Ich habe ein Problem bei der Migration von Tomcat7 zu Tomcat8. Dinge scheinen gut zu funktionieren, aber wenn ich meine Anwendung zugreifen meldet es diese Ausnahme:Tomcat 8: SSL-Sitzungs-ID nicht verfügbar
09-Nov-2016 13:23:09.192 WARNING [https-openssl-nio-9443-exec-3] org.apache.coyote.AbstractProcessor.populateSslRequestAttributes Exception getting SSL attributes
java.lang.IllegalStateException: SSL session ID not available
at org.apache.tomcat.util.net.openssl.OpenSSLEngine$OpenSSLSession.getId(OpenSSLEngine.java:1048)
at org.apache.tomcat.util.net.jsse.JSSESupport.getSessionId(JSSESupport.java:156)
at org.apache.coyote.AbstractProcessor.populateSslRequestAttributes(AbstractProcessor.java:619)
at org.apache.coyote.AbstractProcessor.action(AbstractProcessor.java:359)
at org.apache.coyote.Request.action(Request.java:392)
at org.apache.catalina.connector.Request.getAttribute(Request.java:900)
at org.apache.catalina.connector.RequestFacade.getAttribute(RequestFacade.java:282)
at org.apache.cxf.transport.http.AbstractHTTPDestination.propogateSecureSession(AbstractHTTPDestination.java:411)
at org.apache.cxf.transport.http.AbstractHTTPDestination.setupMessage(AbstractHTTPDestination.java:395)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:238)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:180)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:298)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:217)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:273)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:589)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:784)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:802)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1410)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Unknown Source)
Mein Anschluss auf diese Weise definiert ist:
<Connector port="9443" URIEncoding="utf-8" protocol="HTTP/1.1"
scheme="https" secure="true" SSLEnabled="true"
maxPostSize="-1"
useAprConnector ="false"
sslProtocol="TLSv1.2" clientAuth="want"
disableSessionTickets="true"
keystoreFile="${catalina.home}/conf/keystore.jks"
keystorePass="..."
truststoreFile="${catalina.home}/conf/truststore.jks"
truststorePass="..."
/>
Dinge arbeitet auf tomcat7 in Ordnung, und auch in tomcat8 sicheren Verbindung ist in Ordnung.
Ist 'disableSessionTickets =" true "' sicher? – jsosnowski
Ja. Die Kosten sind eine Erhöhung der Serverspeicherauslastung. Wie viel wird von Fall zu Fall variieren. Sie müssen Ihre Umgebung testen, um zu wissen, was die Zahlen für Sie sind. –