Apache JServ Protocol

Last updated

The Apache JServ Protocol (AJP) is a binary protocol that can proxy inbound requests from a web server through to an application server that sits behind the web server. AJP is a highly trusted protocol and should never be exposed to untrusted clients, which could use it to gain access to sensitive information or execute code on the application server. [1]

Contents

It also supports some monitoring in that the web server can ping the application server. Web implementors typically use AJP in a load-balanced deployment where one or more front-end web servers feed requests into one or more application servers. Sessions are redirected to the correct application server using a routing mechanism wherein each application server instance gets a name (called a route). In this scenario the web server functions as a reverse proxy [2] for the application server. Lastly, AJP supports request attributes which, when populated with environment-specific settings in the reverse proxy, provides for secure communication between the reverse proxy and application server. [3] [4]

AJP runs in Apache HTTP Server 1.x using the mod_jk plugin and in Apache 2.x using mod_proxy_ajp, mod_proxy and proxy balancer modules together. Other web server implementations exist for: lighttpd 1.4.59, [5] nginx, [6] Grizzly 2.1, [7] and the Internet Information Services. [2]

Web container application servers supporting AJP include: Apache Tomcat, WildFly (formerly JBoss AS), and GlassFish.

History

Alexei Kosut originally developed the Apache JServ Protocol in July 1997 [8] but the version 1.0 specification was published later on July 29, 1998. [9] He also wrote the first implementations of it in the same month, with the releases of the Apache JServ servlet engine 0.9 and the Apache mod_jserv 0.9a (released on July 30, 1997). [10]

The specification was updated to version 1.1 on September 9, 1998. [11] Also in 1998, a revamped protocol was created and published in specification versions 2 [12] and 2.1, [8] however it was never adopted.

In 1999, Sun Microsystems donated their JavaServer Web Development Kit (JSWDK; codenamed Tomcat) reference implementation to Apache Software Foundation. This became Apache Tomcat version 3.0, the successor to JSWDK 2.1, and derailed further development of Apache JServ servlet engine and AJP towards support of Java servlet API version 2.1. [13]

The current specification remains at version 1.3, [14] however there is a published extension proposal [15] as well as an archived experimental 1.4 proposal. [16]

See also

Related Research Articles

<span class="mw-page-title-main">Apache HTTP Server</span> Open-source web server software

The Apache HTTP Server is a free and open-source cross-platform web server software, released under the terms of Apache License 2.0. Apache is developed and maintained by an open community of developers under the auspices of the Apache Software Foundation.

A web container is the component of a web server that interacts with Jakarta Servlets. A web container is responsible for managing the lifecycle of servlets, mapping a URL to a particular servlet and ensuring that the URL requester has the correct access-rights. A web container handles requests to servlets, Jakarta Server Pages (JSP) files, and other types of files that include server-side code. The Web container creates servlet instances, loads and unloads servlets, creates and manages request and response objects, and performs other servlet-management tasks. A web container implements the web component contract of the Jakarta EE architecture. This architecture specifies a runtime environment for additional web components, including security, concurrency, lifecycle management, transaction, deployment, and other services.

<span class="mw-page-title-main">Apache Tomcat</span> Java-based HTTP web server environment

Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies. It provides a "pure Java" HTTP web server environment in which Java code can also run. Thus it is a Java web application server, although not a full JEE application server.

In web applications, a rewrite engine is a software component that performs rewriting on URLs, modifying their appearance. This modification is called URL rewriting. It is a way of implementing URL mapping or routing within a web application. The engine is typically a component of a web server or web application framework. Rewritten URLs are used to provide shorter and more relevant-looking links to web pages. The technique adds a layer of abstraction between the files used to generate a web page and the URL that is presented to the outside world.

Java Management Extensions (JMX) is a Java technology that supplies tools for managing and monitoring applications, system objects, devices and service-oriented networks. Those resources are represented by objects called MBeans. In the API, classes can be dynamically loaded and instantiated. Managing and monitoring applications can be designed and developed using the Java Dynamic Management Kit.

lighttpd

lighttpd is an open-source web server optimized for speed-critical environments while remaining standards-compliant, secure and flexible. It was originally written by Jan Kneschke as a proof-of-concept of the c10k problem – how to handle 10,000 connections in parallel on one server, but has gained worldwide popularity. Its name is a portmanteau of "light" and "httpd".

The Web Server Gateway Interface is a simple calling convention for web servers to forward requests to web applications or frameworks written in the Python programming language. The current version of WSGI, version 1.0.1, is specified in Python Enhancement Proposal (PEP) 3333.

mod_jk is an Apache module used to connect the Tomcat servlet container with web servers such as Apache, iPlanet, Sun ONE and even IIS using the Apache JServ Protocol. The mod_proxy_ajp module performs a similar function to this module, while being integrated into the mod_proxy framework.

The Simple Common Gateway Interface (SCGI) is a protocol for applications to interface with HTTP servers, as an alternative to the CGI protocol. It is similar to FastCGI but is designed to be easier to parse. Unlike CGI, it permits a long-running service process to continue serving requests, thus avoiding delays in responding to requests due to setup overhead.

Web server software allows computers to act as web servers. The first web servers supported only static files, such as HTML, but now they commonly allow embedding of server side applications.

<span class="mw-page-title-main">GlassFish</span> Application server project

GlassFish is an open-source Jakarta EE platform application server project started by Sun Microsystems, then sponsored by Oracle Corporation, and now living at the Eclipse Foundation and supported by Payara, Oracle and Red Hat. The supported version under Oracle was called Oracle GlassFish Server. GlassFish is free software and was initially dual-licensed under two free software licences: the Common Development and Distribution License (CDDL) and the GNU General Public License (GPL) with the Classpath exception. After having been transferred to Eclipse, GlassFish remained dual-licensed, but the CDDL license was replaced by the Eclipse Public License (EPL).

<span class="mw-page-title-main">HTTP compression</span> Capability that can be built into web servers and web clients

HTTP compression is a capability that can be built into web servers and web clients to improve transfer speed and bandwidth utilization.

Resin is a web server and Java application server from Caucho Technology. In addition to Resin (GPL), Resin Pro is available for enterprise and production environments with a license. Resin supports the Java EE standard as well as a mod_php/PHP like engine called Quercus.

<span class="mw-page-title-main">Slowloris (computer security)</span> Software for executing a denial-of-service attack

Slowloris is a type of denial of service attack tool which allows a single machine to take down another machine's web server with minimal bandwidth and side effects on unrelated services and ports.

mod_proxy is an optional module for the Apache HTTP Server.

<span class="mw-page-title-main">WebSocket</span> Computer network protocol

WebSocket is a computer communications protocol, providing full-duplex communication channels over a single TCP connection. The WebSocket protocol was standardized by the IETF as RFC 6455 in 2011. The current API specification allowing web applications to use this protocol is known as WebSockets. It is a living standard maintained by the WHATWG and a successor to The WebSocket API from the W3C.

FastCGI is a binary protocol for interfacing interactive programs with a web server. It is a variation on the earlier Common Gateway Interface (CGI). FastCGI's main aim is to reduce the overhead related to interfacing between web server and CGI programs, allowing a server to handle more web page requests per unit of time.

HTTP/2 is a major revision of the HTTP network protocol used by the World Wide Web. It was derived from the earlier experimental SPDY protocol, originally developed by Google. HTTP/2 was developed by the HTTP Working Group of the Internet Engineering Task Force (IETF). HTTP/2 is the first new version of HTTP since HTTP/1.1, which was standardized in RFC 2068 in 1997. The Working Group presented HTTP/2 to the Internet Engineering Steering Group (IESG) for consideration as a Proposed Standard in December 2014, and IESG approved it to publish as Proposed Standard on February 17, 2015. The HTTP/2 specification was published as RFC 7540 on May 14, 2015.

Apache Attic is a project of Apache Software Foundation to provide processes to make it clear when an Apache project has reached its end-of-life. The Attic project was created in November 2008. Also the retired projects can be retained.

References

  1. "AJP File Read/Inclusion in Apache Tomcat (CVE-2020-1938) and Undertow (CVE-2020-1745)". Red Hat Customer Portal. Retrieved 1 March 2020.
  2. 1 2 "BonCode Apache Tomcat AJP 1.3 Connector". boncode.net. Retrieved 9 October 2017.
  3. "NativeSPAttributeAccess". Shibboleth Consortium. Retrieved 13 November 2017.
  4. "Apache Module mod_proxy_ajp". Apache HTTP Server Project. Retrieved 13 November 2017.
  5. "Docs - Lighttpd - lighty labs". redmine.lighttpd.net. Retrieved 14 July 2021.
  6. Yao(姚伟斌), Weibin (6 October 2017). "nginx_ajp_module: support AJP protocol proxy with Nginx" . Retrieved 9 October 2017 via GitHub.
  7. "AJP". Grizzly 2.3 User's Guide. java.net. Retrieved 2013-04-29.
  8. 1 2 Barbieri, Federico; Fumagalli, Pierpaolo; Kluft, Ian; Korthof, Ed; Mazzocchi, Stefano; Pool, Martin (June 30, 1998). "Apache JServ Protocol Version 2.1". Java Apache Project. Archived from the original on 2003-08-04.
  9. Kosut, Alexei (July 29, 1998). "Apache JServ Protocol Version 1.0". Java Apache Project. Archived from the original on 2003-04-15.
  10. "History of Changes - Apache JServ Project". Java Apache Project. Archived from the original on 2003-04-16.
  11. Kosut, Alexei (September 9, 1998). "Apache JServ Protocol Version 1.1". Java Apache Project. Archived from the original on 2003-08-04.
  12. Kluft, Ian; Korthof, Ed; Mazzocchi, Stefano (February 15, 1998). "Apache JServ Protocol Version 2". Java Apache Project. Archived from the original on 2003-08-05.
  13. "The Origin Story of Tomcat". TechNotif. Retrieved 2018-07-25.
  14. "AJP Protocol Reference - AJPv13". Apache Tomcat. Retrieved 2016-08-20.
  15. "AJP Protocol Reference - AJPv13 Extension Proposal". Apache Tomcat. Retrieved 2016-08-20.
  16. "AJPv14 Proposal". Apache Tomcat. Retrieved 2019-05-06.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.