aspose file tools*
The moose likes Oracle/OAS and the fly likes SSL Connection Pool between HTTP server and Application server Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Oracle/OAS
Bookmark "SSL Connection Pool between HTTP server and Application server" Watch "SSL Connection Pool between HTTP server and Application server" New topic
Author

SSL Connection Pool between HTTP server and Application server

Glen Cai
Ranch Hand

Joined: Aug 24, 2002
Posts: 121
I have a HTTP Server (OHS) and an Application Server (OAS) on two separate boxes.
The connection between them is AJP/SSL using mod_oc4j.
Should I create a SSL connection pool, just like we normally do for
the connections between application and database servers? And How?


"I, a universe of atoms, an atom in the universe." - Richard Feynman
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
Is that anything like SSL connection for database ? Mean secure database connectivity for DB.


Rahul Bhattacharjee
LinkedIn - Blog
Glen Cai
Ranch Hand

Joined: Aug 24, 2002
Posts: 121
It is for the secure connection, which does following things as SSL:

Mutual authentication between OHS and OAS with digital certificates;
Communication session encryption between OHS and OAS;
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
Originally posted by Glen Cai:
Should I create a SSL connection pool, just like we normally do for
the connections between application and database servers?


Thanks for the explanation Glen , but I was asking about SSL for database connections as you have mentioned in your post.Is there anything like that ?
Jan Cumps
Bartender

Joined: Dec 20, 2006
Posts: 2503
    
    8

You can set up SSH Port Forwarding.

Here's a how-to for Oracle.
Regards, Jan
[ June 05, 2007: Message edited by: Jan Cumps ]

OCUP UML fundamental and ITIL foundation
youtube channel
Glen Cai
Ranch Hand

Joined: Aug 24, 2002
Posts: 121
Thanks Jan.

I think I have to use SSL because we have to leave the payload unencrypted.
SSL allows me to do the mutual server to server authentication with certs while leaving the payload unencrypted.

With SSH, the communication between the two servers is always encrypted.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42294
    
  64
The point of a connection pool is to leave connections open, e.g. to a DB server. Since HTTP is a connection-less protocol (meaning connection are closed as soon the transmission is done), the concept of pools doesn't apply here. (Yes, there's such a thing as HTTP keep-alive, but it still closes connections after a short time).

Using HTTPS instead of HTTP doesn't change this.
[ June 09, 2007: Message edited by: Ulf Dittmer ]

Ping & DNS - my free Android networking tools app
Glen Cai
Ranch Hand

Joined: Aug 24, 2002
Posts: 121
Originally posted by Ulf Dittmer:
The point of a connection pool is to leave connections open, e.g. to a DB server. Since HTTP is a connection-less protocol (meaning connection are closed as soon the transmission is done), the concept of pools doesn't apply here. (Yes, there's such a thing as HTTP keep-alive, but it still closes connections after a short time).

Using HTTPS instead of HTTP doesn't change this.



A new HTTP connection is fine as long as I can use the same SSL channels
over and over for many different HTTP connections.

HTTP connection is cheap, and SSL connection is expensive. It is why we want to pool SSL connection between HTTP server and App server.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42294
    
  64
In that case, look into HTTP keep-alive, and make sure the parameters are so that the connections don't time out.

Alternatively, use plain HTTP and encrypt the data.

I'm curious: This is an intranet setting where the subnet between the web server and the app server is not trusted? Or is the web server public?
Glen Cai
Ranch Hand

Joined: Aug 24, 2002
Posts: 121
This is an intranet setting.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: SSL Connection Pool between HTTP server and Application server