This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Tomcat and the fly likes Embedded Tomcat 6.0.37, set ssl redirect and restart connector Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Embedded Tomcat 6.0.37, set ssl redirect and restart connector" Watch "Embedded Tomcat 6.0.37, set ssl redirect and restart connector" New topic
Author

Embedded Tomcat 6.0.37, set ssl redirect and restart connector

vishal upadhyay
Greenhorn

Joined: Dec 16, 2013
Posts: 2
I have a java web application with embedded tomcat version 6.0.37 and I am using http as well as https. I have a configuration page where I have options:

1. SSL enable
2. SSL redirect
3. SSL Port
4. HTTP Port
5. Restart

SSL is enabled by default. I want to redirect every http request to https. So, on configuration page, I check SSL redirect option, checks Restart option and submits my form.
On server side, I am doing following:

if( webServerProperties.getSslRedirect() ) {

boolean constraintExists = false;

for( SecurityConstraint constraint : uiContext.findConstraints() ) {
if( constraint.getDisplayName().equals(SSL_REDIRECT_CONSTRAINT_NAME) ) {
constraintExists = true;
break;
}
}

if( !constraintExists ) {

SecurityConstraint constraint = new SecurityConstraint();
constraint.setDisplayName(SSL_REDIRECT_CONSTRAINT_NAME);
constraint.setAuthConstraint(false);

SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");

constraint.setUserConstraint("CONFIDENTIAL");
constraint.addCollection(collection);

uiContext.addConstraint(constraint);
}

}
else {

for( SecurityConstraint constraint : uiContext.findConstraints() ) {
if( constraint.getDisplayName().equals(SSL_REDIRECT_CONSTRAINT_NAME) ) {
uiContext.removeConstraint(constraint);
}
}

}
uiContainer.removeConnector(uiHTTPConnector);
uiHTTPConnector.pause();
uiHTTPConnector.destroy();
uiHTTPConnector = null;

uiHTTPConnector = createHTTPConnector(
newPort,
webServerProperties.getSslRedirect() ? webServerProperties.getSslPort() : -1,
newMaxThreads
);
uiContainer.addConnector(uiHTTPConnector);
uiHTTPConnector.start();

protected Connector createHTTPConnector(int port, int sslRedirectPort, int maxThreads) throws Exception {

Connector connector = new LifecycleEventConnector();
org.apache.tomcat.util.IntrospectionUtils.setProperty(connector, "port", "" + port);

connector.setAttribute("maxThreads", maxThreads);
connector.setAttribute("keepAliveTimeout", MAX_IDLE_TIME);
connector.setAttribute("connectionTimeout", MAX_IDLE_TIME);
connector.setMaxParameterCount(-1);

if( sslRedirectPort > 0 ) {
org.apache.tomcat.util.IntrospectionUtils.setProperty(connector, "redirectPort", "" + sslRedirectPort);
}

return connector;
}

private static final class LifecycleEventConnector extends Connector {

public LifecycleEventConnector() throws Exception {
super();
}

@Override
public void initialize() throws LifecycleException {
lifecycle.fireLifecycleEvent(INIT_EVENT, null);
super.initialize();
}

}

I want to just restart the connector instead of restarting the whole container and letting my whole application down.
Changing other options(HTTP port, SSL port, SSL enabled), connector is restarted and works fine, but enabling SSL redirect isn't working. SSL redirect works after I restart my application.
I have searched a lot, but I am unable to resolve this issue. Will appreciate any help.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15961
    
  19

You can make code samples a lot easier to read if you wrap it using the tags that our message editor creates when you click the "Code" button.

Rather than coding this kind of stuff in your webapp, your almost certainly should be doing it by setting the transport guarantee in WEB-INF/web.xml.

Customer surveys are for companies who didn't pay proper attention to begin with.
vishal upadhyay
Greenhorn

Joined: Dec 16, 2013
Posts: 2
Tim Holloway wrote:You can make code samples a lot easier to read if you wrap it using the tags that our message editor creates when you click the "Code" button.

Next time onward, I will follow that.

Tim Holloway wrote:Rather than coding this kind of stuff in your webapp, your almost certainly should be doing it by setting the transport guarantee in WEB-INF/web.xml.


I am using embedded tomcat and I have to set all the configurations programmatically. I have a configuration page in my application which lets me do that. So, when I enable SSL redirect from my configurations page, the security constraints are added to the context, when I disable it, it's removed from context. Issue is that, it doesn't comes into effect until I restart my application.
As suggested on http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/catalina/startup/Embedded.html I destroyed my context, recreated it with adding constraint, and re-added it to host, this solves my problem but there's a log message appearing:
org.apache.catalina.loader.WebappClassLoader clearReferencesThreads
SEVERE: The web application [] appears to have started a thread named [http-8080-Acceptor-0] but has failed to stop it. This is very likely to create a memory leak.

Now, I am unable to resolve this.
 
Consider Paul's rocket mass heater.
 
subject: Embedded Tomcat 6.0.37, set ssl redirect and restart connector
 
Similar Threads
redirectPort not working
Problem of configuring SSL for Https in Jboss AS 7
BASIC Authentication and SSL configuration failed in Tomcat 6.0
Redirecting http to https imbedded Tomcat 4
Can�t get SSL redirection to work for root application context.