summaryrefslogtreecommitdiffstats
path: root/rubbos/app/tomcat-connectors-1.2.32-src/docs/ajp/printer/ajpv13ext.html
blob: 300f4b3cdf555a53c8bb482c34f0644f3ce7739c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
<html><head><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>The Apache Tomcat Connector - AJP Protocol Reference - AJPv13 extensions Proposal</title><meta name="author" value="Henri Gomez"><meta name="email" value="hgomez@apache.org"><link href="../../style.css" type="text/css" rel="stylesheet"></head><body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76"><table border="0" width="100%" cellspacing="4"><!--PAGE HEADER--><tr><td colspan="2"><!--TOMCAT LOGO--><a href="http://tomcat.apache.org/"><img src="../../images/tomcat.gif" align="left" alt="Apache Tomcat" border="0"></a><!--APACHE LOGO--><a href="http://www.apache.org/"><img src="http://www.apache.org/images/asf-logo.gif" align="right" alt="Apache Logo" border="0"></a></td></tr><!--HEADER SEPARATOR--><tr><td colspan="2"><hr noshade size="1"></td></tr><tr><!--RIGHT SIDE MAIN BODY--><td width="80%" valign="top" align="left"><table border="0" width="100%" cellspacing="4"><tr><td align="left" valign="top"><h1>The Apache Tomcat Connector - AJP Protocol Reference</h1><h2>AJPv13 extensions Proposal</h2></td><td align="right" valign="top" nowrap="true"><img src="../../images/void.gif" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table><table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
<p>
This document is a proposal of evolution of the current
Apache JServ Protocol version 1.3, also known as ajp13.  
I'll not cover here the full protocol but only the add-on from ajp13.

This nth pass include comments from the tomcat-dev list and
misses discovered during developpment.
</p>
<table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Missing features in AJP13"><strong>Missing features in AJP13</strong></a></font></td></tr><tr><td><blockquote>
<p>
ajp13 is a good protocol to link a servlet engine like tomcat to a web server like Apache: 

<ul>
<li>
use persistants connections to avoid reconnect time at each request
</li>
<li>
encode many http commands to reduce stream size
</li>
<li>
send to servlet engine many info from web server (like SSL certs)
</li>
</ul>
<p>
But ajp13 lacks support for : 
</p>
<ul>
<li>
  security between web server and servlet engine.
  Anybody can connect to an ajp13 port (no login mecanism used)
  You could connect, for example with telnet, and keep the remote thread
  up by not sending any data (no timeout in connection)
</li>
<li>
  context information passed from servlet engine to web server.
  Part of the configuration of JK, the web server connector, is to
  indicate to the web server which URI to handle. 
  The mod_jk JkMount directive, told to web server which URI must be 
  forwarded to servlet engine.
  A servlet engine allready knows which URI it handle and TC 3.3 is
  allready capable to generate a config file for JK from the list
  of available contexts.
</li>
<li>
  state update of contexts from servlet engine to web server.
  Big site with farm of Tomcat, like ISP and virtuals hosters,
  may need to stop a context for admin purposes. In that case the front
  web server must know that the context is currently down, to eventually
  relay the request to another Tomcat
</li>
<li>
  verify state of connection before sending request.
  Actually JK send the request to the servlet engine and next wait 
  for the answer. But one of the beauty of the socket API, is you that 
  you could write() to a closed connection without any error reporting, 
  but a read() to a closed connection return you the error code. 
</li>
</ul>

</p>
</blockquote></td></tr></table>

<table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Proposed add-ons to AJP13"><strong>Proposed add-ons to AJP13</strong></a></font></td></tr><tr><td><blockquote>
<p>
Let's descrive here the features and add-on that could be added to AJP13.
Since this document is a proposal, a reasonable level of chaos must be expected at first.
Be sure that discussion on tomcat list will help clarify points, add 
features but the current list seems to be a 'minimun vital'

<ul>

<li>
Advanced login features at connect time
</li>

<li>
Basic authorisation system, where a shared secret key is
present in web server and servlet engine.
</li>

<li>
Basic protocol negociation, just to be sure that if functionnalities are added
to AJP13 in the future, current implementations will still works.
</li>

<li>
Clean handling of 'Unknown packets'
</li>

<li>
Extended env vars passed from web-server to servlet engine.
</li>

<li>
Add extra SSL informations needed by Servlet 2.3 API (like SSL_KEY_SIZE)
</li>

</ul>

</p>
</blockquote></td></tr></table>

<table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Advanced login"><strong>Advanced login</strong></a></font></td></tr><tr><td><blockquote>
<p>

<ol>
<li>
WEB-SERVER send LOGIN INIT CMD + NEGOCIATION DATA + WEB SERVER INFO
</li>
<li>
  TOMCAT respond with LOGIN SEED CMD + RANDOM DATA
</li>
<li>
  WEB-SERVER calculted the MD5 of RANDOM DATA+SECRET DATA
</li>
<li>
  WEB-SERVER send LOGIN COMP CMD + MD5 (SECRET DATA + RANDOM DATA)
</li>
<li>
  TOMCAT respond with LOGIN STATUS CMD + NEGOCIED DATA + SERVLET ENGINE INFO
</li>
</ol>

To prevent DOS attack, the servlet engine will wait
the LOGIN CMD only 15/30 seconds and reports the
timeout exception for admins investigation.

The login command will contains basic protocol
negociation information like compressing ability, 
crypto, context info (at start up), context update at 
run-time (up/down), level of SSL env vars, AJP protocol
level supported (level1/level2/level3...)

The Web server info will contain web server info and
connector name (ie Apache 1.3.26 + mod_ssl 2.8.8 + mod_jk 1.2.1 + mod_perl 1.25).

The servlet engine will mask the negociation mask with it's own
mask (what it can do) and return it when loggin is accepted.

This will help having a basic AJP13 implementation (level 1)
on a web-server working with a more advanced protocol handler on
the servlet engine side or vice-versa.

AJP13 was designed to be small and fast and so many
SSL informations present in the web-server are not
forwarded to the servlet engine. 

We add here four negociations flags to provide more
informations on client SSL data (certs), server SSL datas, 
crypto used, and misc datas (timeout...). 
</p>
</blockquote></td></tr></table>

<table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Messages Stream"><strong>Messages Stream</strong></a></font></td></tr><tr><td><blockquote>
<p>
<div class="example"><pre>
+----------------+------------------+-----------------+
| LOGIN INIT CMD | NEGOCIATION DATA | WEB SERVER INFO |
+----------------+------------------+-----------------+

+----------------+----------------+
| LOGIN SEED CMD | MD5 of entropy |
+----------------+----------------+

+----------------+----------------------------+
| LOGIN COMP CMD | MD5 of RANDOM + SECRET KEY |
+----------------+----------------------------+

+-----------+---------------+---------------------+
| LOGOK CMD | NEGOCIED DATA | SERVLET ENGINE INFO |
+-----------+---------------+---------------------+

+------------+--------------+
| LOGNOK CMD | FAILURE CODE |
+------------+--------------+
</pre></div>

<ul>
<li>
LOGIN INIT CMD, LOGIN SEED CMD, LOGIN COMP CMD, LOGOK CMD, LOGNOK CMD are 1 byte long.
</li>
<li>
MD5, MD5 of RANDOM + SECRET KEY are 32 chars long.
</li>
<li>
NEGOCIATION DATA, NEGOCIED DATA, FAILURE CODE are 32 bits long.
</li>
<li>
WEB SERVER INFO, SERVLET ENGINE INFO are CString.
</li>
</ul>

The secret key will be set by a new propertie in
workers.properties : secretkey
<div class="example"><pre>
worker.ajp13.port=8009
worker.ajp13.host=localhost
worker.ajp13.type=ajp13
worker.ajp13.secretkey=myverysecretkey
</pre></div>
</p>
</blockquote></td></tr></table>

<table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Shutdown feature"><strong>Shutdown feature</strong></a></font></td></tr><tr><td><blockquote>
<p>
AJP13 miss a functionnality of AJP12, which is shutdown command.
A logout will tell servlet engine to shutdown itself.
<div class="example"><pre>
+--------------+----------------------------+
| SHUTDOWN CMD | MD5 of RANDOM + SECRET KEY |
+--------------+----------------------------+

+------------+
| SHUTOK CMD |
+------------+

+-------------+--------------+
| SHUTNOK CMD | FAILURE CODE |
+-------------+--------------+
</pre></div>

<ul>
<li>
SHUTDOWN CMD, SHUTOK CMD, SHUTNOK CMD are 1 byte long.
</li>
<li>
MD5 of RANDOM + SECRET KEY are 32 chars long.
</li>
<li>
FAILURE CODE is 32 bits long.
</li>
</ul>

</p>
</blockquote></td></tr></table>

<table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Extended Env Vars feature"><strong>Extended Env Vars feature</strong></a></font></td></tr><tr><td><blockquote>
<p>
NOTA:

While working on AJP13 in JK, I really discovered "JkEnvVar". 
The following "Extended Env Vars feature" description may not
be implemented in extended AJP13 since allready available in original
implementation.

DESC:

Many users will want to see some of their web-server env vars 
passed to their servlet engine.

To reduce the network traffic, the web-servlet will send a 
table to describing the external vars in a shorter fashion.

We'll use there a functionnality allready present in AJP13,
attributes list :

In the AJP13, we've got :

<div class="example"><pre>
AJP13_FORWARD_REQUEST :=
    prefix_code      2
    method           (byte)
    protocol         (string)
    req_uri          (string)
    remote_addr      (string)
    remote_host      (string)
    server_name      (string)
    server_port      (integer)
    is_ssl           (boolean)
    num_headers      (integer)
    request_headers *(req_header_name req_header_value)

    ?context       (byte string)
    ?servlet_path  (byte string)
    ?remote_user   (byte string)
    ?auth_type     (byte string)
    ?query_string  (byte string)
    ?route         (byte string)
    ?ssl_cert      (byte string)
    ?ssl_cipher    (byte string)
    ?ssl_session   (byte string)

    ?attributes   *(attribute_name attribute_value)
    request_terminator (byte)
</pre></div>

Using short 'web server attribute name' will reduce the 
network traffic.
 
<div class="example"><pre>
+-------------------+---------------------------+-------------------------------+----+
| EXTENDED VARS CMD | WEB SERVER ATTRIBUTE NAME | SERVLET ENGINE ATTRIBUTE NAME | ES |
+-------------------+---------------------------+-------------------------------+----+
</pre></div>

ie :

<div class="example"><pre>
JkExtVars S1 SSL_CLIENT_V_START javax.servlet.request.ssl_start_cert_date
JkExtVars S2 SSL_CLIENT_V_END   javax.servlet.request.ssl_end_cert_date
JkExtVars S3 SSL_SESSION_ID     javax.servlet.request.ssl_session_id


+-------------------+----+-------------------------------------------+
| EXTENDED VARS CMD | S1 | javax.servlet.request.ssl_start_cert_date |
+-------------------+----+-------------------------------------------+
+----+-----------------------------------------+
| S2 | javax.servlet.request.ssl_end_cert_date |
+----+-----------------------------------------+
+----+-----------------------------------------+
| S3 | javax.servlet.request.ssl_end_cert_date |
+----+-----------------------------------------+
</pre></div>

During transmission in extended AJP13 we'll see attributes name
containing S1, S2, S3 and attributes values of 
2001/01/03, 2002/01/03, 0123AFE56.
 
This example showed the use of extended SSL vars but 
any 'personnal' web-server vars like custom authentification
vars could be reused in the servlet engine.
The cost will be only some more bytes in the AJP traffic.

<ul>
<li>
EXTENDED VARS CMD is 1 byte long.
</li>
<li>
WEB SERVER ATTRIBUTE NAME, SERVLET ENGINE ATTRIBUTE NAME are CString.
</li>
<li>
ES is an empty CString.
</li>
</ul>

</p>
</blockquote></td></tr></table>

<table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Context informations forwarding for Servlet engine to Web Server"><strong>Context informations forwarding for Servlet engine to Web Server</strong></a></font></td></tr><tr><td><blockquote>
<p>
Just after the LOGON PHASE, the web server will ask for the list of contexts
and URLs/URIs handled by the servlet engine.
It will ease installation in many sites, reduce questions about configuration 
on tomcat-user list, and be ready for servlet API 2.3.

This mode will be activated by a new directive JkAutoMount 

ie: JkAutoMount examples myworker1 /examples/

If we want to get ALL the contexts handled by the servlet engine, willcard
could be used :

ie: JkAutoMount * myworker1 *

A servlet engine could have many contexts, /examples, /admin, /test.
We may want to use only some contexts for a given worker. It was
done previously, in apache HTTP server for example, by setting by 
hand the JkMount accordingly in each [virtual] area of Apache.

If you web-server support virtual hosting, we'll forward also that
information to servlet engine which will only return contexts for
that virtual host. 
In that case the servlet engine will only return the URL/URI matching
these particular virtual server (defined in server.xml). 
This feature will help ISP and big sites which mutualize large farm
of Tomcat in load-balancing configuration.

<div class="example"><pre>
+-----------------+-------------------+----------+----------+----+
| CONTEXT QRY CMD | VIRTUAL HOST NAME | CONTEXTA | CONTEXTB | ES |
+-----------------+-------------------+----------+----------+----+

+------------------+-------------------+----------+-------------------+----------+---------------+----+
| CONTEXT INFO CMD | VIRTUAL HOST NAME | CONTEXTA | URL1 URL2 URL3 ES | CONTEXTB | URL1 URL2 ... | ES |
+------------------+-------------------+----------+-------------------+----------+---------------+----+
</pre></div>

We'll discover via context-query, the list of URL/MIMES handled by the remove servlet engine
for a list of contextes.
In wildcard mode, CONTEXTA will contains just '*'.

<ul>
<li>
CONTEXT QRY CMD and CONTEXT INFO CMD are 1 byte long.
</li>
<li>
VIRTUAL HOST NAME is a CString, ie an array of chars terminated by a null byte (/0).
</li>
<li>
An empty string is just a null byte (/0).
</li>
<li>
ES is an empty CString. Indicate end of URI/URLs or end of CONTEXTs.
</li>
</ul>

NB:<br>
When VirtualMode is not to be used, the VIRTUAL HOST NAME is '*'.
In that case the servlet engine will send all contexts handled.
</p>
</blockquote></td></tr></table>

<table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Context informations updates from Servlet engine to Web Server"><strong>Context informations updates from Servlet engine to Web Server</strong></a></font></td></tr><tr><td><blockquote>
<p>
Context update are messages caming from the servlet engine each time a context 
is desactivated/reactivated. The update will be in use when the directive JkUpdateMount.
This directive will set the AJP13_CONTEXT_UPDATE_NEG flag.

ie: JkUpdateMount myworker1

<div class="example"><pre>
+--------------------+-------------------+----------+--------+----------+--------+----+
| CONTEXT UPDATE CMD | VIRTUAL HOST NAME | CONTEXTA | STATUS | CONTEXTB | STATUS | ES |
+--------------------+-------------------+----------+--------+----------+--------+----+
</pre></div>

<ul>
<li>
CONTEXT UPDATE CMD, STATUS are 1 byte long.
</li>
<li>
VIRTUAL HOST NAME, CONTEXTS are CString.
</li>
<li>
ES is an empty CString. Indicate end of CONTEXTs.
</li>
</ul>

NB:<br>
When VirtualMode is not in use, the VIRTUAL HOST NAME is '*'.
STATUS is one byte indicating if context is UP/DOWN/INVALID
</p>
</blockquote></td></tr></table>

<table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Context status query to Servlet engine"><strong>Context status query to Servlet engine</strong></a></font></td></tr><tr><td><blockquote>
<p>
This query will be used by the web-server to determine if a given
contexts are UP, DOWN or INVALID (and should be removed).

<div class="example"><pre>
+-------------------+--------------------+----------+----------+----+
| CONTEXT STATE CMD |  VIRTUAL HOST NAME | CONTEXTA | CONTEXTB | ES |
+-------------------+--------------------+----------+----------+----+

+-------------------------+-------------------+----------+--------+----------+--------+----+
| CONTEXT STATE REPLY CMD | VIRTUAL HOST NAME | CONTEXTA | STATUS | CONTEXTB | STATUS | ES |
+-------------------------+-------------------+----------+-------------------+--------+----+
</pre></div>

<ul>
<li>
CONTEXT STATE CMD, CONTEXT STATE REPLY CMD, STATUS are 1 byte long.
</li>
<li>
VIRTUAL HOST NAME, CONTEXTs are CString
</li>
<li>
ES is an empty CString
</li>
</ul>

NB:<br>
When VirtualMode is not in use, the VIRTUAL HOST NAME is an empty string. 
</p>
</blockquote></td></tr></table>

<table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Handling of unknown packets"><strong>Handling of unknown packets</strong></a></font></td></tr><tr><td><blockquote>
<p>
Sometimes even with a well negocied protocol, we may be in a situation 
where one end (web server or servlet engine), will receive a message it
couldn't understand. In that case the receiver will send an 
'UNKNOW PACKET CMD' with attached the unhandled message.

<div class="example"><pre>
+--------------------+------------------------+-------------------+
| UNKNOWN PACKET CMD | UNHANDLED MESSAGE SIZE | UNHANDLED MESSAGE |
+--------------------+------------------------+-------------------+
</pre></div>

Depending on the message, the sender will report an error and if 
possible will try to forward the message to another endpoint.

<ul>
<li>
UNKNOWN PACKET CMD is 1 byte long.
</li>
<li>
UNHANDLED MESSAGE SIZE is 16bits long.
</li>
<li>
UNHANDLED MESSAGE is an array of byte (length is contained in UNHANDLED MESSAGE SIZE)
</li>
</ul>

NB:<br>
added UNHANDLED MESSAGE SIZE (development)
</p>
</blockquote></td></tr></table>

<table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Verification of connection before sending request"><strong>Verification of connection before sending request</strong></a></font></td></tr><tr><td><blockquote>
<p>
NOTA: This fonctionality may never be used, since it may slow up the normal process
since requiring on the web-server side an extra IO (read) before forwarding
the request.....

One of the beauty of socket APIs, is that you could write on a half closed socket.
When servlet engine close the socket, the web server will discover it only at the
next read() to the socket. 
Basically, in the AJP13 protocol, the web server send the HTTP HEADER and HTTP BODY 
(POST by chunk of 8K) to the servlet engine and then try to receive the reply. 
If the connection was broken the web server will learn it only at receive time.

We could use a buffering scheme but what happen when you use the servlet engine
for upload operations with more than 8ko of datas ?

The hack in the AJP13 protocol is to add some bytes to read after the end of the
service :

<div class="example"><pre>
EXAMPLE OF DISCUSSION BETWEEN WEB SERVER AND SERVLET ENGINE

AJP HTTP-HEADER (+ HTTP-POST)   (WEB-&gt;SERVLET)

AJP HTTP-REPLY					(SERVLET-&gt;WEB)

AJP END OF DISCUSSION			(SERVLET-&gt;WEB)
						
---&gt; AJP STATUS 				(SERVLET-&gt;WEB AJP13)
</pre></div>

The AJP STATUS will not be read by the servlet engine at the end of 
the request/response #N but at the begining of the next session.

More at that time the web server could also use OS dependants functions
(or better APR functions) to determine if there is also more data 
to read. And that datas could be CONTEXT Updates. 

This will avoid the web server sending a request to a 
desactivated context. In that case, if the load-balancing is used,
it will search for another servlet engine to handle the request.

And that feature will help ISP and big sites with farm of tomcat, 
to updates their servlet engine without any service interruption.

<div class="example"><pre>
+------------+-------------+
| STATUS CMD | STATUS DATA |
+------------+-------------+
</pre></div>

<ul>
<li>
STATUS CMD and STATUS DATA are one byte long.
</li>
</ul>
</p>
</blockquote></td></tr></table>

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Conclusion"><strong>Conclusion</strong></a></font></td></tr><tr><td><blockquote>
<p>
The goal of the extended AJP13 protocol is to overcome some of the original AJP13 limitation.
An easier configuration, a better support for large site and farm of Tomcat, 
a simple authentification system and provision for protocol updates.

Using the stable ajp13 implementation in JK (native) and in servlet 
engine (java), it's a reasonable evolution of the well known ajp13.
</p>
</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Commands and IDs in extended AJP13 Index"><strong>Commands and IDs in extended AJP13 Index</strong></a></font></td></tr><tr><td><blockquote>
<p>
Index of Commands and ID to be added in AJP13 Protocol
</p>

<table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Commands IDs"><strong>Commands IDs</strong></a></font></td></tr><tr><td><blockquote>
<p>
<table>
  <tr><th>Command Name</th><th>Command Number</th></tr>
  <tr><td>AJP13_LOGINIT_CMD</td><td>0x10</td></tr>
  <tr><td>AJP13_LOGSEED_CMD</td><td>0x11</td></tr>
  <tr><td>AJP13_LOGCOMP_CMD</td><td>0x12</td></tr>
  <tr><td>AJP13_LOGOK_CMD</td><td>0x13</td></tr>
  <tr><td>AJP13_LOGNOK_CMD</td><td>0x14</td></tr>
  <tr><td>AJP13_CONTEXT_QRY_CMD</td><td>0x15</td></tr>
  <tr><td>AJP13_CONTEXT_INFO_CMD</td><td>0x16</td></tr>
  <tr><td>AJP13_CONTEXT_UPDATE_CMD</td><td>0x17</td></tr>
  <tr><td>AJP13_STATUS_CMD</td><td>0x18</td></tr>
  <tr><td>AJP13_SHUTDOWN_CMD</td><td>0x19</td></tr>
  <tr><td>AJP13_SHUTOK_CMD</td><td>0x1A</td></tr>
  <tr><td>AJP13_SHUTNOK_CMD</td><td>0x1B</td></tr>
  <tr><td>AJP13_CONTEXT_STATE_CMD</td><td>0x1C</td></tr>
  <tr><td>AJP13_CONTEXT_STATE_REP_CMD</td><td>0x1D</td></tr>
  <tr><td>AJP13_UNKNOW_PACKET_CMD</td><td>0x1E</td></tr>
</table>

</p>
</blockquote></td></tr></table>

<table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Negociations Flags"><strong>Negociations Flags</strong></a></font></td></tr><tr><td><blockquote>
<p>
<table>
  <tr><th>Command Name</th><th>Number</th><th>Description</th></tr>
  <tr><td>AJP13_CONTEXT_INFO_NEG</td><td>0x80000000</td><td>web-server want context info after login</td></tr>
  <tr><td>AJP13_CONTEXT_UPDATE_NEG</td><td>0x40000000</td><td>web-server want context updates</td></tr>
  <tr><td>AJP13_GZIP_STREAM_NEG</td><td>0x20000000</td><td>web-server want compressed stream</td></tr>
  <tr><td>AJP13_DES56_STREAM_NEG</td><td>0x10000000</td><td>web-server want crypted DES56 stream with secret key</td></tr>
  <tr><td>AJP13_SSL_VSERVER_NEG</td><td>0x08000000</td><td>Extended info on server SSL vars</td></tr>
  <tr><td>AJP13_SSL_VCLIENT_NEG</td><td>0x04000000</td><td>Extended info on client SSL vars</td></tr>
  <tr><td>AJP13_SSL_VCRYPTO_NEG</td><td>0x02000000</td><td>Extended info on crypto SSL vars</td></tr>
  <tr><td>AJP13_SSL_VMISC_NEG</td><td>0x01000000</td><td>Extended info on misc SSL vars</td></tr>
</table>

<br>

<table>
  <tr><th>Negociation ID</th><th>Number</th><th>Description</th></tr>
  <tr><td>AJP13_PROTO_SUPPORT_AJPXX_NEG</td><td>0x00FF0000</td><td>mask of protocol supported</td></tr>
  <tr><td>AJP13_PROTO_SUPPORT_AJP13L1_NEG</td><td>0x00010000</td><td>communication could use AJP13 Level 1</td></tr>
  <tr><td>AJP13_PROTO_SUPPORT_AJP13L2_NEG</td><td>0x00020000</td><td>communication could use AJP13 Level 2</td></tr>
  <tr><td>AJP13_PROTO_SUPPORT_AJP13L3_NEG</td><td>0x00040000</td><td>communication could use AJP13 Level 3</td></tr>
</table>

<br>
All others flags must be set to 0 since they are reserved for future use.

</p>
</blockquote></td></tr></table>

<table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Failure IDs"><strong>Failure IDs</strong></a></font></td></tr><tr><td><blockquote>
<p>
<table>
  <tr><th>Failure Id</th><th>Number</th></tr>
  <tr><td>AJP13_BAD_KEY_ERR</td><td>0xFFFFFFFF</td></tr>
  <tr><td>AJP13_ENGINE_DOWN_ERR</td><td>0xFFFFFFFE</td></tr>
  <tr><td>AJP13_RETRY_LATER_ERR</td><td>0xFFFFFFFD</td></tr>
  <tr><td>AJP13_SHUT_AUTHOR_FAILED_ERR</td><td>0xFFFFFFFC</td></tr>
</table>
</p>
</blockquote></td></tr></table>

<table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Status"><strong>Status</strong></a></font></td></tr><tr><td><blockquote>
<p>
<table>
  <tr><th>Failure Id</th><th>Number</th></tr>
  <tr><td>AJP13_CONTEXT_DOWN</td><td>0x01</td></tr>
  <tr><td>AJP13_CONTEXT_UP</td><td>0x02</td></tr>
  <tr><td>AJP13_CONTEXT_OK</td><td>0x03</td></tr>
</table>
</p>
</blockquote></td></tr></table>

</blockquote></td></tr></table></td></tr><!--FOOTER SEPARATOR--><tr><td colspan="2"><hr noshade size="1"></td></tr><!--PAGE FOOTER--><tr><td colspan="2"><div align="center"><font color="#525D76" size="-1"><em>
        Copyright &copy; 1999-2011, Apache Software Foundation
        </em></font></div></td></tr></table></body></html>