[jopr-dev] tomcat and agent security

John Mazzitelli mazz at redhat.com
Thu Feb 26 13:09:19 EST 2009 

I just checked in a third (but commented) Tomcat <Connector>. It can be uncommented by users if they need this capability.

The comments in server.xml tell you when you would might want to do this:

      <!-- Provides a secure but un-authenticated https connector for browsers to use.
           Uncomment this connector if all of the following are true:
           1) the server-to-agent communications is secured via the sslservlet transport
           2) the server-to-agent communications always require agents to authenticate themselves with certificates
           3) you want to allow users' browsers to access the GUI via the https: protocol
           4) you do not want to force users' browsers to authenticate themselves with certificates
      -->

Just to be clear, by default, this connector doesn't exist and its port isn't open - out of box this connector will be commented out. You have to explictly turn it on by uncommenting it if you want it.

(BTW: I did test this scenario and it works - you can have two secure connectors where one requires cert auth and the other doesn't)

----- Original Message -----
From: "Heiko W.Rupp" <hwr at redhat.com>
To: "jopr-dev" <jopr-dev at lists.jboss.org>
Sent: Thursday, February 26, 2009 9:32:10 AM GMT -05:00 US/Canada Eastern
Subject: Re: [jopr-dev] tomcat and agent security


Am 25.02.2009 um 21:46 schrieb John Mazzitelli:

>
> I think this is a use-case where users are gonna want to use the  
> sslsocket transport so agents can talk to a separate Jboss/Remoting  
> port in the server that can perform SSL certificate checking but it  
> leaves Tomcat alone so GUI users are not burdened with needing SSL  
> certificate in their browsers.


Would an alternative to have 2 connectors with ssl enabled - one for  
the agent and the other for the clients?
Or does tomcat have a restriction to 1 connector with ssl?

   Heiko

-- 
Reg. Adresse: Red Hat GmbH, Otto-Hahn-Strasse 20, 85609 Dornach bei  
Muenchen
Handelsregister: Amtsgericht Muenchen HRB 153243
Geschaeftsfuehrer: Brendan Lane, Charlie Peters, Michael Cunningham,  
Werner Knoblich

_______________________________________________
jopr-dev mailing list
jopr-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jopr-dev

More information about the jopr-dev mailing list