As per the below link
https://github.com/spring-projects/spring-boot/issues/6164, the following features are removed from tomcat 8.5
a) Class org.apache.tomcat.util.net.ServerSocketFactory no longer exists
b) Class org.apache.tomcat.util.net.jsse.JSSESocketFactory no longer exists
c) Method JSSEImplementaton.getServerSockerFactory(AbstractEndpoint) no longer exists
d) Method JSSEImplementaton.getSSLUtil(AbstractEndpoint) no longer exists
These make our upgrade from tomcat 8.0 to tomcat 8.5.x difficult.
We have two requirements
- Tomcat AJP protocol receives encrypted content coming from the HTTP server and gives an encrypted response. This was possible with tomcat 8, by using custom classes implementing tomcat's ServerSocketFactory interface.
- Store certificates file for tomcat https in a custom keystore (an XML file)
How these can be achieved in tomcat 8.5? Any suggestions appreciated. (We were doing it in Tomcat 8 using custom SocketFcatory implementing tomcat's interface)
After the connector refactoring the
JIoEndpointthat allowed to specify arbitraryServerSocketFactoryis no longer available.However the AJP connector is almost ready to accept SSL connections if you allow some changes to Tomcat's codebase: the
AbstractAjpProtocolclass just lacks an implementation of theaddSslHostConfigandfindSslHostConfigsor better it has implementations that don't store or return anything with a very explicit comment:If you change them as in
AbstractHttp11Protocol, you'll be able to configure an AJP connector the same way you configure a HTTP/1.1 connector:Regarding the certificate storage you can implement your own
KeyStoreSpiand security provider and use: