Author: jfrederic.clere(a)jboss.com Date: 2011-06-30 12:24:05 -0400 (Thu, 30 Jun 2011) New Revision: 1754 Modified: trunk/webapps/docs/config/ajp.xml trunk/webapps/docs/config/ssl.xml trunk/webapps/docs/config/subsystem.xml Log: Arrange ssl and ajp. Modified: trunk/webapps/docs/config/ajp.xml =================================================================== --- trunk/webapps/docs/config/ajp.xml 2011-06-30 14:48:41 UTC (rev 1753) +++ trunk/webapps/docs/config/ajp.xml 2011-06-30 16:24:05 UTC (rev 1754) @@ -10,6 +10,7 @@ <author email=&quot;remm(a)apache.org&quot;&gt;Remy Maucherat</author> <author email=&quot;yoavs(a)apache.org&quot;&gt;Yoav Shapira</author> <author email=&quot;arjaquith(a)mindspring.com&quot;&gt;Andrew R. Jaquith</author> + <author email=&quot;jfclere(a)gmail.com&quot;&gt;Jean-Frederic Clere</author> <title>The AJP Connector</title> </properties> @@ -27,8 +28,11 @@ processing.</p> <p>This connector supports load balancing when used in conjunction with - the <code>jvmRoute</code> attribute of the - <a href="engine.html">Engine</a>.</p> + the <code>jvmRoute</code> part of the session. <code>jvmRoute</code> are + automatically added to session when AS7 is used in a cluster, like started as:</p> +<source> +bin/standalone.sh -server-config clustering-standalone.xml +</source> <p>The native connectors supported with this JBoss Web release are: <ul> @@ -37,11 +41,10 @@ with AJP enabled: see <a href="http://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html"&... httpd docs</a> for details.</li> + <li>mod_cluster 1.1.x</li> </ul> </p> -<p><b>Other native connectors supporting AJP may work, but are no longer supported.</b></p> - </section> @@ -49,121 +52,14 @@ <subsection name="Common Attributes"> - <p>All implementations of <strong>Connector</strong> - support the following attributes:</p> + <p>See <a href="http.html">http connector</a> for the Common Attributes</p> <attributes> - - <attribute name="allowTrace" required="false"> - <p>A boolean value which can be used to enable or disable the TRACE - HTTP method. If not specified, this attribute is set to false.</p> - </attribute> - - <attribute name="enableLookups" required="false"> - <p>Set to <code>true</code> if you want calls to - <code>request.getRemoteHost()</code> to perform DNS lookups in - order to return the actual host name of the remote client. Set - to <code>false</code> to skip the DNS lookup and return the IP - address in String form instead (thereby improving performance). - By default, DNS lookups are enabled.</p> - </attribute> - - <attribute name="maxPostSize" required="false"> - <p>The maximum size in bytes of the POST which will be handled by - the container FORM URL parameter parsing. The feature can be disabled by - setting this attribute to a value less than or equal to 0. - If not specified, this attribute is set to 2097152 (2 megabytes).</p> - </attribute> - - <attribute name="maxSavePostSize" required="false"> - <p>The maximum size in bytes of the POST which will be saved/buffered by - the container during FORM or CLIENT-CERT authentication. For both types - of authentication, the POST will be saved/buffered before the user is - authenticated. For CLIENT-CERT authentication, the POST is buffered for - the duration of the SSL handshake and the buffer emptied when the request - is processed. For FORM authentication the POST is saved whilst the user - is re-directed to the login form and is retained until the user - successfully authenticates or the session associated with the - authentication request expires. The limit can be disabled by setting this - attribute to -1. Setting the attribute to zero will disable the saving of - POST data during authentication. If not specified, this attribute is set - to 4096 (4 kilobytes).</p> - </attribute> - <attribute name="protocol" required="false"> <p>This attribute value must be <code>AJP/1.3</code> to use the AJP handler.</p> </attribute> - <attribute name="proxyName" required="false"> - <p>If this <strong>Connector</strong> is being used in a proxy - configuration, configure this attribute to specify the server name - to be returned for calls to <code>request.getServerName()</code>. - See <a href="#Proxy Support">Proxy Support</a> for more - information.</p> - </attribute> - - <attribute name="proxyPort" required="false"> - <p>If this <strong>Connector</strong> is being used in a proxy - configuration, configure this attribute to specify the server port - to be returned for calls to <code>request.getServerPort()</code>. - See <a href="#Proxy Support">Proxy Support</a> for more - information.</p> - </attribute> - - <attribute name="redirectPort" required="false"> - <p>If this <strong>Connector</strong> is supporting non-SSL - requests, and a request is received for which a matching - <code>&lt;security-constraint&gt;</code> requires SSL transport, - Catalina will automatically redirect the request to the port - number specified here.</p> - </attribute> - - <attribute name="scheme" required="false"> - <p>Set this attribute to the name of the protocol you wish to have - returned by calls to <code>request.getScheme()</code>. For - example, you would set this attribute to "<code>https</code>" - for an SSL Connector. The default value is "<code>http</code>". - See <a href="#SSL Support">SSL Support</a> for more information.</p> - </attribute> - - <attribute name="secure" required="false"> - <p>Set this attribute to <code>true</code> if you wish to have - calls to <code>request.isSecure()</code> to return <code>true</code> - for requests received by this Connector (you would want this on an - SSL Connector). The default value is <code>false</code>.</p> - </attribute> - - <attribute name="URIEncoding" required="false"> - <p>This specifies the character encoding used to decode the URI bytes, - after %xx decoding the URL. If not specified, ISO-8859-1 will be used. - </p> - </attribute> - - <attribute name="useBodyEncodingForURI" required="false"> - <p>This specifies if the encoding specified in contentType should be used - for URI query parameters, instead of using the URIEncoding. This - setting is present for compatibility with Tomcat 4.1.x, where the - encoding specified in the contentType, or explicitely set using - Request.setCharacterEncoding method was also used for the parameters from - the URL. The default value is <code>false</code>. - </p> - </attribute> - - <attribute name="useIPVHosts" required="false"> - <p>Set this attribute to <code>true</code> to cause JBoss Web to use - the ServerName passed by the native web server to determine the Host - to send the request to. The default value is <code>false</code>.</p> - </attribute> - - <attribute name="xpoweredBy" required="false"> - <p>Set this attribute to <code>true</code> to cause JBoss Web to advertise - support for the Srevlet specification using the header recommended in the - specification. The default value is <code>false</code>.</p> - </attribute> - - - </attributes> </subsection> @@ -175,88 +71,8 @@ <p><strong>This implementation supports the AJP 1.3 protocol.</strong></p> - <p>It supports the following additional attributes (in addition to the - common attributes listed above):</p> + <p>AJP doesn't support more attributes that the ones listed above.</p> - <attributes> - - <attribute name="address" required="false"> - <p>For servers with more than one IP address, this attribute - specifies which address will be used for listening on the specified - port. By default, this port will be used on all IP addresses - associated with the server. A value of <code>127.0.0.1</code> - indicates that the Connector will only listen on the loopback - interface.</p> - </attribute> - - <attribute name="backlog" required="false"> - <p>The maximum queue length for incoming connection requests when - all possible request processing threads are in use. Any requests - received when the queue is full will be refused. The default - value is 10.</p> - </attribute> - - <attribute name="bufferSize" required="false"> - <p>The size of the output buffer to use. If less than or equal to zero, - then output buffering is disabled. The default value is -1 - (i.e. buffering disabled)</p> - </attribute> - - <attribute name="connectionTimeout" required="false"> - <p>The number of milliseconds this <strong>Connector</strong> will wait, - after accepting a connection, for the request URI line to be - presented. The default value is infinite (i.e. no timeout).</p> - </attribute> - - <attribute name="executor" required="false"> - <p>A reference to the name in an <a href="executor.html">Executor</a> element. - If this attribute is enabled, and the named executor exists, the connector will - use the executor, and all the other thread attributes will be ignored.</p> - </attribute> - - <attribute name="keepAliveTimeout" required="false"> - <p>The number of milliseconds this <strong>Connector</strong> will wait for - another AJP request before closing the connection. - The default value is to use the value that has been set for the - connectionTimeout attribute.</p> - </attribute> - - <attribute name="maxThreads" required="false"> - <p>The maximum number of request processing threads to be created - by this <strong>Connector</strong>, which therefore determines the - maximum number of simultaneous requests that can be handled. If - not specified, this attribute is set to 200. If an executor is associated - with this connector, this attribute is ignored as the connector will - execute tasks using the executor rather than an internal thread pool.</p> - </attribute> - - <attribute name="port" required="true"> - <p>The TCP port number on which this <strong>Connector</strong> - will create a server socket and await incoming connections. Your - operating system will allow only one server application to listen - to a particular port number on a particular IP address.</p> - </attribute> - - <attribute name="requiredSecret" required="false"> - <p>Only requests from workers with this secret keyword will be accepted. - Not used by default.</p> - </attribute> - - <attribute name="tcpNoDelay" required="false"> - <p>If set to <code>true</code>, the TCP_NO_DELAY option will be - set on the server socket, which improves performance under most - circumstances. This is set to <code>true</code> by default.</p> - </attribute> - - <attribute name="tomcatAuthentication" required="false"> - <p>If set to <code>true</code>, the authetication will be done in JBoss Web. - Otherwise, the authenticated principal will be propagated from the native - webaserver and used for authorization in JBoss Web. - The default value is <code>true</code>.</p> - </attribute> - - </attributes> - </subsection> </section> Modified: trunk/webapps/docs/config/ssl.xml =================================================================== --- trunk/webapps/docs/config/ssl.xml 2011-06-30 14:48:41 UTC (rev 1753) +++ trunk/webapps/docs/config/ssl.xml 2011-06-30 16:24:05 UTC (rev 1754) @@ -2,7 +2,7 @@ <!DOCTYPE document [ <!ENTITY project SYSTEM "project.xml"> ]> -<document url="http.html"> +<document url="ssl.html"> &project; @@ -10,7 +10,7 @@ <author email=&quot;craigmcc(a)apache.org&quot;&gt;Craig R. McClanahan</author> <author email=&quot;yoavs(a)apache.org&quot;&gt;Yoav Shapira</author> <author email=&quot;jfclere(a)apache.org&quot;&gt;Jean-Frederic Clere</author> - <title>The HTTP Connector</title> + <title>The HTTPS Connector</title> </properties> <body> @@ -18,27 +18,14 @@ <section name="Introduction"> - <p>The <strong>HTTP Connector</strong> element represents a + <p>The <strong>HTTPS Connector</strong> element represents a <strong>Connector</strong> component that supports the HTTP/1.1 protocol. - It enables Catalina to function as a stand-alone web server, in addition - to its ability to execute servlets and JSP pages. A particular instance - of this component listens for connections on a specific TCP port number - on the server. One or more such <strong>Connectors</strong> can be - configured as part of the <a href="subsystem.html">Web subSystem</a> - to perform request processing and create the response.</p> - - <p>If you wish to configure the <strong>Connector</strong> that is used - for connections to web servers using the AJP protocol (such as the - <code>mod_jk 1.2.x</code> connector for Apache 1.3), see - <a href="ajp.html">here</a> instead.</p> - - <p>Each incoming request requires - a thread for the duration of that request. If more simultaneous requests - are received than can be handled by the currently available request - processing threads, additional threads will be created up to the - configured maximum (the value of the <code>max-connections</code> attribute). - Additional connections will be rejected.</p> - + SSL, or Secure Socket Layer, is a technology which allows web browsers and web servers to + communicate over a secured connection. + This means that the data being sent is encrypted by one side, transmitted, then decrypted by + the other side before processing. + This is a two-way process, meaning that both the server AND the browser encrypt all traffic before sending out data. + </p> </section> @@ -46,93 +33,12 @@ <subsection name="Common Attributes"> - <p>All implementations of <strong>Connector</strong> - support the following attributes:</p> + <p>See the <a href="http.html">http connector documentation</a> for the commun attributs.</p> <attributes> - <attribute name="name" required="true"> - <p>Name of the connector</p> - </attribute> - - <attribute name="enable-lookups" required="false"> - <p>Set to <code>true</code> if you want calls to - <code>request.getRemoteHost()</code> to perform DNS lookups in - order to return the actual host name of the remote client. Set - to <code>false</code> to skip the DNS lookup and return the IP - address in String form instead (thereby improving performance). - By default, DNS lookups are enabled.</p> - </attribute> - - <attribute name="max-post-size" required="false"> - <p>The maximum size in bytes of the POST which will be handled by - the container FORM URL parameter parsing. The limit can be disabled by - setting this attribute to a value less than or equal to 0. - If not specified, this attribute is set to 2097152 (2 megabytes).</p> - </attribute> - - <attribute name="max-save-post-size" required="false"> - <p>The maximum size in bytes of the POST which will be saved/buffered by - the container during FORM or CLIENT-CERT authentication. For both types - of authentication, the POST will be saved/buffered before the user is - authenticated. For CLIENT-CERT authentication, the POST is buffered for - the duration of the SSL handshake and the buffer emptied when the request - is processed. For FORM authentication the POST is saved whilst the user - is re-directed to the login form and is retained until the user - successfully authenticates or the session associated with the - authentication request expires. The limit can be disabled by setting this - attribute to -1. Setting the attribute to zero will disable the saving of - POST data during authentication and the buffering during SSL handshake. - If not specified, this attribute is set to 4096 (4 kilobytes).</p> - </attribute> - - <attribute name="protocol" required="false"> + <attribute name="ssl" required="true"> <p> - Sets the protocol to handle incoming traffic. - The default value is <code>HTTP/1.1</code> and configures the - <code>org.apache.coyote.http11.Http11Protocol</code>. This is the blocking Java connector.<br/> - If the <code>PATH(Windows)</code> or <code>LD_LIBRARY_PATH(on most unix system)</code> - environment variables contain the Tomcat native library, the APR connector - will automatically be configured. Please be advised that the APR connector has different - settings for HTTPS than the default Java connector.<br/> - Other values for this attribute are, but not limited to:<br/> - <code>org.apache.coyote.http11.Http11Protocol</code> - same as HTTP/1.1<br/> - <code>org.apache.coyote.http11.Http11NioProtocol</code> - non blocking Java connector, not supported in JBossWeb<br/> - <code>org.apache.coyote.http11.Http11AprProtocol</code> - the APR connector.<br/> - Take a look at our <a href="#Connector Comparison">Connector Comparison</a> chart. - The configuration for both Java connectors are identical, both for http and https. <br/> - For more information on the APR connector and APR specific SSL settings please - visit the <a href="../apr.html">APR documentation</a> - - </p> - </attribute> - - <attribute name="proxy-name" required="false"> - <p>If this <strong>Connector</strong> is being used in a proxy - configuration, configure this attribute to specify the server name - to be returned for calls to <code>request.getServerName()</code>. - See <a href="#Proxy Support">Proxy Support</a> for more - information.</p> - </attribute> - - <attribute name="proxy-port" required="false"> - <p>If this <strong>Connector</strong> is being used in a proxy - configuration, configure this attribute to specify the server port - to be returned for calls to <code>request.getServerPort()</code>. - See <a href="#Proxy Support">Proxy Support</a> for more - information.</p> - </attribute> - - <attribute name="redirect-port" required="false"> - <p>If this <strong>Connector</strong> is supporting non-SSL - requests, and a request is received for which a matching - <code>&lt;security-constraint&gt;</code> requires SSL transport, - Catalina will automatically redirect the request to the port - number specified here.</p> - </attribute> - - <attribute name="ssl" required="false"> - <p> Use this element to enable SSL traffic on a connector. To turn on SSL handshake/encryption/decryption on a connector. When present you will want to set the @@ -143,7 +49,7 @@ </p> </attribute> - <attribute name="scheme" required="false"> + <attribute name="scheme" required="true"> <p>Set this attribute to the name of the protocol you wish to have returned by calls to <code>request.getScheme()</code>. For example, you would set this attribute to "<code>https</code>" @@ -151,7 +57,7 @@ </p> </attribute> - <attribute name="secure" required="false"> + <attribute name="secure" required="true"> <p>Set this attribute to <code>true</code> if you wish to have calls to <code>request.isSecure()</code> to return <code>true</code> for requests received by this Connector. You would want this on an @@ -160,17 +66,6 @@ The default value is <code>false</code>.</p> </attribute> - <attribute name="enabled" required="false"> - <p>Set this attribute to <code>false</code> if you don't wan the - Connector to be used. - The default value is <code>true</code>.</p> - </attribute> - - <attribute name="executor" required="false"> - <p>A reference to the name in an <a href="executor.html">Executor</a> element. - If this attribute is enabled, and the named executor exists, the connector will - use the executor, and all the other thread attributes will be ignored.</p> - </attribute> </attributes> </subsection> @@ -178,7 +73,7 @@ <subsection name="Standard Implementation"> <p> - HTTP doesn't support more attributes that the ones listed above.</p> + HTTPS doesn't support more attributes that the ones listed above.</p> </subsection> @@ -187,7 +82,7 @@ <section name="Nested Components"> - <p>None at this time.</p> + <p><code>ssl</code> is the nested component of the https connector.</p> </section> Modified: trunk/webapps/docs/config/subsystem.xml =================================================================== --- trunk/webapps/docs/config/subsystem.xml 2011-06-30 14:48:41 UTC (rev 1753) +++ trunk/webapps/docs/config/subsystem.xml 2011-06-30 16:24:05 UTC (rev 1754) @@ -42,7 +42,7 @@ <attribute name="connector" required="false"> <p>That is the description of the <code>connector</code> element. There could be more than one <code>connector</code> per subsystem. - See <a href="connector.html">connector</a> for more information. + See <a href="http.html">connector</a> for more information. </p> </attribute>