1 <?xml version="1.0" encoding="ISO-8859-1"?>
3 <!ENTITY project SYSTEM "project.xml">
5 <document url="ajpv13ext.html">
9 Licensed to the Apache Software Foundation (ASF) under one or more
10 contributor license agreements. See the NOTICE file distributed with
11 this work for additional information regarding copyright ownership.
12 The ASF licenses this file to You under the Apache License, Version 2.0
13 (the "License"); you may not use this file except in compliance with
14 the License. You may obtain a copy of the License at
16 http://www.apache.org/licenses/LICENSE-2.0
18 Unless required by applicable law or agreed to in writing, software
19 distributed under the License is distributed on an "AS IS" BASIS,
20 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21 See the License for the specific language governing permissions and
22 limitations under the License.
25 <title>AJPv13 extensions Proposal</title>
26 <author email="hgomez@apache.org">Henri Gomez</author>
27 <date>$Date: 2006-12-03 13:55:56 +0100 (Sun, 03 Dec 2006) $</date>
30 <section name="Introduction">
32 This document is a proposal of evolution of the current
33 Apache JServ Protocol version 1.3, also known as ajp13.
34 I'll not cover here the full protocol but only the add-on from ajp13.
36 This nth pass include comments from the tomcat-dev list and
37 misses discovered during developpment.
39 <subsection name="Missing features in AJP13">
41 ajp13 is a good protocol to link a servlet engine like tomcat to a web server like Apache:
45 use persistants connections to avoid reconnect time at each request
48 encode many http commands to reduce stream size
51 send to servlet engine many info from web server (like SSL certs)
55 But ajp13 lacks support for :
59 security between web server and servlet engine.
60 Anybody can connect to an ajp13 port (no login mecanism used)
61 You could connect, for example with telnet, and keep the remote thread
62 up by not sending any data (no timeout in connection)
65 context information passed from servlet engine to web server.
66 Part of the configuration of JK, the web server connector, is to
67 indicate to the web server which URI to handle.
68 The mod_jk JkMount directive, told to web server which URI must be
69 forwarded to servlet engine.
70 A servlet engine allready knows which URI it handle and TC 3.3 is
71 allready capable to generate a config file for JK from the list
72 of available contexts.
75 state update of contexts from servlet engine to web server.
76 Big site with farm of Tomcat, like ISP and virtuals hosters,
77 may need to stop a context for admin purposes. In that case the front
78 web server must know that the context is currently down, to eventually
79 relay the request to another Tomcat
82 verify state of connection before sending request.
83 Actually JK send the request to the servlet engine and next wait
84 for the answer. But one of the beauty of the socket API, is you that
85 you could write() to a closed connection without any error reporting,
86 but a read() to a closed connection return you the error code.
93 <subsection name="Proposed add-ons to AJP13">
95 Let's descrive here the features and add-on that could be added to AJP13.
96 Since this document is a proposal, a reasonable level of chaos must be expected at first.
97 Be sure that discussion on tomcat list will help clarify points, add
98 features but the current list seems to be a 'minimun vital'
103 Advanced login features at connect time
107 Basic authorisation system, where a shared secret key is
108 present in web server and servlet engine.
112 Basic protocol negociation, just to be sure that if functionnalities are added
113 to AJP13 in the future, current implementations will still works.
117 Clean handling of 'Unknown packets'
121 Extended env vars passed from web-server to servlet engine.
125 Add extra SSL informations needed by Servlet 2.3 API (like SSL_KEY_SIZE)
133 <subsection name="Advanced login">
138 WEB-SERVER send LOGIN INIT CMD + NEGOCIATION DATA + WEB SERVER INFO
141 TOMCAT respond with LOGIN SEED CMD + RANDOM DATA
144 WEB-SERVER calculted the MD5 of RANDOM DATA+SECRET DATA
147 WEB-SERVER send LOGIN COMP CMD + MD5 (SECRET DATA + RANDOM DATA)
150 TOMCAT respond with LOGIN STATUS CMD + NEGOCIED DATA + SERVLET ENGINE INFO
154 To prevent DOS attack, the servlet engine will wait
155 the LOGIN CMD only 15/30 seconds and reports the
156 timeout exception for admins investigation.
158 The login command will contains basic protocol
159 negociation information like compressing ability,
160 crypto, context info (at start up), context update at
161 run-time (up/down), level of SSL env vars, AJP protocol
162 level supported (level1/level2/level3...)
164 The Web server info will contain web server info and
165 connector name (ie Apache 1.3.26 + mod_ssl 2.8.8 + mod_jk 1.2.1 + mod_perl 1.25).
167 The servlet engine will mask the negociation mask with it's own
168 mask (what it can do) and return it when loggin is accepted.
170 This will help having a basic AJP13 implementation (level 1)
171 on a web-server working with a more advanced protocol handler on
172 the servlet engine side or vice-versa.
174 AJP13 was designed to be small and fast and so many
175 SSL informations present in the web-server are not
176 forwarded to the servlet engine.
178 We add here four negociations flags to provide more
179 informations on client SSL data (certs), server SSL datas,
180 crypto used, and misc datas (timeout...).
184 <subsection name="Messages Stream">
187 +----------------+------------------+-----------------+
188 | LOGIN INIT CMD | NEGOCIATION DATA | WEB SERVER INFO |
189 +----------------+------------------+-----------------+
191 +----------------+----------------+
192 | LOGIN SEED CMD | MD5 of entropy |
193 +----------------+----------------+
195 +----------------+----------------------------+
196 | LOGIN COMP CMD | MD5 of RANDOM + SECRET KEY |
197 +----------------+----------------------------+
199 +-----------+---------------+---------------------+
200 | LOGOK CMD | NEGOCIED DATA | SERVLET ENGINE INFO |
201 +-----------+---------------+---------------------+
203 +------------+--------------+
204 | LOGNOK CMD | FAILURE CODE |
205 +------------+--------------+
210 LOGIN INIT CMD, LOGIN SEED CMD, LOGIN COMP CMD, LOGOK CMD, LOGNOK CMD are 1 byte long.
213 MD5, MD5 of RANDOM + SECRET KEY are 32 chars long.
216 NEGOCIATION DATA, NEGOCIED DATA, FAILURE CODE are 32 bits long.
219 WEB SERVER INFO, SERVLET ENGINE INFO are CString.
223 The secret key will be set by a new propertie in
224 workers.properties : secretkey
226 worker.ajp13.port=8009
227 worker.ajp13.host=localhost
228 worker.ajp13.type=ajp13
229 worker.ajp13.secretkey=myverysecretkey
234 <subsection name="Shutdown feature">
236 AJP13 miss a functionnality of AJP12, which is shutdown command.
237 A logout will tell servlet engine to shutdown itself.
239 +--------------+----------------------------+
240 | SHUTDOWN CMD | MD5 of RANDOM + SECRET KEY |
241 +--------------+----------------------------+
247 +-------------+--------------+
248 | SHUTNOK CMD | FAILURE CODE |
249 +-------------+--------------+
254 SHUTDOWN CMD, SHUTOK CMD, SHUTNOK CMD are 1 byte long.
257 MD5 of RANDOM + SECRET KEY are 32 chars long.
260 FAILURE CODE is 32 bits long.
267 <subsection name="Extended Env Vars feature">
271 While working on AJP13 in JK, I really discovered "JkEnvVar".
272 The following "Extended Env Vars feature" description may not
273 be implemented in extended AJP13 since allready available in original
278 Many users will want to see some of their web-server env vars
279 passed to their servlet engine.
281 To reduce the network traffic, the web-servlet will send a
282 table to describing the external vars in a shorter fashion.
284 We'll use there a functionnality allready present in AJP13,
287 In the AJP13, we've got :
290 AJP13_FORWARD_REQUEST :=
298 server_port (integer)
300 num_headers (integer)
301 request_headers *(req_header_name req_header_value)
303 ?context (byte string)
304 ?servlet_path (byte string)
305 ?remote_user (byte string)
306 ?auth_type (byte string)
307 ?query_string (byte string)
309 ?ssl_cert (byte string)
310 ?ssl_cipher (byte string)
311 ?ssl_session (byte string)
313 ?attributes *(attribute_name attribute_value)
314 request_terminator (byte)
317 Using short 'web server attribute name' will reduce the
321 +-------------------+---------------------------+-------------------------------+----+
322 | EXTENDED VARS CMD | WEB SERVER ATTRIBUTE NAME | SERVLET ENGINE ATTRIBUTE NAME | ES |
323 +-------------------+---------------------------+-------------------------------+----+
329 JkExtVars S1 SSL_CLIENT_V_START javax.servlet.request.ssl_start_cert_date
330 JkExtVars S2 SSL_CLIENT_V_END javax.servlet.request.ssl_end_cert_date
331 JkExtVars S3 SSL_SESSION_ID javax.servlet.request.ssl_session_id
334 +-------------------+----+-------------------------------------------+
335 | EXTENDED VARS CMD | S1 | javax.servlet.request.ssl_start_cert_date |
336 +-------------------+----+-------------------------------------------+
337 +----+-----------------------------------------+
338 | S2 | javax.servlet.request.ssl_end_cert_date |
339 +----+-----------------------------------------+
340 +----+-----------------------------------------+
341 | S3 | javax.servlet.request.ssl_end_cert_date |
342 +----+-----------------------------------------+
345 During transmission in extended AJP13 we'll see attributes name
346 containing S1, S2, S3 and attributes values of
347 2001/01/03, 2002/01/03, 0123AFE56.
349 This example showed the use of extended SSL vars but
350 any 'personnal' web-server vars like custom authentification
351 vars could be reused in the servlet engine.
352 The cost will be only some more bytes in the AJP traffic.
356 EXTENDED VARS CMD is 1 byte long.
359 WEB SERVER ATTRIBUTE NAME, SERVLET ENGINE ATTRIBUTE NAME are CString.
362 ES is an empty CString.
369 <subsection name="Context informations forwarding for Servlet engine to Web Server">
371 Just after the LOGON PHASE, the web server will ask for the list of contexts
372 and URLs/URIs handled by the servlet engine.
373 It will ease installation in many sites, reduce questions about configuration
374 on tomcat-user list, and be ready for servlet API 2.3.
376 This mode will be activated by a new directive JkAutoMount
378 ie: JkAutoMount examples myworker1 /examples/
380 If we want to get ALL the contexts handled by the servlet engine, willcard
383 ie: JkAutoMount * myworker1 *
385 A servlet engine could have many contexts, /examples, /admin, /test.
386 We may want to use only some contexts for a given worker. It was
387 done previously, in apache HTTP server for example, by setting by
388 hand the JkMount accordingly in each [virtual] area of Apache.
390 If you web-server support virtual hosting, we'll forward also that
391 information to servlet engine which will only return contexts for
393 In that case the servlet engine will only return the URL/URI matching
394 these particular virtual server (defined in server.xml).
395 This feature will help ISP and big sites which mutualize large farm
396 of Tomcat in load-balancing configuration.
399 +-----------------+-------------------+----------+----------+----+
400 | CONTEXT QRY CMD | VIRTUAL HOST NAME | CONTEXTA | CONTEXTB | ES |
401 +-----------------+-------------------+----------+----------+----+
403 +------------------+-------------------+----------+-------------------+----------+---------------+----+
404 | CONTEXT INFO CMD | VIRTUAL HOST NAME | CONTEXTA | URL1 URL2 URL3 ES | CONTEXTB | URL1 URL2 ... | ES |
405 +------------------+-------------------+----------+-------------------+----------+---------------+----+
408 We'll discover via context-query, the list of URL/MIMES handled by the remove servlet engine
409 for a list of contextes.
410 In wildcard mode, CONTEXTA will contains just '*'.
414 CONTEXT QRY CMD and CONTEXT INFO CMD are 1 byte long.
417 VIRTUAL HOST NAME is a CString, ie an array of chars terminated by a null byte (/0).
420 An empty string is just a null byte (/0).
423 ES is an empty CString. Indicate end of URI/URLs or end of CONTEXTs.
428 When VirtualMode is not to be used, the VIRTUAL HOST NAME is '*'.
429 In that case the servlet engine will send all contexts handled.
433 <subsection name="Context informations updates from Servlet engine to Web Server">
435 Context update are messages caming from the servlet engine each time a context
436 is desactivated/reactivated. The update will be in use when the directive JkUpdateMount.
437 This directive will set the AJP13_CONTEXT_UPDATE_NEG flag.
439 ie: JkUpdateMount myworker1
442 +--------------------+-------------------+----------+--------+----------+--------+----+
443 | CONTEXT UPDATE CMD | VIRTUAL HOST NAME | CONTEXTA | STATUS | CONTEXTB | STATUS | ES |
444 +--------------------+-------------------+----------+--------+----------+--------+----+
449 CONTEXT UPDATE CMD, STATUS are 1 byte long.
452 VIRTUAL HOST NAME, CONTEXTS are CString.
455 ES is an empty CString. Indicate end of CONTEXTs.
460 When VirtualMode is not in use, the VIRTUAL HOST NAME is '*'.
461 STATUS is one byte indicating if context is UP/DOWN/INVALID
465 <subsection name="Context status query to Servlet engine">
467 This query will be used by the web-server to determine if a given
468 contexts are UP, DOWN or INVALID (and should be removed).
471 +-------------------+--------------------+----------+----------+----+
472 | CONTEXT STATE CMD | VIRTUAL HOST NAME | CONTEXTA | CONTEXTB | ES |
473 +-------------------+--------------------+----------+----------+----+
475 +-------------------------+-------------------+----------+--------+----------+--------+----+
476 | CONTEXT STATE REPLY CMD | VIRTUAL HOST NAME | CONTEXTA | STATUS | CONTEXTB | STATUS | ES |
477 +-------------------------+-------------------+----------+-------------------+--------+----+
482 CONTEXT STATE CMD, CONTEXT STATE REPLY CMD, STATUS are 1 byte long.
485 VIRTUAL HOST NAME, CONTEXTs are CString
488 ES is an empty CString
493 When VirtualMode is not in use, the VIRTUAL HOST NAME is an empty string.
497 <subsection name="Handling of unknown packets">
499 Sometimes even with a well negocied protocol, we may be in a situation
500 where one end (web server or servlet engine), will receive a message it
501 couldn't understand. In that case the receiver will send an
502 'UNKNOW PACKET CMD' with attached the unhandled message.
505 +--------------------+------------------------+-------------------+
506 | UNKNOWN PACKET CMD | UNHANDLED MESSAGE SIZE | UNHANDLED MESSAGE |
507 +--------------------+------------------------+-------------------+
510 Depending on the message, the sender will report an error and if
511 possible will try to forward the message to another endpoint.
515 UNKNOWN PACKET CMD is 1 byte long.
518 UNHANDLED MESSAGE SIZE is 16bits long.
521 UNHANDLED MESSAGE is an array of byte (length is contained in UNHANDLED MESSAGE SIZE)
526 added UNHANDLED MESSAGE SIZE (development)
530 <subsection name="Verification of connection before sending request">
532 NOTA: This fonctionality may never be used, since it may slow up the normal process
533 since requiring on the web-server side an extra IO (read) before forwarding
536 One of the beauty of socket APIs, is that you could write on a half closed socket.
537 When servlet engine close the socket, the web server will discover it only at the
538 next read() to the socket.
539 Basically, in the AJP13 protocol, the web server send the HTTP HEADER and HTTP BODY
540 (POST by chunk of 8K) to the servlet engine and then try to receive the reply.
541 If the connection was broken the web server will learn it only at receive time.
543 We could use a buffering scheme but what happen when you use the servlet engine
544 for upload operations with more than 8ko of datas ?
546 The hack in the AJP13 protocol is to add some bytes to read after the end of the
550 EXAMPLE OF DISCUSSION BETWEEN WEB SERVER AND SERVLET ENGINE
552 AJP HTTP-HEADER (+ HTTP-POST) (WEB->SERVLET)
554 AJP HTTP-REPLY (SERVLET->WEB)
556 AJP END OF DISCUSSION (SERVLET->WEB)
558 ---> AJP STATUS (SERVLET->WEB AJP13)
561 The AJP STATUS will not be read by the servlet engine at the end of
562 the request/response #N but at the begining of the next session.
564 More at that time the web server could also use OS dependants functions
565 (or better APR functions) to determine if there is also more data
566 to read. And that datas could be CONTEXT Updates.
568 This will avoid the web server sending a request to a
569 desactivated context. In that case, if the load-balancing is used,
570 it will search for another servlet engine to handle the request.
572 And that feature will help ISP and big sites with farm of tomcat,
573 to updates their servlet engine without any service interruption.
576 +------------+-------------+
577 | STATUS CMD | STATUS DATA |
578 +------------+-------------+
583 STATUS CMD and STATUS DATA are one byte long.
591 <section name="Conclusion">
593 The goal of the extended AJP13 protocol is to overcome some of the original AJP13 limitation.
594 An easier configuration, a better support for large site and farm of Tomcat,
595 a simple authentification system and provision for protocol updates.
597 Using the stable ajp13 implementation in JK (native) and in servlet
598 engine (java), it's a reasonable evolution of the well known ajp13.
602 <section name="Commands and IDs in extended AJP13 Index">
604 Index of Commands and ID to be added in AJP13 Protocol
607 <subsection name="Commands IDs">
610 <tr><th>Command Name</th><th>Command Number</th></tr>
611 <tr><td>AJP13_LOGINIT_CMD</td><td>0x10</td></tr>
612 <tr><td>AJP13_LOGSEED_CMD</td><td>0x11</td></tr>
613 <tr><td>AJP13_LOGCOMP_CMD</td><td>0x12</td></tr>
614 <tr><td>AJP13_LOGOK_CMD</td><td>0x13</td></tr>
615 <tr><td>AJP13_LOGNOK_CMD</td><td>0x14</td></tr>
616 <tr><td>AJP13_CONTEXT_QRY_CMD</td><td>0x15</td></tr>
617 <tr><td>AJP13_CONTEXT_INFO_CMD</td><td>0x16</td></tr>
618 <tr><td>AJP13_CONTEXT_UPDATE_CMD</td><td>0x17</td></tr>
619 <tr><td>AJP13_STATUS_CMD</td><td>0x18</td></tr>
620 <tr><td>AJP13_SHUTDOWN_CMD</td><td>0x19</td></tr>
621 <tr><td>AJP13_SHUTOK_CMD</td><td>0x1A</td></tr>
622 <tr><td>AJP13_SHUTNOK_CMD</td><td>0x1B</td></tr>
623 <tr><td>AJP13_CONTEXT_STATE_CMD</td><td>0x1C</td></tr>
624 <tr><td>AJP13_CONTEXT_STATE_REP_CMD</td><td>0x1D</td></tr>
625 <tr><td>AJP13_UNKNOW_PACKET_CMD</td><td>0x1E</td></tr>
631 <subsection name="Negociations Flags">
634 <tr><th>Command Name</th><th>Number</th><th>Description</th></tr>
635 <tr><td>AJP13_CONTEXT_INFO_NEG</td><td>0x80000000</td><td>web-server want context info after login</td></tr>
636 <tr><td>AJP13_CONTEXT_UPDATE_NEG</td><td>0x40000000</td><td>web-server want context updates</td></tr>
637 <tr><td>AJP13_GZIP_STREAM_NEG</td><td>0x20000000</td><td>web-server want compressed stream</td></tr>
638 <tr><td>AJP13_DES56_STREAM_NEG</td><td>0x10000000</td><td>web-server want crypted DES56 stream with secret key</td></tr>
639 <tr><td>AJP13_SSL_VSERVER_NEG</td><td>0x08000000</td><td>Extended info on server SSL vars</td></tr>
640 <tr><td>AJP13_SSL_VCLIENT_NEG</td><td>0x04000000</td><td>Extended info on client SSL vars</td></tr>
641 <tr><td>AJP13_SSL_VCRYPTO_NEG</td><td>0x02000000</td><td>Extended info on crypto SSL vars</td></tr>
642 <tr><td>AJP13_SSL_VMISC_NEG</td><td>0x01000000</td><td>Extended info on misc SSL vars</td></tr>
648 <tr><th>Negociation ID</th><th>Number</th><th>Description</th></tr>
649 <tr><td>AJP13_PROTO_SUPPORT_AJPXX_NEG</td><td>0x00FF0000</td><td>mask of protocol supported</td></tr>
650 <tr><td>AJP13_PROTO_SUPPORT_AJP13L1_NEG</td><td>0x00010000</td><td>communication could use AJP13 Level 1</td></tr>
651 <tr><td>AJP13_PROTO_SUPPORT_AJP13L2_NEG</td><td>0x00020000</td><td>communication could use AJP13 Level 2</td></tr>
652 <tr><td>AJP13_PROTO_SUPPORT_AJP13L3_NEG</td><td>0x00040000</td><td>communication could use AJP13 Level 3</td></tr>
656 All others flags must be set to 0 since they are reserved for future use.
661 <subsection name="Failure IDs">
664 <tr><th>Failure Id</th><th>Number</th></tr>
665 <tr><td>AJP13_BAD_KEY_ERR</td><td>0xFFFFFFFF</td></tr>
666 <tr><td>AJP13_ENGINE_DOWN_ERR</td><td>0xFFFFFFFE</td></tr>
667 <tr><td>AJP13_RETRY_LATER_ERR</td><td>0xFFFFFFFD</td></tr>
668 <tr><td>AJP13_SHUT_AUTHOR_FAILED_ERR</td><td>0xFFFFFFFC</td></tr>
673 <subsection name="Status">
676 <tr><th>Failure Id</th><th>Number</th></tr>
677 <tr><td>AJP13_CONTEXT_DOWN</td><td>0x01</td></tr>
678 <tr><td>AJP13_CONTEXT_UP</td><td>0x02</td></tr>
679 <tr><td>AJP13_CONTEXT_OK</td><td>0x03</td></tr>