute("SSLVerifyClient", SSLVerifyClient);
+ }
/**
* SSL verify depth.
*/
public int getSSLVerifyDepth() { return ep.getSSLVerifyDepth(); }
- public void setSSLVerifyDepth(int SSLVerifyDepth) {
ep.setSSLVerifyDepth(SSLVerifyDepth); }
+ public void setSSLVerifyDepth(int SSLVerifyDepth) {
+ ep.setSSLVerifyDepth(SSLVerifyDepth);
+ setAttribute("SSLVerifyDepth", "" + SSLVerifyDepth);
+ }
// -------------------- Connection handler --------------------
Modified:
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/connector/mbeans-descriptors.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/connector/mbeans-descriptors.xml?rev=992363&r1=992362&r2=992363&view=diff
==============================================================================
---
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/connector/mbeans-descriptors.xml
(original)
+++
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/connector/mbeans-descriptors.xml
Fri Sep 3 16:40:16 2010
@@ -171,6 +171,58 @@
description="Comma-separated list of SSL protocol variants to be
enabled"
type="java.lang.String"/>
+ <attribute name="SSLEngine"
+ description="Name of SSL engine to use"
+ type="java.lang.String"/>
+
+ <attribute name="SSLProtocol"
+ description="Protocol to use to communicate with clients"
+ type="java.lang.String"/>
+
+ <attribute name="SSLCipherSuite"
+ description="Ciphers to use to communicate with clients"
+ type="java.lang.String"/>
+
+ <attribute name="SSLCertificateFile"
+ description="File containing server certificate"
+ type="java.lang.String"/>
+
+ <attribute name="SSLCertificateKeyFile"
+ description="File containing server private key"
+ type="java.lang.String"/>
+
+ <attribute name="SSLPassword"
+ description="Pass phrase for the server private key"
+ type="java.lang.String"/>
+
+ <attribute name="SSLVerifyClient"
+ description="Extend to which clients must be validated"
+ type="java.lang.String"/>
+
+ <attribute name="SSLVerifyDepth"
+ description="Maximum verification depth for client certificates"
+ type="int"/>
+
+ <attribute name="SSLCACertificateFile"
+ description="File containing CA certificates"
+ type="java.lang.String"/>
+
+ <attribute name="SSLCACertificatePath"
+ description="Directory containing CA certificates"
+ type="java.lang.String"/>
+
+ <attribute name="SSLCertificateChainFile"
+ description="File containing certificates in server certificate
chain"
+ type="java.lang.String"/>
+
+ <attribute name="SSLCARevocationFile"
+ description="File containing CA revocation lists"
+ type="java.lang.String"/>
+
+ <attribute name="SSLCARevocationPath"
+ description="Directory containing CA revocation lists"
+ type="java.lang.String"/>
+
<attribute name="strategy"
description="Thread pool strategy"
type="java.lang.String"/>
Modified:
tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/ApplicationResources.properties
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/ApplicationResources.properties?rev=992363&r1=992362&r2=992363&view=diff
==============================================================================
---
tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/ApplicationResources.properties
(original)
+++
tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/ApplicationResources.properties
Fri Sep 3 16:40:16 2010
@@ -163,8 +163,22 @@ connector.truststore.type=Trust Store Ty
connector.sslProtocol=SSL Protocol
connector.keyPass.warning=<li>Please use keytool to generate certificate.</li>
connector.secure=Secure
-connector.tcpNoDelay=TCP No Delay
-connector.xpoweredby=X Powered By
+connector.tcpNoDelay=TCP No Delay
+connector.xpoweredby=X Powered By
+connector.sslProperties=SSL Properties
+connector.SSLEngine=Engine
+connector.SSLProtocol=Protocols
+connector.SSLCipherSuite=Ciphers
+connector.SSLCertificateFile=Server certificate file
+connector.SSLCertificateKeyFile=Server private key file
+connector.SSLPassword=Private key pass phrase
+connector.SSLVerifyClient=Client verification mode
+connector.SSLVerifyDepthText=Client verification depth
+connector.SSLCACertificateFile=File of CA certificates
+connector.SSLCACertificatePath=Directory of CA certificates
+connector.SSLCertificateChainFile=Server certificate chain
+connector.SSLCARevocationFile=File of CA revocation lists
+connector.SSLCARevocationPath=Directory of CA revocation lists
host.properties=Host Properties
host.name=Name
host.base=Application Base
Modified:
tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/connector/AddConnectorAction.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/connector/AddConnectorAction.java?rev=992363&r1=992362&r2=992363&view=diff
==============================================================================
---
tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/connector/AddConnectorAction.java
(original)
+++
tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/connector/AddConnectorAction.java
Fri Sep 3 16:40:16 2010
@@ -83,7 +83,8 @@ public class AddConnectorAction extends
type = "HTTP"; // default type is HTTP
connectorFm.setConnectorType(type);
connectorFm.setServiceName(serviceName);
- if ("HTTPS".equalsIgnoreCase(type)) {
+ if ("HTTPS-JSSE".equalsIgnoreCase(type) ||
+ "HTTPS-APR".equalsIgnoreCase(type)) {
connectorFm.setScheme("https");
} else {
connectorFm.setScheme("http");
@@ -110,7 +111,7 @@ public class AddConnectorAction extends
connectorFm.setTcpNoDelay("true");
connectorFm.setXpoweredBy("false");
- //supported only by HTTPS
+ //supported only by HTTPS-JSSE
connectorFm.setAlgorithm("SunX509");
connectorFm.setClientAuthentication("false");
connectorFm.setCiphers("");
@@ -121,7 +122,22 @@ public class AddConnectorAction extends
connectorFm.setTrustStorePassword("");
connectorFm.setTrustStoreType("JKS");
connectorFm.setSslProtocol("TLS");
-
+
+ //supported only by HTTPS-APR
+ connectorFm.setSSLEngine("");
+ connectorFm.setSSLProtocol("");
+ connectorFm.setSSLCipherSuite("");
+ connectorFm.setSSLCertificateFile("");
+ connectorFm.setSSLCertificateKeyFile("");
+ connectorFm.setSSLPassword("");
+ connectorFm.setSSLVerifyClient("none");
+ connectorFm.setSSLVerifyDepthText("10");
+ connectorFm.setSSLCACertificateFile("");
+ connectorFm.setSSLCACertificatePath("");
+ connectorFm.setSSLCertificateChainFile("");
+ connectorFm.setSSLCARevocationFile("");
+ connectorFm.setSSLCACertificatePath("");
+
// supported only by Coyote connectors
connectorFm.setProxyName("");
connectorFm.setProxyPortText("0");
@@ -129,10 +145,11 @@ public class AddConnectorAction extends
connectorFm.setBooleanVals(Lists.getBooleanValues());
connectorFm.setClientAuthVals(Lists.getClientAuthValues());
- String schemeTypes[]= new String[3];
+ String schemeTypes[]= new String[4];
schemeTypes[0] = "HTTP";
- schemeTypes[1] = "HTTPS";
- schemeTypes[2] = "AJP";
+ schemeTypes[1] = "HTTPS-JSSE";
+ schemeTypes[2] = "HTTPS-APR";
+ schemeTypes[3] = "AJP";
ArrayList types = new ArrayList();
// the first element in the select list should be the type selected
Modified:
tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/connector/ConnectorForm.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/connector/ConnectorForm.java?rev=992363&r1=992362&r2=992363&view=diff
==============================================================================
---
tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/connector/ConnectorForm.java
(original)
+++
tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/connector/ConnectorForm.java
Fri Sep 3 16:40:16 2010
@@ -269,6 +269,21 @@ public final class ConnectorForm extends
*/
private String xpoweredBy = "false";
+ private String SSLEngine;
+ private String SSLProtocol;
+ private String SSLCipherSuite;
+ private String SSLCertificateFile;
+ private String SSLCertificateKeyFile;
+ private String SSLPassword;
+ private String SSLVerifyClient;
+ private String SSLVerifyDepthText;
+ private String SSLCACertificateFile;
+ private String SSLCACertificatePath;
+ private String SSLCertificateChainFile;
+ private String SSLCARevocationFile;
+ private String SSLCARevocationPath;
+
+
// ------------------------------------------------------------- Properties
/**
@@ -1127,6 +1142,136 @@ public final class ConnectorForm extends
}
+ public String getSSLEngine() {
+ return SSLEngine;
+ }
+
+
+ public void setSSLEngine(String sSLEngine) {
+ SSLEngine = sSLEngine;
+ }
+
+
+ public String getSSLProtocol() {
+ return SSLProtocol;
+ }
+
+
+ public void setSSLProtocol(String sSLProtocol) {
+ SSLProtocol = sSLProtocol;
+ }
+
+
+ public String getSSLCipherSuite() {
+ return SSLCipherSuite;
+ }
+
+
+ public void setSSLCipherSuite(String sSLCipherSuite) {
+ SSLCipherSuite = sSLCipherSuite;
+ }
+
+
+ public String getSSLCertificateFile() {
+ return SSLCertificateFile;
+ }
+
+
+ public void setSSLCertificateFile(String sSLCertificateFile) {
+ SSLCertificateFile = sSLCertificateFile;
+ }
+
+
+ public String getSSLCertificateKeyFile() {
+ return SSLCertificateKeyFile;
+ }
+
+
+ public void setSSLCertificateKeyFile(String sSLCertificateKeyFile) {
+ SSLCertificateKeyFile = sSLCertificateKeyFile;
+ }
+
+
+ public String getSSLPassword() {
+ return SSLPassword;
+ }
+
+
+ public void setSSLPassword(String sSLPassword) {
+ SSLPassword = sSLPassword;
+ }
+
+
+ public String getSSLVerifyClient() {
+ return SSLVerifyClient;
+ }
+
+
+ public void setSSLVerifyClient(String sSLVerifyClient) {
+ SSLVerifyClient = sSLVerifyClient;
+ }
+
+
+ public String getSSLVerifyDepthText() {
+ return SSLVerifyDepthText;
+ }
+
+
+ public void setSSLVerifyDepthText(String sSLVerifyDepthText) {
+ SSLVerifyDepthText = sSLVerifyDepthText;
+ }
+
+
+ public String getSSLCACertificateFile() {
+ return SSLCACertificateFile;
+ }
+
+
+ public void setSSLCACertificateFile(String sSLCACertificateFile) {
+ SSLCACertificateFile = sSLCACertificateFile;
+ }
+
+
+ public String getSSLCACertificatePath() {
+ return SSLCACertificatePath;
+ }
+
+
+ public void setSSLCACertificatePath(String sSLCACertificatePath) {
+ SSLCACertificatePath = sSLCACertificatePath;
+ }
+
+
+ public String getSSLCertificateChainFile() {
+ return SSLCertificateChainFile;
+ }
+
+
+ public void setSSLCertificateChainFile(String sSLCertificateChainFile) {
+ SSLCertificateChainFile = sSLCertificateChainFile;
+ }
+
+
+ public String getSSLCARevocationFile() {
+ return SSLCARevocationFile;
+ }
+
+
+ public void setSSLCARevocationFile(String sSLCARevocationFile) {
+ SSLCARevocationFile = sSLCARevocationFile;
+ }
+
+
+ public String getSSLCARevocationPath() {
+ return SSLCARevocationPath;
+ }
+
+
+ public void setSSLCARevocationPath(String sSLCARevocationPath) {
+ SSLCARevocationPath = sSLCARevocationPath;
+ }
+
+
// --------------------------------------------------------- Public Methods
/**
@@ -1171,7 +1316,19 @@ public final class ConnectorForm extends
this.trustStoreFileName = null;
this.trustStorePassword = null;
this.trustStoreType = null;
-
+ this.SSLEngine = null;
+ this.SSLProtocol = null;
+ this.SSLCipherSuite = null;
+ this.SSLCertificateFile = null;
+ this.SSLCertificateKeyFile = null;
+ this.SSLPassword = null;
+ this.SSLVerifyClient = null;
+ this.SSLVerifyDepthText = null;
+ this.SSLCACertificateFile = null;
+ this.SSLCACertificatePath = null;
+ this.SSLCertificateChainFile = null;
+ this.SSLCARevocationFile = null;
+ this.SSLCARevocationPath = null;
}
@@ -1227,6 +1384,9 @@ public final class ConnectorForm extends
numberCheck("proxyPortText", proxyPortText, true, 0, 65535);
}
+ if ("HTTP-APR".equalsIgnoreCase(connectorType)) {
+ numberCheck("SSLVerifyDepthText", SSLVerifyDepthText, true, 1,
100);
+ }
return errors;
}
Modified:
tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/connector/EditConnectorAction.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/connector/EditConnectorAction.java?rev=992363&r1=992362&r2=992363&view=diff
==============================================================================
---
tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/connector/EditConnectorAction.java
(original)
+++
tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/connector/EditConnectorAction.java
Fri Sep 3 16:40:16 2010
@@ -130,14 +130,16 @@ public class EditConnectorAction extends
(String) mBServer.getAttribute(cname, attribute);
int period = handlerClassName.lastIndexOf('.');
String connType = handlerClassName.substring(period + 1);
- String connectorType = "HTTPS";
+ String connectorType = "HTTP";
if ("JkCoyoteHandler".equalsIgnoreCase(connType) ||
"AjpAprProtocol".equalsIgnoreCase(connType)) {
connectorType = "AJP";
- } else if (("Http11Protocol".equalsIgnoreCase(connType) ||
- "Http11AprProtocol".equalsIgnoreCase(connType)) &&
- ("http".equalsIgnoreCase(scheme))) {
- connectorType = "HTTP";
+ } else if ("Http11Protocol".equalsIgnoreCase(connType) &&
+ "https".equalsIgnoreCase(scheme)) {
+ connectorType = "HTTPS-JSSE";
+ } else if ("Http11AprProtocol".equalsIgnoreCase(connType) &&
+ "https".equalsIgnoreCase(scheme)) {
+ connectorType = "HTTPS-APR";
}
connectorFm.setConnectorType(connectorType);
@@ -226,9 +228,8 @@ public class EditConnectorAction extends
(((Integer) mBServer.getAttribute(cname,
attribute)).toString());
}
- if ("HTTPS".equalsIgnoreCase(connectorType)) {
- // Initialize rest of variables.
- // These are set only for SSL connectors.
+ if ("HTTPS-JSSE".equalsIgnoreCase(connectorType)) {
+ // These are set only for JSSE SSL connectors.
attribute = "algorithm";
connectorFm.setAlgorithm
((String) mBServer.getAttribute(cname, attribute));
@@ -261,6 +262,48 @@ public class EditConnectorAction extends
((String) mBServer.getAttribute(cname, attribute));
}
+ if ("HTTPS-APR".equalsIgnoreCase(connectorType)) {
+ // These are set only for APR SSL connectors.
+ attribute = "SSLEngine";
+ connectorFm.setSSLEngine
+ ((String) mBServer.getAttribute(cname, attribute));
+ attribute = "SSLProtocol";
+ connectorFm.setSSLProtocol
+ (((String) mBServer.getAttribute(cname, attribute)));
+ attribute = "SSLCipherSuite";
+ connectorFm.setSSLCipherSuite
+ ((String) mBServer.getAttribute(cname, attribute));
+ attribute = "SSLCertificateFile";
+ connectorFm.setSSLCertificateFile
+ ((String) mBServer.getAttribute(cname, attribute));
+ attribute = "SSLCertificateKeyFile";
+ connectorFm.setSSLCertificateKeyFile
+ ((String) mBServer.getAttribute(cname, attribute));
+ attribute = "SSLPassword";
+ connectorFm.setSSLPassword
+ ((String) mBServer.getAttribute(cname, attribute));
+ attribute = "SSLVerifyClient";
+ connectorFm.setSSLVerifyClient
+ ((String) mBServer.getAttribute(cname, attribute));
+ attribute = "SSLVerifyDepth";
+ connectorFm.setSSLVerifyDepthText
+ (((Integer) mBServer.getAttribute(cname,
attribute)).toString());
+ attribute = "SSLCACertificateFile";
+ connectorFm.setSSLCACertificateFile
+ ((String) mBServer.getAttribute(cname, attribute));
+ attribute = "SSLCACertificatePath";
+ connectorFm.setSSLCACertificatePath
+ ((String) mBServer.getAttribute(cname, attribute));
+ attribute = "SSLCertificateChainFile";
+ connectorFm.setSSLCertificateChainFile
+ ((String) mBServer.getAttribute(cname, attribute));
+ attribute = "SSLCARevocationFile";
+ connectorFm.setSSLCARevocationFile
+ ((String) mBServer.getAttribute(cname, attribute));
+ attribute = "SSLCARevocationPath";
+ connectorFm.setSSLCARevocationPath
+ ((String) mBServer.getAttribute(cname, attribute));
+ }
} catch (Throwable t) {
getServlet().log
Modified:
tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/connector/SaveConnectorAction.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/connector/SaveConnectorAction.java?rev=992363&r1=992362&r2=992363&view=diff
==============================================================================
---
tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/connector/SaveConnectorAction.java
(original)
+++
tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/connector/SaveConnectorAction.java
Fri Sep 3 16:40:16 2010
@@ -160,11 +160,12 @@ public final class SaveConnectorAction e
values[2] = new Integer(cform.getPortText());
if ("HTTP".equalsIgnoreCase(connectorType)) {
- operation = "createHttpConnector"; // HTTP
- } else if ("HTTPS".equalsIgnoreCase(connectorType)) {
- operation = "createHttpsConnector"; // HTTPS
+ operation = "createHttpConnector"; // HTTP
+ } else if ("HTTPS-JSSE".equalsIgnoreCase(connectorType) ||
+ "HTTPS-APR".equalsIgnoreCase(connectorType)) {
+ operation = "createHttpsConnector"; // HTTPS
} else {
- operation = "createAjpConnector"; // AJP(HTTP)
+ operation = "createAjpConnector"; // AJP(HTTP)
}
cObjectName = (String)
@@ -388,8 +389,8 @@ public final class SaveConnectorAction e
new Attribute("proxyPort", new
Integer(proxyPort)));
}
- // HTTPS specific properties
- if("HTTPS".equalsIgnoreCase(connectorType)) {
+ // HTTPS-JSSE specific properties
+ if("HTTPS-JSSE".equalsIgnoreCase(connectorType)) {
String algorithm = cform.getAlgorithm();
if ((algorithm != null) && (algorithm.length()>0))
mBServer.setAttribute(coname,
@@ -440,7 +441,94 @@ public final class SaveConnectorAction e
mBServer.setAttribute(coname,
new Attribute("sslProtocol", sslProtocol));
}
-
+
+ // HTTPS-APR specific properties
+ if("HTTPS-APR".equalsIgnoreCase(connectorType)) {
+ String sSLEngine = cform.getSSLEngine();
+ if ((sSLEngine != null) && (sSLEngine.length()>0))
+ mBServer.setAttribute(coname,
+ new Attribute("SSLEngine", sSLEngine));
+
+ String sSLProtocol = cform.getSSLProtocol();
+ if ((sSLProtocol != null) && (sSLProtocol.length()>0))
+ mBServer.setAttribute(coname,
+ new Attribute("SSLProtocol", sSLProtocol));
+
+ String sSLCipherSuite = cform.getSSLCipherSuite();
+ if ((sSLCipherSuite != null) && (sSLCipherSuite.length()>0))
+ mBServer.setAttribute(coname,
+ new Attribute("SSLCipherSuite",
sSLCipherSuite));
+
+ mBServer.setAttribute(coname,
+ new Attribute("SSLCertificateFile",
+ cform.getSSLCertificateFile()));
+
+ String sSLCertificateKeyFile =
cform.getSSLCertificateKeyFile();
+ if ((sSLCertificateKeyFile != null) &&
+ (sSLCertificateKeyFile.length()>0))
+ mBServer.setAttribute(coname,
+ new Attribute("SSLCertificateKeyFile",
+ sSLCertificateKeyFile));
+
+ String sSLPassword = cform.getSSLPassword();
+ if ((sSLPassword != null) && (sSLPassword.length()>0))
+ mBServer.setAttribute(coname,
+ new Attribute("SSLPassword", sSLPassword));
+
+ String sSLVerifyClient = cform.getSSLVerifyClient();
+ if ((sSLVerifyClient != null) && (sSLVerifyClient.length()>0))
+ mBServer.setAttribute(coname,
+ new Attribute("SSLVerifyClient",
sSLVerifyClient));
+
+ String sSLVerifyDepthText = cform.getSSLVerifyDepthText();
+ if ((sSLVerifyDepthText != null) &&
+ (sSLVerifyDepthText.length()>0))
+ try {
+ mBServer.setAttribute(coname,
+ new Attribute("SSLVerifyDepthText",
+
Integer.getInteger(sSLVerifyDepthText)));
+ } catch (NumberFormatException e) {
+ mBServer.setAttribute(coname,
+ new Attribute("SSLVerifyDepthText",
+ Integer.valueOf(10)));
+ }
+
+ String sSLCACertificateFile = cform.getSSLCACertificateFile();
+ if ((sSLCACertificateFile != null) &&
+ (sSLCACertificateFile.length()>0))
+ mBServer.setAttribute(coname,
+ new Attribute("SSLCACertificateFile",
+ sSLCACertificateFile));
+
+ String sSLCACertificatePath = cform.getSSLCACertificatePath();
+ if ((sSLCACertificatePath != null) &&
+ (sSLCACertificatePath.length()>0))
+ mBServer.setAttribute(coname,
+ new Attribute("SSLCACertificatePath",
+ sSLCACertificatePath));
+
+ String sSLCertificateChainFile =
+ cform.getSSLCertificateChainFile();
+ if ((sSLCertificateChainFile != null) &&
+ (sSLCertificateChainFile.length()>0))
+ mBServer.setAttribute(coname,
+ new Attribute("SSLCertificateChainFile",
+ sSLCertificateChainFile));
+
+ String sSLCARevocationFile = cform.getSSLCARevocationFile();
+ if ((sSLCARevocationFile != null) &&
+ (sSLCARevocationFile.length()>0))
+ mBServer.setAttribute(coname,
+ new Attribute("SSLCARevocationFile",
+ sSLCARevocationFile));
+
+ String sSLCARevocationPath = cform.getSSLCARevocationPath();
+ if ((sSLCARevocationPath != null) &&
(sSLCARevocationPath.length()>0))
+ mBServer.setAttribute(coname,
+ new Attribute("SSLCARevocationPath",
+ sSLCARevocationPath));
+ }
+
} catch (Exception e) {
getServlet().log
Modified: tomcat/tc5.5.x/trunk/container/webapps/admin/connector/connector.jsp
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/admin/connector/connector.jsp?rev=992363&r1=992362&r2=992363&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/admin/connector/connector.jsp
(original)
+++ tomcat/tc5.5.x/trunk/container/webapps/admin/connector/connector.jsp Fri
Sep 3 16:40:16 2010
@@ -359,12 +359,12 @@
</controls:data>
</controls:row>
-<%-- The following properties are supported only on HTTPS Connector --%>
- <logic:equal name="connectorForm" property="scheme" scope="session"
- value="https">
+<%-- The following properties are supported only on HTTPS-JSSE Connector --%>
+ <logic:equal name="connectorForm" property="connectorType" scope="session"
+ value="HTTPS-JSSE">
<br>
<controls:row header="true" labelStyle="table-header-text"
dataStyle="table-header-text">
- <controls:label>Factory Properties:</controls:label>
+ <controls:label><bean:message
key="connector.sslProperties"/>:</controls:label>
<controls:data> </controls:data>
</controls:row>
@@ -473,6 +473,108 @@
</controls:row>
</logic:equal>
+
+<%-- The following properties are supported only on HTTPS-APR Connector --%>
+ <logic:equal name="connectorForm" property="connectorType" scope="session"
+ value="HTTPS-APR">
+ <br>
+ <controls:row header="true" labelStyle="table-header-text"
dataStyle="table-header-text">
+ <controls:label><bean:message
key="connector.sslProperties"/>:</controls:label>
+ <controls:data> </controls:data>
+ </controls:row>
+
+ <controls:row labelStyle="table-label-text"
dataStyle="table-normal-text" styleId="SSLEngine">
+ <controls:label><bean:message
key="connector.SSLEngine"/>:</controls:label>
+ <controls:data>
+ <html:text property="SSLEngine" size="10" styleId="SSLEngine"/>
+ </controls:data>
+ </controls:row>
+
+ <controls:row labelStyle="table-label-text"
dataStyle="table-normal-text" styleId="SSLProtocol">
+ <controls:label><bean:message
key="connector.SSLProtocol"/>:</controls:label>
+ <controls:data>
+ <html:text property="SSLProtocol" size="30"
styleId="SSLProtocol"/>
+ </controls:data>
+ </controls:row>
+
+ <controls:row labelStyle="table-label-text"
dataStyle="table-normal-text" styleId="SSLCipherSuite">
+ <controls:label><bean:message
key="connector.SSLCipherSuite"/>:</controls:label>
+ <controls:data>
+ <html:text property="SSLCipherSuite" size="30"
styleId="SSLCipherSuite"/>
+ </controls:data>
+ </controls:row>
+
+ <controls:row labelStyle="table-label-text"
dataStyle="table-normal-text" styleId="SSLCertificateFile">
+ <controls:label><bean:message
key="connector.SSLCertificateFile"/>:</controls:label>
+ <controls:data>
+ <html:text property="SSLCertificateFile" size="30"
styleId="SSLCertificateFile"/>
+ </controls:data>
+ </controls:row>
+
+ <controls:row labelStyle="table-label-text"
dataStyle="table-normal-text" styleId="SSLCertificateKeyFile">
+ <controls:label><bean:message
key="connector.SSLCertificateKeyFile"/>:</controls:label>
+ <controls:data>
+ <html:text property="SSLCertificateKeyFile" size="30"
styleId="SSLCertificateKeyFile"/>
+ </controls:data>
+ </controls:row>
+
+ <controls:row labelStyle="table-label-text"
dataStyle="table-normal-text" styleId="SSLPassword">
+ <controls:label><bean:message
key="connector.SSLPassword"/>:</controls:label>
+ <controls:data>
+ <html:text property="SSLPassword" size="30"
styleId="SSLPassword"/>
+ </controls:data>
+ </controls:row>
+
+ <controls:row labelStyle="table-label-text"
dataStyle="table-normal-text" styleId="SSLVerifyClient">
+ <controls:label><bean:message
key="connector.SSLVerifyClient"/>:</controls:label>
+ <controls:data>
+ <html:text property="SSLVerifyClient" size="10"
styleId="SSLVerifyClient"/>
+ </controls:data>
+ </controls:row>
+
+ <controls:row labelStyle="table-label-text"
dataStyle="table-normal-text" styleId="SSLVerifyDepthText">
+ <controls:label><bean:message
key="connector.SSLVerifyDepthText"/>:</controls:label>
+ <controls:data>
+ <html:text property="SSLVerifyDepthText" size="10"
styleId="SSLVerifyDepthText"/>
+ </controls:data>
+ </controls:row>
+
+ <controls:row labelStyle="table-label-text"
dataStyle="table-normal-text" styleId="SSLCACertificateFile">
+ <controls:label><bean:message
key="connector.SSLCACertificateFile"/>:</controls:label>
+ <controls:data>
+ <html:text property="SSLCACertificateFile" size="30"
styleId="SSLCACertificateFile"/>
+ </controls:data>
+ </controls:row>
+
+ <controls:row labelStyle="table-label-text"
dataStyle="table-normal-text" styleId="SSLCACertificatePath">
+ <controls:label><bean:message
key="connector.SSLCACertificatePath"/>:</controls:label>
+ <controls:data>
+ <html:text property="SSLCACertificatePath" size="30"
styleId="SSLCACertificatePath"/>
+ </controls:data>
+ </controls:row>
+
+ <controls:row labelStyle="table-label-text"
dataStyle="table-normal-text" styleId="SSLCertificateChainFile">
+ <controls:label><bean:message
key="connector.SSLCertificateChainFile"/>:</controls:label>
+ <controls:data>
+ <html:text property="SSLCertificateChainFile" size="30"
styleId="SSLCertificateChainFile"/>
+ </controls:data>
+ </controls:row>
+
+ <controls:row labelStyle="table-label-text"
dataStyle="table-normal-text" styleId="SSLCARevocationFile">
+ <controls:label><bean:message
key="connector.SSLCARevocationFile"/>:</controls:label>
+ <controls:data>
+ <html:text property="SSLCARevocationFile" size="30"
styleId="SSLCARevocationFile"/>
+ </controls:data>
+ </controls:row>
+
+ <controls:row labelStyle="table-label-text"
dataStyle="table-normal-text" styleId="SSLCARevocationPath">
+ <controls:label><bean:message
key="connector.SSLCARevocationPath"/>:</controls:label>
+ <controls:data>
+ <html:text property="SSLCARevocationPath" size="30"
styleId="SSLCARevocationPath"/>
+ </controls:data>
+ </controls:row>
+ </logic:equal>
+
</controls:table>
</td>
Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml?rev=992363&r1=992362&r2=992363&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml Fri Sep 3
16:40:16 2010
@@ -70,6 +70,10 @@
<bug>49585</bug>: Update JSVC documentation to reflect new packaging
of Commons Daemon. (markt)
</fix>
+ <fix>
+ <bug>49774</bug>: Add support for SSL with either JSSE or APR baaed
+ connectors to the admin app. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Cluster">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
