import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
public void setKeystoreType(String s ) { this.keystoreType = s;}
protected String sslProtocol = "TLS";
-
public String getSslProtocol() { return sslProtocol;}
public void setSslProtocol(String s) { sslProtocol = s;}
for (int i=0; i<sslEnabledProtocolsarr.length; i++ ) sslEnabledProtocolsarr[i] = t.nextToken();
}
-
protected String ciphers = null;
protected String[] ciphersarr = new String[0];
public String getCiphers() { return ciphers;}
for (int i=0; i<ciphersarr.length; i++ ) ciphersarr[i] = t.nextToken();
}
}
-
+
+ protected int sessionCacheSize = 0;
+ public int getSessionCacheSize() { return sessionCacheSize;}
+ public void setSessionCacheSize(int i) { sessionCacheSize = i;}
+
+ protected int sessionCacheTimeout = 86400;
+ public int getSessionCacheTimeout() { return sessionCacheTimeout;}
+ public void setSessionCacheTimeout(int i) { sessionCacheTimeout = i;}
+
/**
* SSL engine.
*/
sslContext = SSLContext.getInstance(getSslProtocol());
sslContext.init(wrap(kmf.getKeyManagers()), tmf.getTrustManagers(), null);
+ SSLSessionContext sessionContext =
+ sslContext.getServerSessionContext();
+ if (sessionContext != null) {
+ sessionContext.setSessionCacheSize(sessionCacheSize);
+ sessionContext.setSessionTimeout(sessionCacheTimeout);
+ }
}
if (oomParachute>0) reclaimParachute(true);
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
private static final String defaultKeystoreFile
= System.getProperty("user.home") + "/.keystore";
private static final String defaultKeyPass = "changeit";
+ private static final int defaultSessionCacheSize = 0;
+ private static final int defaultSessionTimeout = 86400;
+
static org.apache.juli.logging.Log log =
org.apache.juli.logging.LogFactory.getLog(JSSESocketFactory.class);
trustAlgorithm),
new SecureRandom());
+ // Configure SSL session cache
+ int sessionCacheSize;
+ if (attributes.get("sessionCacheSize") != null) {
+ sessionCacheSize = Integer.parseInt(
+ (String)attributes.get("sessionCacheSize"));
+ } else {
+ sessionCacheSize = defaultSessionCacheSize;
+ }
+ int sessionCacheTimeout;
+ if (attributes.get("sessionCacheTimeout") != null) {
+ sessionCacheTimeout = Integer.parseInt(
+ (String)attributes.get("sessionCacheTimeout"));
+ } else {
+ sessionCacheTimeout = defaultSessionTimeout;
+ }
+ SSLSessionContext sessionContext =
+ context.getServerSessionContext();
+ if (sessionContext != null) {
+ sessionContext.setSessionCacheSize(sessionCacheSize);
+ sessionContext.setSessionTimeout(sessionCacheTimeout);
+ }
+
// create proxy
sslProxy = context.getServerSocketFactory();
the container during FORM or CLIENT-CERT authentication. For both types
of authentication, the POST will be saved/buffered before the user is
authenticated. For CLIENT-CERT authentication, the POST is buffered for
- the duration of
- the SSL handshake and the buffer emptied when the request
- is processed. For FORM authentication the POST is
- saved whilst the user
+ the duration of the SSL handshake and the buffer emptied when the request
+ is processed. For FORM authentication the POST is saved whilst the user
is re-directed to the login form and is retained until the user
successfully authenticates or the session associated with the
authentication request expires. The limit can be disabled by setting this
- attribute to -1. Setting the attribute to
- zero will disable the saving of
- POST data during authentication
-. If not
- specified, this attribute is set
- to
- 4096 (4 kilobytes).</p>
+ attribute to -1. Setting the attribute to zero will disable the saving of
+ POST data during authentication. If not specified, this attribute is set
+ to 4096 (4 kilobytes).</p>
</attribute>
<attribute name="protocol" required="false">
</p>
</attribute>
+ <attribute name="sessionCacheSize" required="false">
+ <p>The number of SSL sessions to maintain in the session cache. Use 0 to
+ specify an unlimited cache size. If not specified, a default of 0 is
+ used.</p>
+ </attribute>
+
+ <attribute name="sessionTimeout" required="false">
+ <p>The time, in seconds, after the creation of an SSL session that it will
+ timeout. Use 0 to specify an unlimited timeout. If not specified, a
+ default of 86400 (24 hours) is used.</p>
+ </attribute>
+
</attributes>
<p>For more information, see the
projects / tomcat7.0 / commitdiff