• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Embedded Tomcat 6.0.37, set ssl redirect and restart connector

 
vishal upadhyay
Greenhorn
Posts: 2
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a java web application with embedded tomcat version 6.0.37 and I am using http as well as https. I have a configuration page where I have options:

1. SSL enable
2. SSL redirect
3. SSL Port
4. HTTP Port
5. Restart

SSL is enabled by default. I want to redirect every http request to https. So, on configuration page, I check SSL redirect option, checks Restart option and submits my form.
On server side, I am doing following:

if( webServerProperties.getSslRedirect() ) {

boolean constraintExists = false;

for( SecurityConstraint constraint : uiContext.findConstraints() ) {
if( constraint.getDisplayName().equals(SSL_REDIRECT_CONSTRAINT_NAME) ) {
constraintExists = true;
break;
}
}

if( !constraintExists ) {

SecurityConstraint constraint = new SecurityConstraint();
constraint.setDisplayName(SSL_REDIRECT_CONSTRAINT_NAME);
constraint.setAuthConstraint(false);

SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");

constraint.setUserConstraint("CONFIDENTIAL");
constraint.addCollection(collection);

uiContext.addConstraint(constraint);
}

}
else {

for( SecurityConstraint constraint : uiContext.findConstraints() ) {
if( constraint.getDisplayName().equals(SSL_REDIRECT_CONSTRAINT_NAME) ) {
uiContext.removeConstraint(constraint);
}
}

}
uiContainer.removeConnector(uiHTTPConnector);
uiHTTPConnector.pause();
uiHTTPConnector.destroy();
uiHTTPConnector = null;

uiHTTPConnector = createHTTPConnector(
newPort,
webServerProperties.getSslRedirect() ? webServerProperties.getSslPort() : -1,
newMaxThreads
);
uiContainer.addConnector(uiHTTPConnector);
uiHTTPConnector.start();

protected Connector createHTTPConnector(int port, int sslRedirectPort, int maxThreads) throws Exception {

Connector connector = new LifecycleEventConnector();
org.apache.tomcat.util.IntrospectionUtils.setProperty(connector, "port", "" + port);

connector.setAttribute("maxThreads", maxThreads);
connector.setAttribute("keepAliveTimeout", MAX_IDLE_TIME);
connector.setAttribute("connectionTimeout", MAX_IDLE_TIME);
connector.setMaxParameterCount(-1);

if( sslRedirectPort > 0 ) {
org.apache.tomcat.util.IntrospectionUtils.setProperty(connector, "redirectPort", "" + sslRedirectPort);
}

return connector;
}

private static final class LifecycleEventConnector extends Connector {

public LifecycleEventConnector() throws Exception {
super();
}

@Override
public void initialize() throws LifecycleException {
lifecycle.fireLifecycleEvent(INIT_EVENT, null);
super.initialize();
}

}

I want to just restart the connector instead of restarting the whole container and letting my whole application down.
Changing other options(HTTP port, SSL port, SSL enabled), connector is restarted and works fine, but enabling SSL redirect isn't working. SSL redirect works after I restart my application.
I have searched a lot, but I am unable to resolve this issue. Will appreciate any help.
 
Tim Holloway
Saloon Keeper
Pie
Posts: 17618
39
Android Eclipse IDE Linux
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can make code samples a lot easier to read if you wrap it using the tags that our message editor creates when you click the "Code" button.

Rather than coding this kind of stuff in your webapp, your almost certainly should be doing it by setting the transport guarantee in WEB-INF/web.xml.
 
vishal upadhyay
Greenhorn
Posts: 2
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim Holloway wrote:You can make code samples a lot easier to read if you wrap it using the tags that our message editor creates when you click the "Code" button.

Next time onward, I will follow that.

Tim Holloway wrote:Rather than coding this kind of stuff in your webapp, your almost certainly should be doing it by setting the transport guarantee in WEB-INF/web.xml.


I am using embedded tomcat and I have to set all the configurations programmatically. I have a configuration page in my application which lets me do that. So, when I enable SSL redirect from my configurations page, the security constraints are added to the context, when I disable it, it's removed from context. Issue is that, it doesn't comes into effect until I restart my application.
As suggested on http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/catalina/startup/Embedded.html I destroyed my context, recreated it with adding constraint, and re-added it to host, this solves my problem but there's a log message appearing:
org.apache.catalina.loader.WebappClassLoader clearReferencesThreads
SEVERE: The web application [] appears to have started a thread named [http-8080-Acceptor-0] but has failed to stop it. This is very likely to create a memory leak.

Now, I am unable to resolve this.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic