初始提交
diff --git a/tomcat-cas/webapps/docs/config/http.html b/tomcat-cas/webapps/docs/config/http.html
new file mode 100644
index 0000000..c5b88c0
--- /dev/null
+++ b/tomcat-cas/webapps/docs/config/http.html
@@ -0,0 +1,715 @@
+<html><head><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Apache Tomcat Configuration Reference (6.0.39) - The HTTP Connector</title><meta name="author" content="Craig R. McClanahan"><meta name="author" content="Yoav Shapira"><style type="text/css" media="print">
+ .noPrint {display: none;}
+ td#mainBody {width: 100%;}
+ </style></head><body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76"><table border="0" width="100%" cellspacing="0"><!--PAGE HEADER--><tr><td><!--PROJECT LOGO--><a href="http://tomcat.apache.org/"><img src="../images/tomcat.gif" align="right" alt="
+ The Apache Tomcat Servlet/JSP Container
+ " border="0"></a></td><td><h1><font face="arial,helvetica,sanserif">Apache Tomcat 6.0</font></h1><font face="arial,helvetica,sanserif">Version 6.0.39, Jan 27 2014</font></td><td><!--APACHE LOGO--><a href="http://www.apache.org/"><img src="../images/asf-logo.gif" align="right" alt="Apache Logo" border="0"></a></td></tr></table><table border="0" width="100%" cellspacing="4"><!--HEADER SEPARATOR--><tr><td colspan="2"><hr noshade="noshade" size="1"></td></tr><tr><!--LEFT SIDE NAVIGATION--><td width="20%" valign="top" nowrap="nowrap" class="noPrint"><p><strong>Links</strong></p><ul><li><a href="../index.html">Docs Home</a></li><li><a href="index.html">Config Ref. Home</a></li></ul><p><strong>Top Level Elements</strong></p><ul><li><a href="server.html">Server</a></li><li><a href="service.html">Service</a></li></ul><p><strong>Executors</strong></p><ul><li><a href="executor.html">Executor</a></li></ul><p><strong>Connectors</strong></p><ul><li><a href="http.html">HTTP</a></li><li><a href="ajp.html">AJP</a></li></ul><p><strong>Containers</strong></p><ul><li><a href="context.html">Context</a></li><li><a href="engine.html">Engine</a></li><li><a href="host.html">Host</a></li><li><a href="cluster.html">Cluster</a></li></ul><p><strong>Nested Components</strong></p><ul><li><a href="globalresources.html">Global Resources</a></li><li><a href="listeners.html">Listeners</a></li><li><a href="loader.html">Loader</a></li><li><a href="manager.html">Manager</a></li><li><a href="realm.html">Realm</a></li><li><a href="resources.html">Resources</a></li><li><a href="valve.html">Valve</a></li></ul><p><strong>Cluster Elements</strong></p><ul><li><a href="cluster.html">Cluster</a></li><li><a href="cluster-manager.html">Manager</a></li><li><a href="cluster-channel.html">Channel</a></li><li><a href="cluster-membership.html">Channel/Membership</a></li><li><a href="cluster-sender.html">Channel/Sender</a></li><li><a href="cluster-receiver.html">Channel/Receiver</a></li><li><a href="cluster-interceptor.html">Channel/Interceptor</a></li><li><a href="cluster-valve.html">Valve</a></li><li><a href="cluster-deployer.html">Deployer</a></li><li><a href="cluster-listener.html">ClusterListener</a></li></ul><p><strong>Other</strong></p><ul><li><a href="filter.html">Filter</a></li><li><a href="systemprops.html">System properties</a></li></ul></td><!--RIGHT SIDE MAIN BODY--><td width="80%" valign="top" align="left" id="mainBody"><h1>Apache Tomcat Configuration Reference</h1><h2>The HTTP Connector</h2><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Table of Contents"><!--()--></a><a name="Table_of_Contents"><strong>Table of Contents</strong></a></font></td></tr><tr><td><blockquote>
+<ul><li><a href="#Introduction">Introduction</a></li><li><a href="#Attributes">Attributes</a><ol><li><a href="#Common_Attributes">Common Attributes</a></li><li><a href="#Standard_Implementation">Standard Implementation</a></li><li><a href="#Nio_Implementation">Nio Implementation</a></li></ol></li><li><a href="#Nested_Components">Nested Components</a></li><li><a href="#Special_Features">Special Features</a><ol><li><a href="#HTTP/1.1_and_HTTP/1.0_Support">HTTP/1.1 and HTTP/1.0 Support</a></li><li><a href="#Proxy_Support">Proxy Support</a></li><li><a href="#SSL_Support">SSL Support</a></li><li><a href="#Connector_Comparison">Connector Comparison</a></li></ol></li></ul>
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The <strong>HTTP Connector</strong> element represents a
+ <strong>Connector</strong> component that supports the HTTP/1.1 protocol.
+ It enables Catalina to function as a stand-alone web server, in addition
+ to its ability to execute servlets and JSP pages. A particular instance
+ of this component listens for connections on a specific TCP port number
+ on the server. One or more such <strong>Connectors</strong> can be
+ configured as part of a single <a href="service.html">Service</a>, each
+ forwarding to the associated <a href="engine.html">Engine</a> to perform
+ request processing and create the response.</p>
+
+ <p>If you wish to configure the <strong>Connector</strong> that is used
+ for connections to web servers using the AJP protocol (such as the
+ <code>mod_jk 1.2.x</code> connector for Apache 1.3), see
+ <a href="ajp.html">here</a> instead.</p>
+
+ <p>Each incoming request requires
+ a thread for the duration of that request. If more simultaneous requests
+ are received than can be handled by the currently available request
+ processing threads, additional threads will be created up to the
+ configured maximum (the value of the <code>maxThreads</code> attribute).
+ If still more simultaneous requests are received, they are stacked up
+ inside the server socket created by the <strong>Connector</strong>, up to
+ the configured maximum (the value of the <code>acceptCount</code>
+ attribute). Any further simultaneous requests will receive "connection
+ refused" errors, until resources are available to process them.</p>
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Attributes"><strong>Attributes</strong></a></font></td></tr><tr><td><blockquote>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Common Attributes"><!--()--></a><a name="Common_Attributes"><strong>Common Attributes</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>All implementations of <strong>Connector</strong>
+ support the following attributes:</p>
+
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code>allowTrace</code></td><td align="left" valign="center">
+ <p>A boolean value which can be used to enable or disable the TRACE
+ HTTP method. If not specified, this attribute is set to false.</p>
+ </td></tr><tr><td align="left" valign="center"><code>emptySessionPath</code></td><td align="left" valign="center">
+ <p>If set to <code>true</code>, all paths for session cookies will be set
+ to <code>/</code>. This can be useful for portlet specification implementations.
+ If not specified, this attribute is set to <code>false</code>.<br>
+ A side effect to setting this to true, is that if Tomcat creates a new session it will attempt to use the
+ cookie session id if supplied by the client.<br>
+ <a href="http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/Request.java?diff_format=h&view=log#rev303682">SVN check in</a><br>
+ <a href="http://tomcat.markmail.org/search/?q=emptysessionpath%20reuse#query:emptysessionpath%20reuse%20date%3A200502%20+page:1+mid:2bocwjhn3cczsoii+state:results">Dev discussion</a><br>
+ <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=47298">Work around</a>
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>enableLookups</code></td><td align="left" valign="center">
+ <p>Set to <code>true</code> if you want calls to
+ <code>request.getRemoteHost()</code> to perform DNS lookups in
+ order to return the actual host name of the remote client. Set
+ to <code>false</code> to skip the DNS lookup and return the IP
+ address in String form instead (thereby improving performance).
+ By default, DNS lookups are disabled.</p>
+ </td></tr><tr><td align="left" valign="center"><code>maxHeaderCount</code></td><td align="left" valign="center">
+ <p>The maximum number of headers in a request that are allowed by the
+ container. A request that contains more headers than the specified limit
+ will be rejected. A value of less than 0 means no limit.
+ If not specified, a default of 100 is used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>maxParameterCount</code></td><td align="left" valign="center">
+ <p>The maximum number of parameters (GET plus POST) which will be
+ automatically parsed by the container. A value of less than 0 means no
+ limit. If not specified, a default of 10000 is used. Note that
+ <code>FailedRequestFilter</code> <a href="filter.html">filter</a> can be
+ used to reject requests that hit the limit.</p>
+ </td></tr><tr><td align="left" valign="center"><code>maxPostSize</code></td><td align="left" valign="center">
+ <p>The maximum size in bytes of the POST which will be handled by
+ the container FORM URL parameter parsing. The limit can be disabled by
+ setting this attribute to a value less than or equal to 0.
+ If not specified, this attribute is set to 2097152 (2 megabytes).</p>
+ </td></tr><tr><td align="left" valign="center"><code>maxSavePostSize</code></td><td align="left" valign="center">
+ <p>The maximum size in bytes of the POST which will be saved/buffered by
+ the container during FORM or CLIENT-CERT authentication. For both types
+ of authentication, the POST will be saved/buffered before the user is
+ authenticated. For CLIENT-CERT authentication, the POST is buffered for
+ the duration of the SSL handshake and the buffer emptied when the request
+ is processed. For FORM authentication the POST is saved whilst the user
+ is re-directed to the login form and is retained until the user
+ successfully authenticates or the session associated with the
+ authentication request expires. The limit can be disabled by setting this
+ attribute to -1. Setting the attribute to zero will disable the saving of
+ POST data during authentication. If not specified, this attribute is set
+ to 4096 (4 kilobytes).</p>
+ </td></tr><tr><td align="left" valign="center"><code>parseBodyMethods</code></td><td align="left" valign="center">
+ <p>A comma-separated list of HTTP methods for which request
+ bodies will be parsed for request parameters identically
+ to POST. This is useful in RESTful applications that want to
+ support POST-style semantics for PUT requests.
+ Note that any setting other than <code>POST</code> causes Tomcat
+ to behave in a way that does against the intent of the servlet
+ specification.
+ The HTTP method TRACE is specifically forbidden here in accordance
+ with the HTTP specification.
+ The default is <code>POST</code></p>
+ </td></tr><tr><td align="left" valign="center"><strong><code>port</code></strong></td><td align="left" valign="center">
+ <p>The TCP port number on which this <strong>Connector</strong>
+ will create a server socket and await incoming connections. Your
+ operating system will allow only one server application to listen
+ to a particular port number on a particular IP address.</p>
+ </td></tr><tr><td align="left" valign="center"><code>protocol</code></td><td align="left" valign="center">
+ <p>
+ Sets the protocol to handle incoming traffic.
+ The default value is <code>HTTP/1.1</code> and configures the
+ <code>org.apache.coyote.http11.Http11Protocol</code>. This is the blocking Java connector.<br>
+ If the <code>PATH</code> (Windows) or <code>LD_LIBRARY_PATH</code> (on most unix systems)
+ environment variables contain the Tomcat native library, the APR connector
+ will automatically be configured. Please be advised that the APR connector has different
+ settings for HTTPS than the default Java connector.<br>
+ Other values for this attribute are, but not limited to:<br>
+ <code>org.apache.coyote.http11.Http11Protocol</code> - same as HTTP/1.1<br>
+ <code>org.apache.coyote.http11.Http11NioProtocol</code> - non blocking Java connector<br>
+ <code>org.apache.coyote.http11.Http11AprProtocol</code> - the APR connector.<br>
+ Take a look at our <a href="#Connector Comparison">Connector Comparison</a> chart.
+ The configuration for both Java connectors are identical, both for http and https. <br>
+ For more information on the APR connector and APR specific SSL settings please
+ visit the <a href="../apr.html">APR documentation</a>
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>proxyName</code></td><td align="left" valign="center">
+ <p>If this <strong>Connector</strong> is being used in a proxy
+ configuration, configure this attribute to specify the server name
+ to be returned for calls to <code>request.getServerName()</code>.
+ See <a href="#Proxy Support">Proxy Support</a> for more
+ information.</p>
+ </td></tr><tr><td align="left" valign="center"><code>proxyPort</code></td><td align="left" valign="center">
+ <p>If this <strong>Connector</strong> is being used in a proxy
+ configuration, configure this attribute to specify the server port
+ to be returned for calls to <code>request.getServerPort()</code>.
+ See <a href="#Proxy Support">Proxy Support</a> for more
+ information.</p>
+ </td></tr><tr><td align="left" valign="center"><code>redirectPort</code></td><td align="left" valign="center">
+ <p>If this <strong>Connector</strong> is supporting non-SSL
+ requests, and a request is received for which a matching
+ <code><security-constraint></code> requires SSL transport,
+ Catalina will automatically redirect the request to the port
+ number specified here.</p>
+ </td></tr><tr><td align="left" valign="center"><code>SSLEnabled</code></td><td align="left" valign="center">
+ <p>
+ Use this attribute to enable SSL traffic on a connector.
+ To turn on SSL handshake/encryption/decryption on a connector
+ set this value to <code>true</code>.
+ The default value is <code>false</code>.
+ When turning this value <code>true</code> you will want to set the
+ <code>scheme</code> and the <code>secure</code> attributes as well
+ to pass the correct <code>request.getScheme()</code> and
+ <code>request.isSecure()</code> values to the servlets
+ See <a href="#SSL Support">SSL Support</a> for more information.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>scheme</code></td><td align="left" valign="center">
+ <p>Set this attribute to the name of the protocol you wish to have
+ returned by calls to <code>request.getScheme()</code>. For
+ example, you would set this attribute to "<code>https</code>"
+ for an SSL Connector. The default value is "<code>http</code>".
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>secure</code></td><td align="left" valign="center">
+ <p>Set this attribute to <code>true</code> if you wish to have
+ calls to <code>request.isSecure()</code> to return <code>true</code>
+ for requests received by this Connector. You would want this on an
+ SSL Connector or a non SSL connector that is receiving data from a
+ SSL accelerator, like a crypto card, a SSL appliance or even a webserver.
+ The default value is <code>false</code>.</p>
+ </td></tr><tr><td align="left" valign="center"><code>URIEncoding</code></td><td align="left" valign="center">
+ <p>This specifies the character encoding used to decode the URI bytes,
+ after %xx decoding the URL. If not specified, ISO-8859-1 will be used.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>useBodyEncodingForURI</code></td><td align="left" valign="center">
+ <p>This specifies if the encoding specified in contentType should be used
+ for URI query parameters, instead of using the URIEncoding. This
+ setting is present for compatibility with Tomcat 4.1.x, where the
+ encoding specified in the contentType, or explicitly set using
+ Request.setCharacterEncoding method was also used for the parameters from
+ the URL. The default value is <code>false</code>.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>useIPVHosts</code></td><td align="left" valign="center">
+ <p>Set this attribute to <code>true</code> to cause Tomcat to use
+ the IP address that the request was received on to determine the Host
+ to send the request to. The default value is <code>false</code>.</p>
+ </td></tr><tr><td align="left" valign="center"><code>xpoweredBy</code></td><td align="left" valign="center">
+ <p>Set this attribute to <code>true</code> to cause Tomcat to advertise
+ support for the Servlet specification using the header recommended in the
+ specification. The default value is <code>false</code>.</p>
+ </td></tr></table>
+
+ </blockquote></td></tr></table>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Standard Implementation"><!--()--></a><a name="Standard_Implementation"><strong>Standard Implementation</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>
+ HTTP supports the following additional attributes (in addition to the
+ common attributes listed above):</p>
+
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code>acceptCount</code></td><td align="left" valign="center">
+ <p>The maximum queue length for incoming connection requests when
+ all possible request processing threads are in use. Any requests
+ received when the queue is full will be refused. The default
+ value is 100.</p>
+ </td></tr><tr><td align="left" valign="center"><code>address</code></td><td align="left" valign="center">
+ <p>For servers with more than one IP address, this attribute
+ specifies which address will be used for listening on the specified
+ port. By default, this port will be used on all IP addresses
+ associated with the server.</p>
+ </td></tr><tr><td align="left" valign="center"><code>bufferSize</code></td><td align="left" valign="center">
+ <p>The size (in bytes) of the buffer to be provided for input
+ streams created by this connector. By default, buffers of
+ 2048 bytes will be provided.</p>
+ </td></tr><tr><td align="left" valign="center"><code>compressableMimeType</code></td><td align="left" valign="center">
+ <p>The value is a comma separated list of MIME types for which HTTP
+ compression may be used.
+ The default value is <code>text/html,text/xml,text/plain</code>.</p>
+ </td></tr><tr><td align="left" valign="center"><code>compression</code></td><td align="left" valign="center">
+ <p>The <strong>Connector</strong> may use HTTP/1.1 GZIP compression in
+ an attempt to save server bandwidth. The acceptable values for the
+ parameter is "off" (disable compression), "on" (allow compression, which
+ causes text data to be compressed), "force" (forces compression in all
+ cases), or a numerical integer value (which is equivalent to "on", but
+ specifies the minimum amount of data before the output is compressed). If
+ the content-length is not known and compression is set to "on" or more
+ aggressive, the output will also be compressed. If not specified, this
+ attribute is set to "off".</p>
+ <p><em>Note</em>: There is a tradeoff between using compression (saving
+ your bandwidth) and using the sendfile feature (saving your CPU cycles).
+ If the connector supports the sendfile feature, e.g. the NIO connector,
+ using sendfile will take precedence over compression. The symptoms will
+ be that static files greater that 48 Kb will be sent uncompressed.
+ You can turn off sendfile by setting <code>useSendfile</code> attribute
+ of the connector, as documented below, or change the sendfile usage
+ threshold in the configuration of the
+ <a href="../default-servlet.html">DefaultServlet</a> in the default
+ <code>conf/web.xml</code> or in the <code>web.xml</code> of your web
+ application.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>connectionLinger</code></td><td align="left" valign="center">
+ <p>The number of seconds during which the sockets used by this
+ <strong>Connector</strong> will linger when they are closed. Setting this
+ attribute to <code>-1</code> will disable connection linger. The default
+ value for the BIO and AJP connectors is 100. The default value for the NIO
+ connection is 25.</p>
+ </td></tr><tr><td align="left" valign="center"><code>connectionTimeout</code></td><td align="left" valign="center">
+ <p>The number of milliseconds this <strong>Connector</strong> will wait,
+ after accepting a connection, for the request URI line to be
+ presented. The default value is 60000 (i.e. 60 seconds).</p>
+ </td></tr><tr><td align="left" valign="center"><code>executor</code></td><td align="left" valign="center">
+ <p>A reference to the name in an <a href="executor.html">Executor</a> element.
+ If this attribute is enabled, and the named executor exists, the connector will
+ use the executor, and all the other thread attributes will be ignored.</p>
+ </td></tr><tr><td align="left" valign="center"><code>keepAliveTimeout</code></td><td align="left" valign="center">
+ <p>The number of milliseconds this <strong>Connector</strong> will wait for
+ another HTTP request before closing the connection.
+ The default value is to use the value that has been set for the
+ connectionTimeout attribute.</p>
+ </td></tr><tr><td align="left" valign="center"><code>disableUploadTimeout</code></td><td align="left" valign="center">
+ <p>This flag allows the servlet container to use a different, longer
+ connection timeout while a servlet is being executed, which in the end
+ allows either the servlet a longer amount of time to complete its
+ execution, or a longer timeout during data upload. If not specified,
+ this attribute is set to "true".</p>
+ </td></tr><tr><td align="left" valign="center"><code>maxHttpHeaderSize</code></td><td align="left" valign="center">
+ <p>The maximum size of the request and response HTTP header, specified
+ in bytes.
+ If not specified, this attribute is set to 8192 (8 KB).</p>
+ </td></tr><tr><td align="left" valign="center"><code>maxKeepAliveRequests</code></td><td align="left" valign="center">
+ <p>The maximum number of HTTP requests which can be pipelined until
+ the connection is closed by the server. Setting this attribute to 1 will
+ disable HTTP/1.0 keep-alive, as well as HTTP/1.1 keep-alive and
+ pipelining. Setting this to -1 will allow an unlimited amount of
+ pipelined or keep-alive HTTP requests.
+ If not specified, this attribute is set to 100.</p>
+ </td></tr><tr><td align="left" valign="center"><code>maxThreads</code></td><td align="left" valign="center">
+ <p>The maximum number of request processing threads to be created
+ by this <strong>Connector</strong>, which therefore determines the
+ maximum number of simultaneous requests that can be handled. If
+ not specified, this attribute is set to 200. If an executor is associated
+ with this connector, this attribute is ignored as the connector will
+ execute tasks using the executor rather than an internal thread pool.</p>
+ </td></tr><tr><td align="left" valign="center"><code>noCompressionUserAgents</code></td><td align="left" valign="center">
+ <p>The value is a comma separated list of regular expressions matching
+ user-agents of HTTP clients for which compression should not be used,
+ because these clients, although they do advertise support for the
+ feature, have a broken implementation.
+ The default value is an empty String (regexp matching disabled).</p>
+ </td></tr><tr><td align="left" valign="center"><strong><code>port</code></strong></td><td align="left" valign="center">
+ <p>The TCP port number on which this <strong>Connector</strong>
+ will create a server socket and await incoming connections. Your
+ operating system will allow only one server application to listen
+ to a particular port number on a particular IP address.</p>
+ </td></tr><tr><td align="left" valign="center"><code>restrictedUserAgents</code></td><td align="left" valign="center">
+ <p>The value is a comma separated list of regular expressions matching
+ user-agents of HTTP clients for which HTTP/1.1 or HTTP/1.0 keep alive
+ should not be used, even if the clients advertise support for these
+ features.
+ The default value is an empty String (regexp matching disabled).</p>
+ </td></tr><tr><td align="left" valign="center"><code>server</code></td><td align="left" valign="center">
+ <p>Overrides the Server header for the http response. If set, the value
+ for this attribute overrides the Tomcat default and any Server header set
+ by a web application. If not set, any value specified by the application
+ is used. If the application does not specify a value then
+ <code>Apache-Coyote/1.1</code> is used. Unless you are paranoid, you won't
+ need this feature.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>socketBuffer</code></td><td align="left" valign="center">
+ <p>The size (in bytes) of the buffer to be provided for socket
+ output buffering. -1 can be specified to disable the use of a buffer.
+ By default, a buffers of 9000 bytes will be used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>tcpNoDelay</code></td><td align="left" valign="center">
+ <p>If set to <code>true</code>, the TCP_NO_DELAY option will be
+ set on the server socket, which improves performance under most
+ circumstances. This is set to <code>true</code> by default.</p>
+ </td></tr><tr><td align="left" valign="center"><code>threadPriority</code></td><td align="left" valign="center">
+ <p>The priority of the request processing threads within the JVM.
+ The default value is <code>5</code> (the value of the
+ <code>java.lang.Thread.NORM_PRIORITY</code> constant). See the JavaDoc
+ for the <code>java.lang.Thread</code> class for more details on what
+ this priority means.
+ </p>
+ </td></tr></table>
+
+ </blockquote></td></tr></table>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Nio Implementation"><!--()--></a><a name="Nio_Implementation"><strong>Nio Implementation</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The NIO connector exposes all the low level socket properties that can be used to tune the connector.
+ Most of these attributes are directly linked to the socket implementation in the JDK so you can find out
+ about the actual meaning in the JDK API documentation.<br>
+ <strong>Note:</strong> On some JDK versions, setTrafficClass causes a problem, a work around for this is to add
+ the <code>-Djava.net.preferIPv4Stack=true</code> value to your command line</p>
+
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code>useSendfile</code></td><td align="left" valign="center">
+ <p>(bool)Use this attribute to enable or disable sendfile capability.
+ The default value is <code>true</code>
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>useExecutor</code></td><td align="left" valign="center">
+ <p>(bool)Set to true to use the NIO thread pool executor. The default value is <code>true</code>.
+ If set to false, it uses a thread pool based on a stack for its execution.
+ Generally, using the executor yields a little bit slower performance, but yields a better
+ fairness for processing connections in a high load environment as the traffic gets queued through a
+ FIFO queue. If set to true(default) then the max pool size is the <code>maxThreads</code> attribute
+ and the core pool size is the <code>minSpareThreads</code>.
+ This value is ignored if the <code>executor</code> attribute is present and points to a valid shared thread pool.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>executor</code></td><td align="left" valign="center">
+ <p>A reference to the name in an <a href="executor.html">Executor</a> element.
+ If this attribute is enabled, and the named executor exists, the connector will
+ use the executor, and all the other thread attributes will be ignored.</p>
+ </td></tr><tr><td align="left" valign="center"><code>acceptorThreadCount</code></td><td align="left" valign="center">
+ <p>(int)The number of threads to be used to accept connections. Increase this value on a multi CPU machine,
+ although you would never really need more than <code>2</code>. Also, with a lot of non keep alive connections,
+ you might want to increase this value as well. Default value is <code>1</code>.</p>
+ </td></tr><tr><td align="left" valign="center"><code>pollerThreadCount</code></td><td align="left" valign="center">
+ <p>(int)The number of threads to be used to run for the polling events.
+ Default value is <code>1</code> per processor. Can't see a reason to go
+ above that. But experiment and find your own results.</p>
+ </td></tr><tr><td align="left" valign="center"><code>pollerThreadPriority</code></td><td align="left" valign="center">
+ <p>(int)The priority of the poller threads.
+ The default value is <code>5</code> (the value of the
+ <code>java.lang.Thread.NORM_PRIORITY</code> constant). See the JavaDoc
+ for the <code>java.lang.Thread</code> class for more details on what
+ this priority means.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>acceptorThreadPriority</code></td><td align="left" valign="center">
+ <p>(int)The priority of the acceptor threads. The threads used to accept new connections.
+ The default value is <code>5</code> (the value of the
+ <code>java.lang.Thread.NORM_PRIORITY</code> constant). See the JavaDoc
+ for the <code>java.lang.Thread</code> class for more details on what
+ this priority means.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>selectorTimeout</code></td><td align="left" valign="center">
+ <p>(int)The time in milliseconds to timeout on a select() for the poller.
+ This value is important, since connection clean up is done on the same thread, so do not set this
+ value to an extremely high one. The default value is <code>1000</code> milliseconds.</p>
+ </td></tr><tr><td align="left" valign="center"><code>useComet</code></td><td align="left" valign="center">
+ <p>(bool)Whether to allow comet servlets or not, Default value is <code>true</code>.</p>
+ </td></tr><tr><td align="left" valign="center"><code>processorCache</code></td><td align="left" valign="center">
+ <p>(int)The protocol handler caches Http11NioProcessor objects to speed up performance.
+ This setting dictates how many of these objects get cached.
+ <code>-1</code> means unlimited, default is <code>200</code>. Set this value somewhere close to your maxThreads value.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>maxKeepAliveRequests</code></td><td align="left" valign="center">
+ <p>The maximum number of HTTP requests which can be pipelined until
+ the connection is closed by the server. Setting this attribute to 1 will
+ disable HTTP/1.0 keep-alive, as well as HTTP/1.1 keep-alive and
+ pipelining. Setting this to -1 will allow an unlimited amount of
+ pipelined or keep-alive HTTP requests.
+ If not specified, this attribute is set to 100.</p>
+ </td></tr><tr><td align="left" valign="center"><code>socket.directBuffer</code></td><td align="left" valign="center">
+ <p>(bool)Boolean value, whether to use direct ByteBuffers or java mapped ByteBuffers. Default is <code>false</code>
+ <br>When you are using direct buffers, make sure you allocate the appropriate amount of memory for the
+ direct memory space. On Sun's JDK that would be something like <code>-XX:MaxDirectMemorySize=256m</code></p>
+ </td></tr><tr><td align="left" valign="center"><code>socket.rxBufSize</code></td><td align="left" valign="center">
+ <p>(int)The socket receive buffer (SO_RCVBUF) size in bytes. Default value is <code>25188</code></p>
+ </td></tr><tr><td align="left" valign="center"><code>socket.txBufSize</code></td><td align="left" valign="center">
+ <p>(int)The socket send buffer (SO_SNDBUF) size in bytes. Default value is <code>43800</code></p>
+ </td></tr><tr><td align="left" valign="center"><code>socket.appReadBufSize</code></td><td align="left" valign="center">
+ <p>(int)Each connection that is opened up in Tomcat get associated with a read and a write ByteBuffer
+ This attribute controls the size of these buffers. By default this read buffer is sized at <code>8192</code> bytes.
+ For lower concurrency, you can increase this to buffer more data.
+ For an extreme amount of keep alive connections, decrease this number or increase your heap size.</p>
+ </td></tr><tr><td align="left" valign="center"><code>socket.appWriteBufSize</code></td><td align="left" valign="center">
+ <p>(int)Each connection that is opened up in Tomcat get associated with a read and a write ByteBuffer
+ This attribute controls the size of these buffers. By default this write buffer is sized at <code>8192</code> bytes.
+ For low concurrency you can increase this to buffer more response data.
+ For an extreme amount of keep alive connections, decrease this number or increase your heap size.
+ <br>
+ The default value here is pretty low, you should up it if you are not dealing with tens of thousands
+ concurrent connections.</p>
+ </td></tr><tr><td align="left" valign="center"><code>socket.bufferPool</code></td><td align="left" valign="center">
+ <p>(int)The Nio connector uses a class called NioChannel that holds elements linked to a socket.
+ To reduce garbage collection, the Nio connector caches these channel objects.
+ This value specifies the size of this cache.
+ The default value is <code>500</code>, and represents that the cache will hold 500 NioChannel objects.
+ Other values are <code>-1</code>. unlimited cache, and <code>0</code>, no cache.</p>
+ </td></tr><tr><td align="left" valign="center"><code>socket.bufferPoolSize</code></td><td align="left" valign="center">
+ <p>(int)The NioChannel pool can also be size based, not used object based. The size is calculated as follows:<br>
+ NioChannel <code>buffer size = read buffer size + write buffer size</code><br>
+ SecureNioChannel <code>buffer size = application read buffer size + application write buffer size + network read buffer size + network write buffer size</code><br>
+ The value is in bytes, the default value is <code>1024*1024*100</code> (100MB)
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>socket.processorCache</code></td><td align="left" valign="center">
+ <p>(int)Tomcat will cache SocketProcessor objects to reduce garbage collection.
+ The integer value specifies how many objects to keep in the cache at most.
+ The default is <code>500</code>.
+ Other values are <code>-1</code>. unlimited cache, and <code>0</code>, no cache.</p>
+ </td></tr><tr><td align="left" valign="center"><code>socket.keyCache</code></td><td align="left" valign="center">
+ <p>(int)Tomcat will cache KeyAttachment objects to reduce garbage collection.
+ The integer value specifies how many objects to keep in the cache at most.
+ The default is <code>500</code>.
+ Other values are <code>-1</code>. unlimited cache, and <code>0</code>, no cache.</p>
+ </td></tr><tr><td align="left" valign="center"><code>socket.eventCache</code></td><td align="left" valign="center">
+ <p>(int)Tomcat will cache PollerEvent objects to reduce garbage collection.
+ The integer value specifies how many objects to keep in the cache at most.
+ The default is <code>500</code>.
+ Other values are <code>-1</code>. unlimited cache, and <code>0</code>, no cache.</p>
+ </td></tr><tr><td align="left" valign="center"><code>socket.tcpNoDelay</code></td><td align="left" valign="center">
+ <p>(bool)same as the standard setting <code>tcpNoDelay</code>. Default value is <code>false</code></p>
+ </td></tr><tr><td align="left" valign="center"><code>socket.soKeepAlive</code></td><td align="left" valign="center">
+ <p>(bool)Boolean value for the socket's keep alive setting (SO_KEEPALIVE). Default is <code>false</code>. </p>
+ </td></tr><tr><td align="left" valign="center"><code>socket.ooBInline</code></td><td align="left" valign="center">
+ <p>(bool)Boolean value for the socket OOBINLINE setting. Default value is <code>true</code></p>
+ </td></tr><tr><td align="left" valign="center"><code>socket.soReuseAddress</code></td><td align="left" valign="center">
+ <p>(bool)Boolean value for the sockets reuse address option (SO_REUSEADDR). Default value is <code>true</code></p>
+ </td></tr><tr><td align="left" valign="center"><code>socket.soLingerOn</code></td><td align="left" valign="center">
+ <p>(bool)Boolean value for the sockets so linger option (SO_LINGER). Default value is <code>true</code>.
+ This option is paired with the <code>soLingerTime</code> value.</p>
+ </td></tr><tr><td align="left" valign="center"><code>socket.soLingerTime</code></td><td align="left" valign="center">
+ <p>(bool)Value in seconds for the sockets so linger option (SO_LINGER). Default value is <code>25</code> seconds.
+ This option is paired with the soLinger value.</p>
+ </td></tr><tr><td align="left" valign="center"><code>socket.soTimeout</code></td><td align="left" valign="center">
+ <p>(int)Value in milliseconds for the sockets read timeout (SO_TIMEOUT). Default value is <code>5000</code> milliseconds.</p>
+ </td></tr><tr><td align="left" valign="center"><code>socket.soTrafficClass</code></td><td align="left" valign="center">
+ <p>(byte)Value between <code>0</code> and <code>255</code> for the traffic class on the socket, <code>0x04 | 0x08 | 0x010</code></p>
+ </td></tr><tr><td align="left" valign="center"><code>socket.performanceConnectionTime</code></td><td align="left" valign="center">
+ <p>(int)The first value for the performance settings. Default is <code>1</code>, see <a href="http://docs.oracle.com/javase/1.5.0/docs/api/java/net/Socket.html#setPerformancePreferences(int,%20int,%20int)">Socket Performance Options</a></p>
+ </td></tr><tr><td align="left" valign="center"><code>socket.performanceLatency</code></td><td align="left" valign="center">
+ <p>(int)The second value for the performance settings. Default is <code>0</code>, see <a href="http://docs.oracle.com/javase/1.5.0/docs/api/java/net/Socket.html#setPerformancePreferences(int,%20int,%20int)">Socket Performance Options</a></p>
+ </td></tr><tr><td align="left" valign="center"><code>socket.performanceBandwidth</code></td><td align="left" valign="center">
+ <p>(int)The third value for the performance settings. Default is <code>1</code>, see <a href="http://docs.oracle.com/javase/1.5.0/docs/api/java/net/Socket.html#setPerformancePreferences(int,%20int,%20int)">Socket Performance Options</a></p>
+ </td></tr><tr><td align="left" valign="center"><code>selectorPool.maxSelectors</code></td><td align="left" valign="center">
+ <p>(int)The max selectors to be used in the pool, to reduce selector contention.
+ Use this option when the command line <code>org.apache.tomcat.util.net.NioSelectorShared</code> value is set to false.
+ Default value is <code>200</code>.</p>
+ </td></tr><tr><td align="left" valign="center"><code>selectorPool.maxSpareSelectors</code></td><td align="left" valign="center">
+ <p>(int)The max spare selectors to be used in the pool, to reduce selector contention.
+ When a selector is returned to the pool, the system can decide to keep it or let it be GC:ed.
+ Use this option when the command line <code>org.apache.tomcat.util.net.NioSelectorShared</code> value is set to false.
+ Default value is <code>-1</code> (unlimited)</p>
+ </td></tr><tr><td align="left" valign="center"><code>command-line-options</code></td><td align="left" valign="center">
+ <p>The following command line options are available for the NIO connector:<br>
+ <code>-Dorg.apache.tomcat.util.net.NioSelectorShared=true|false</code>
+ - default is <code>true</code>. Set this value to <code>false</code> if you wish to
+ use a selector for each thread. When you set it to <code>false</code>, you can
+ control the size of the pool of selectors by using the
+ <strong>selectorPool.maxSelectors</strong> attribute</p>
+ </td></tr><tr><td align="left" valign="center"><code>oomParachute</code></td><td align="left" valign="center">
+ <p>(int)The NIO connector implements an OutOfMemoryError strategy called parachute.
+ It holds a chunk of data as a byte array. In case of an OOM,
+ this chunk of data is released and the error is reported. This will give the VM enough room
+ to clean up. The <code>oomParachute</code> represent the size in bytes of the parachute(the byte array).
+ The default value is <code>1024*1024</code>(1MB).
+ Please note, this only works for OOM errors regarding the Java Heap space, and there is absolutely no
+ guarantee that you will be able to recover at all.
+ If you have an OOM outside of the Java Heap, then this parachute trick will not help.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>socket.unlockTimeout</code></td><td align="left" valign="center">
+ <p>(int) The timeout for a socket unlock. When a connector is stopped, it will try to release the acceptor thread by opening a connector to itself.
+ The default value is <code>250</code> and the value is in milliseconds</p>
+ </td></tr></table>
+ </blockquote></td></tr></table>
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Nested Components"><!--()--></a><a name="Nested_Components"><strong>Nested Components</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>None at this time.</p>
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Special Features"><!--()--></a><a name="Special_Features"><strong>Special Features</strong></a></font></td></tr><tr><td><blockquote>
+
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="HTTP/1.1 and HTTP/1.0 Support"><!--()--></a><a name="HTTP/1.1_and_HTTP/1.0_Support"><strong>HTTP/1.1 and HTTP/1.0 Support</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>This <strong>Connector</strong> supports all of the required features
+ of the HTTP/1.1 protocol, as described in RFC 2616, including persistent
+ connections, pipelining, expectations and chunked encoding. If the client
+ (typically a browser) supports only HTTP/1.0, the
+ <strong>Connector</strong> will gracefully fall back to supporting this
+ protocol as well. No special configuration is required to enable this
+ support. The <strong>Connector</strong> also supports HTTP/1.0
+ keep-alive.</p>
+
+ <p>RFC 2616 requires that HTTP servers always begin their responses with
+ the highest HTTP version that they claim to support. Therefore, this
+ <strong>Connector</strong> will always return <code>HTTP/1.1</code> at
+ the beginning of its responses.</p>
+
+ </blockquote></td></tr></table>
+
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Proxy Support"><!--()--></a><a name="Proxy_Support"><strong>Proxy Support</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The <code>proxyName</code> and <code>proxyPort</code> attributes can
+ be used when Tomcat is run behind a proxy server. These attributes
+ modify the values returned to web applications that call the
+ <code>request.getServerName()</code> and <code>request.getServerPort()</code>
+ methods, which are often used to construct absolute URLs for redirects.
+ Without configuring these attributes, the values returned would reflect
+ the server name and port on which the connection from the proxy server
+ was received, rather than the server name and port to whom the client
+ directed the original request.</p>
+
+ <p>For more information, see the
+ <a href="../proxy-howto.html">Proxy Support HOW-TO</a>.</p>
+
+ </blockquote></td></tr></table>
+
+
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="SSL Support"><!--()--></a><a name="SSL_Support"><strong>SSL Support</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>You can enable SSL support for a particular instance of this
+ <strong>Connector</strong> by setting the <code>SSLEnabled</code> attribute to
+ <code>true</code>.</p>
+
+ <p>You will also need to set the <code>scheme</code> and <code>secure</code> attributes
+ to the values <code>https</code> and <code>true</code> respectively,
+ to pass correct information to the servlets.</p>
+
+ <p>In addition, you may need to configure the following
+ attributes:</p>
+
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code>algorithm</code></td><td align="left" valign="center">
+ <p>The certificate encoding algorithm to be used. This defaults to
+ <code>KeyManagerFactory.getDefaultAlgorithm()</code> which returns
+ <code>SunX509</code> for Sun JVMs. IBM JVMs return
+ <code>IbmX509</code>. For other vendors, consult the JVM
+ documentation for the default value.</p>
+ </td></tr><tr><td align="left" valign="center"><code>clientAuth</code></td><td align="left" valign="center">
+ <p>Set to <code>true</code> if you want the SSL stack to require a
+ valid certificate chain from the client before accepting a connection.
+ Set to <code>want</code> if you want the SSL stack to request a client
+ Certificate, but not fail if one isn't presented. A <code>false</code>
+ value (which is the default) will not require a certificate chain
+ unless the client requests a resource protected by a security
+ constraint that uses <code>CLIENT-CERT</code> authentication. See the
+ <a href="../ssl-howto.html">SSL HowTo</a> for an example.</p>
+ </td></tr><tr><td align="left" valign="center"><code>clientCertProvider</code></td><td align="left" valign="center">
+ <p>When client certificate information is presented in a form other than
+ instances of <code>java.security.cert.X509Certificate</code> it needs to
+ be converted before it can be used and this property controls which JSSE
+ provider is used to perform the conversion. For example it is used with
+ the <a href="ajp.html">AJP connectors</a>, the HTTP APR connector and
+ with the <a href="valve.html#SSL_Authenticator_Valve">
+ org.apache.catalina.valves.SSLValve</a>. If not specified, the default
+ provider will be used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>keystoreFile</code></td><td align="left" valign="center">
+ <p>The pathname of the keystore file where you have stored the
+ server certificate to be loaded. By default, the pathname is
+ the file "<code>.keystore</code>" in the operating system home
+ directory of the user that is running Tomcat. If your
+ <code>keystoreType</code> doesn't need a file use <code>""</code>
+ (empty string) for this parameter.</p>
+ </td></tr><tr><td align="left" valign="center"><code>keystorePass</code></td><td align="left" valign="center">
+ <p>The password used to access the server certificate from the
+ specified keystore file. The default value is "<code>changeit</code>".
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>keystoreType</code></td><td align="left" valign="center">
+ <p>The type of keystore file to be used for the server certificate.
+ If not specified, the default value is "<code>JKS</code>".</p>
+ </td></tr><tr><td align="left" valign="center"><code>keystoreProvider</code></td><td align="left" valign="center">
+ <p>The name of the keystore provider to be used for the server
+ certificate. If not specified, the list of registered providers is
+ traversed in preference order and the first provider that supports the
+ <code>keystoreType</code> is used.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>sslProtocol</code></td><td align="left" valign="center">
+ <p>The the SSL protocol(s) to use (a single value may enable multiple
+ protocols - see the JVM documentation for details). If not specified, the
+ default is <code>TLS</code>. The permitted values may be obtained from the
+ JVM documentation for the allowed values for algorithm when creating an
+ <code>SSLContext</code> instance e.g.
+ <a href="http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#SSLContext">
+ Oracle Java 6</a> and
+ <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext">
+ Oracle Java 7</a>. Note: There is overlap between this attribute and
+ <code>sslEnabledProtocols</code>.</p>
+ </td></tr><tr><td align="left" valign="center"><code>ciphers</code></td><td align="left" valign="center">
+ <p>The comma separated list of encryption ciphers that this socket is
+ allowed to use. By default, the default ciphers for the JVM will be used.
+ Note that this usually means that the weak export grade ciphers will be
+ included in the list of available ciphers. The ciphers are specified using
+ the JSSE cipher naming convention.</p>
+ </td></tr><tr><td align="left" valign="center"><code>keyAlias</code></td><td align="left" valign="center">
+ <p>The alias used to for the server certificate in the keystore. If not
+ specified the first key read in the keystore will be used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>trustManagerClassName</code></td><td align="left" valign="center">
+ <p>The name of a custom trust manager class to use to validate client
+ certificates. The class must have a zero argument constructor and must
+ also implement <code>javax.net.ssl.X509TrustManager</code>. If this
+ attribute is set, the trust store attributes may be ignored.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>truststoreFile</code></td><td align="left" valign="center">
+ <p>The trust store file to use to validate client certificates. The
+ default is the value of the <code>javax.net.ssl.trustStore</code> system
+ property. If neither this attribute nor the default system property is
+ set, no trust store will be configured.</p>
+ </td></tr><tr><td align="left" valign="center"><code>truststorePass</code></td><td align="left" valign="center">
+ <p>The password to access the trust store. The default is the value of the
+ <code>javax.net.ssl.trustStorePassword</code> system property. If that
+ property is null, the value of <code>keystorePass</code> is used as the
+ default. If an invalid trust store password is specified, a warning will
+ be logged and an attempt will be made to access the trust store without a
+ password which will skip validation of the trust store contents. If the
+ trust store password is defined as <code>""</code> then no
+ password will be used to access the store which will also skip validation
+ of the trust store contents.</p>
+ </td></tr><tr><td align="left" valign="center"><code>truststoreType</code></td><td align="left" valign="center">
+ <p>The type of key store used for the trust store. The default is the
+ value of the <code>javax.net.ssl.trustStoreType</code> system property. If
+ that property is null, the value of <code>keystoreType</code> is used as
+ the default.</p>
+ </td></tr><tr><td align="left" valign="center"><code>truststoreProvider</code></td><td align="left" valign="center">
+ <p>The name of the truststore provider to be used for the server
+ certificate. The default is the value of the
+ <code>javax.net.ssl.trustStoreProvider</code> system property. If
+ that property is null, the value of <code>keystoreProvider</code> is used
+ as the default. If neither this attribute, the default system property nor
+ <code>keystoreProvider</code>is set, the list of registered providers is
+ traversed in preference order and the first provider that supports the
+ <code>truststoreType</code> is used.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>sessionCacheSize</code></td><td align="left" valign="center">
+ <p>The number of SSL sessions to maintain in the session cache. Use 0 to
+ specify an unlimited cache size. If not specified, a default of 0 is
+ used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>sessionTimeout</code></td><td align="left" valign="center">
+ <p>The time, in seconds, after the creation of an SSL session that it will
+ timeout. Use 0 to specify an unlimited timeout. If not specified, a
+ default of 86400 (24 hours) is used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>sslEnabledProtocols</code></td><td align="left" valign="center">
+ <p>The comma separated list of SSL protocols to support for HTTPS
+ connections. If specified, only the protocols that are listed and
+ supported by the SSL implementation will be enabled. If not specified,
+ the JVM default is used. The permitted values may be obtained from the
+ JVM documentation for the allowed values for
+ <code>SSLSocket.setEnabledProtocols()</code> e.g.
+ <a href="http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#jssenames">
+ Oracle Java 6</a> and
+ <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#jssenames">
+ Oracle Java 7</a>. Note: There is overlap between this attribute and
+ <code>sslProtocol</code>.</p>
+ </td></tr><tr><td align="left" valign="center"><code>crlFile</code></td><td align="left" valign="center">
+ <p>The certificate revocation list file to use to validate client
+ certificates.</p>
+ </td></tr><tr><td align="left" valign="center"><code>allowUnsafeLegacyRenegotiation</code></td><td align="left" valign="center">
+ <p>Is unsafe legacy TLS renegotiation allowed which is likely to expose
+ users to CVE-2009-3555, a man-in-the-middle vulnerability in the TLS
+ protocol that allows an attacker to inject arbitrary data into the user's
+ request. If not specified, a default of <code>false</code> is used. This
+ attribute only has an effect if the JVM does not support RFC 5746 as
+ indicated by the presence of the pseudo-ciphersuite
+ TLS_EMPTY_RENEGOTIATION_INFO_SCSV. This is available JRE/JDK 6 update 22
+ onwards. Where RFC 5746 is supported the renegotiation - including support
+ for unsafe legacy renegotiation - is controlled by the JVM configuration.
+ </p>
+ </td></tr></table>
+
+ <p>For more information, see the
+ <a href="../ssl-howto.html">SSL Configuration HOW-TO</a>.</p>
+
+ </blockquote></td></tr></table>
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Connector Comparison"><!--()--></a><a name="Connector_Comparison"><strong>Connector Comparison</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>Below is a small chart that shows how the connectors differentiate.</p>
+ <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+ Java Blocking Connector Java Nio Blocking Connector APR Connector
+ Classname Http11Protocol Http11NioProtocol Http11AprProtocol
+ Tomcat Version 3.x 4.x 5.x 6.x 6.x 5.5.x 6.x
+ Support Polling NO YES YES
+ Polling Size N/A Unlimited - Restricted by mem Unlimited - Configurable
+ Read HTTP Request Blocking Non Blocking Blocking
+ Read HTTP Body Blocking Sim Blocking Blocking
+ Write HTTP Response Blocking Sim Blocking Blocking
+ SSL Support Java SSL Java SSL OpenSSL
+ SSL Handshake Blocking Non blocking Blocking
+ Max Connections maxThreads See polling size See polling size
+
+
+ </pre></td><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+
+ </blockquote></td></tr></table>
+</blockquote></td></tr></table></td></tr><!--FOOTER SEPARATOR--><tr><td colspan="2"><hr noshade="noshade" size="1"></td></tr><!--PAGE FOOTER--><tr><td colspan="2"><div align="center"><font color="#525D76" size="-1"><em>
+ Copyright © 1999-2014, Apache Software Foundation
+ </em></font></div></td></tr></table></body></html>
\ No newline at end of file