Overview Description: Use of the common scheme and secure attributes in Connector server.xml configuration for CoyoteConnector HTTP/1.1 is ignored in the released 4.1.18 build. This used to work as expected in 4.1.10, (see below). Our hosting architecture employs external SSL acceleration hardware in front of standalone Tomcat servers and needs to pass scheme and secure information to our webapps. To do this, we specify the following in the server.xml file: <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8543" minProcessors="8" maxProcessors="128" enableLookups="false" acceptCount="64" debug="0" connectionTimeout="300000" scheme="https" secure="true" useURIValidationHack="false" disableUploadTimeout="true"/> The specification of "https" and "true" no longer is effective in setting the standard Servlet 2.3 ServletRequest.getScheme() and ServletRequest.isSecure() return values. Instead, "http" and false are always returned, respectively. Because the static Connector configuration information is no longer propagated to our web application servlets, our application fails to run properly. Steps to Reproduce: 1. configure Tomcat 4.1.18 to use standalone CoyoteConnector. 2. specify Connector scheme attribute as something other than "http" and/or set secure attribute to "false". 3. access the standard request getScheme() and/or isSecure() methods in a servlet registered to the Connector. Actual Results: ServletRequest.getScheme() will return "http" and ServletRequest.isSecure() will return false when accessed from the servlet. Expected Results: ServletRequest.getScheme() and ServletRequest.isSecure() should reflect what is specified in the Connector configuration. Additional Information: It appears that this problem was introduced in 4.1.13 while making the following change to coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java and other files: ----------------------- revision 1.10 date: 2002/09/29 17:07:44; author: nacho; state: Exp; lines: +9 -14 Bug#12998 HTTPS gets changed to HTTP://servername:443 Reported by marcus.kellermann at bentley.com The processor (HTTP11 or ajp13) should set the scheme and port prior to this point, in an ajp13 connection doesnt make sense to get the secure flag from the connector secure flag. ----------------------- In prior versions of this file, settings for the request scheme was always copied from the Connector/CoyoteConnector configuration. With this change, the Processor is now responsible for setting the request information correctly. In our case, the Http11Processor cannot know about the external hardware and fails to upgrade the logical connection to https/secure.
Created attachment 5173 [details] proposed patch, (tested on 4.1.18 ported forward)
Patch applied. Thanks Much.
*** Bug 18706 has been marked as a duplicate of this bug. ***
*** Bug 20919 has been marked as a duplicate of this bug. ***
Maybe I misunderstood the comments, but it seems that the bug is still contained in version 4.1.24.