Jump to content

Apache JServ Protocol: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
add lighttpd and nginx
Adding local short description: "Computer networking protocol", overriding Wikidata description "computer network protocol"
 
(32 intermediate revisions by 25 users not shown)
Line 1: Line 1:
{{Short description|Computer networking protocol}}
The '''Apache JServ Protocol''' ('''AJP''') is a [[binary protocol]] that can [[Proxy server|proxy]] inbound requests from a [[web server]] through to an [[application server]] that sits behind the web server.
The '''Apache JServ Protocol''' ('''AJP''') is a [[binary protocol]] that can [[proxy server|proxy]] inbound requests from a [[web server]] through to an [[application server]] that sits behind the web server. AJP is a highly trusted protocol and should never be exposed to untrusted clients, which could use it to gain access to sensitive information or execute code on the application server.<ref>{{cite web |title=AJP File Read/Inclusion in Apache Tomcat (CVE-2020-1938) and Undertow (CVE-2020-1745) |url=https://access.redhat.com/solutions/4851251 |website=Red Hat Customer Portal |access-date=1 March 2020}}</ref>


It also supports some monitoring in that the web server can [[Ping (networking utility)|ping]] the application server. Web implementors typically use AJP in a [[Load balancing (computing)|load-balanced]] deployment where one or more front-end web servers feed requests into one or more application servers. Sessions are redirected to the correct application server using a routing mechanism wherein each application server instance gets a name (called a ''route''). In this scenario the web server functions as a [[reverse proxy]] for the application server.
It also supports some monitoring in that the web server can [[Ping (networking utility)|ping]] the application server. Web implementors typically use AJP in a [[load balancing (computing)|load-balanced]] deployment where one or more front-end web servers feed requests into one or more application servers. Sessions are redirected to the correct application server using a routing mechanism wherein each application server instance gets a name (called a ''route''). In this scenario the web server functions as a [[reverse proxy]]<ref name=":0" /> for the application server. Lastly, AJP supports request attributes which, when populated with environment-specific settings in the reverse proxy, provides for secure communication between the reverse proxy and application server.<ref>{{cite web|title=NativeSPAttributeAccess|url=https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAttributeAccess|website=Shibboleth Consortium|access-date=13 November 2017}}</ref><ref>{{cite web |title=Apache Module mod_proxy_ajp |url=https://httpd.apache.org/docs/2.4/mod/mod_proxy_ajp.html |website=Apache HTTP Server Project |access-date=13 November 2017}}</ref>


AJP runs in [[Apache HTTP Server]] 1.x using the [[mod_jk]] [[Plug-in (computing)|plugin]] and in Apache 2.x using the provided Proxy AJP, [[mod_proxy]] and proxy balancer modules together. An implementation exists for version the not-yet-released [[lighttpd]] 1.5<ref>[http://redmine.lighttpd.net/projects/1/wiki/Docs_ModProxyCore lighttpd ModProxyCore]</ref> and a module for [[nginx]]<ref>https://github.com/yaoweibin/nginx_ajp_module</ref>.
AJP runs in [[Apache HTTP Server]] 1.x using the {{kbd|[[mod_jk]]}} [[Plug-in (computing)|plugin]] and in Apache 2.x using {{kbd|mod_proxy_ajp}}, {{kbd|[[mod_proxy]]}} and proxy balancer modules together. Other web server implementations exist for: [[lighttpd]] 1.4.59,<ref>{{cite web |url=https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAJP13 |title=Docs - Lighttpd - lighty labs |website=redmine.lighttpd.net |access-date=14 July 2021}}</ref> [[nginx]],<ref>{{cite web |url=https://github.com/yaoweibin/nginx_ajp_module |title=nginx_ajp_module: support AJP protocol proxy with Nginx |first=Weibin|last=Yao(姚伟斌) |date=6 October 2017 |access-date=9 October 2017 |via=GitHub}}</ref> [[Eclipse Grizzly|Grizzly]] 2.1,<ref>{{cite web |url=https://grizzly.java.net/nonav/docs/docbkx2.3/html/ajp.html |title=AJP |publisher=java.net |work=Grizzly 2.3 User's Guide |access-date=2013-04-29}}</ref> and the [[Internet Information Services]].<ref name=":0">{{cite web |url=http://boncode.net/connector/webdocs/Tomcat_Connector.htm |title=BonCode Apache Tomcat AJP 1.3 Connector |website=boncode.net |access-date=9 October 2017}}</ref>


[[Web container]] application servers supporting AJP include: [[Apache Tomcat]], [[WildFly]] (formerly JBoss AS), and [[GlassFish]].
Both the [[Apache Tomcat]] servlet container as well as the [[Jetty (web server)|Jetty]] servlet container support AJP. The [[WebObjects]] application server can run (without a servlet deployment) using the LEWOAJPAdaptor from [http://homepage.mac.com/andrewlindesay/le/page_lestuff.html LEWOStuff].


==History==
==History==
This protocol was originally created by Alexei Kosut in July 1997.<ref>Kosut, Alexei. "Apache JServ Protocol", Version 1.0. Java Apache Project. July 1997.</ref><ref name="AJPv2">[http://libis.mak.ac.ug:8000/jservdocs/protocol/AJPv21.html Apache JServ Protocol Version 2.1 (AJPv2.1) - June 30, 1998 - Draft]</ref> He also created the first implementations of it in the same month with the releases of the Apache JServ Servlet Engine 0.9 and the Apache mod_jserv 0.9a (released on July 30, 1997).<ref>[http://libis.mak.ac.ug:8000/jservdocs/changes.html Apache mod_jserv - History of Changes]</ref>
Alexei Kosut originally developed the Apache JServ Protocol in July 1997<ref name="AJPv21">{{cite web |last1=Barbieri |first1=Federico |last2=Fumagalli |first2=Pierpaolo |last3=Kluft |first3=Ian |last4=Korthof |first4=Ed |last5=Mazzocchi |first5=Stefano |last6=Pool |first6=Martin |title=Apache JServ Protocol Version 2.1 |date=June 30, 1998 |work=Java Apache Project |url=http://java.apache.org/jserv/protocol/AJPv21.html |archive-url=https://web.archive.org/web/20030804213216/http://java.apache.org/jserv/protocol/AJPv21.html |archive-date=2003-08-04}}</ref> but the version 1.0 specification was published later on July 29, 1998.<ref name="AJPv1">{{cite web |last1=Kosut |first1=Alexei |title=Apache JServ Protocol Version 1.0 |date=July 29, 1998 |work=Java Apache Project |url=http://java.apache.org/jserv/protocol/AJPv1.html |archive-url=https://web.archive.org/web/20030415202643/http://java.apache.org/jserv/protocol/AJPv1.html |archive-date=2003-04-15}}</ref> He also wrote the first implementations of it in the same month, with the releases of the Apache JServ servlet engine 0.9 and the Apache mod_jserv 0.9a (released on July 30, 1997).<ref name="jservchanges">{{cite web |title=History of Changes - Apache JServ Project |work=Java Apache Project |url=http://java.apache.org/jserv/changes.html |archive-url=https://web.archive.org/web/20030416024540/http://java.apache.org/jserv/changes.html |archive-date=2003-04-16}}</ref>


The specification was updated to version 1.1 on September 9, 1998.<ref name="AJPv11">{{cite web |last1=Kosut |first1=Alexei |title=Apache JServ Protocol Version 1.1 |date=September 9, 1998 |work=Java Apache Project |url=http://java.apache.org/jserv/protocol/AJPv11.html |archive-url=https://web.archive.org/web/20030804080332/http://java.apache.org/jserv/protocol/AJPv11.html |archive-date=2003-08-04}}</ref> Also in 1998, a revamped protocol was created and published in specification versions 2<ref name="AJPv2">{{cite web |last1=Kluft |first1=Ian |last2=Korthof |first2=Ed |last3=Mazzocchi |first3=Stefano |title=Apache JServ Protocol Version 2 |date=February 15, 1998 |work=Java Apache Project |url=http://java.apache.org/jserv/protocol/AJPv2.html |archive-url=https://web.archive.org/web/20030805035548/http://java.apache.org/jserv/protocol/AJPv2.html |archive-date=2003-08-05}}</ref> and 2.1,<ref name="AJPv21"/> however it was never adopted.
An attempt was made at revamping the protocol to a second version in 1998<ref name="AJPv2"/> but seemingly it remains with just minor updates at version 1.3.

In 1999, [[Sun Microsystems]] donated their JavaServer Web Development Kit (JSWDK; codenamed Tomcat) reference implementation to [[Apache Software Foundation]]. This became [[Apache Tomcat]] version 3.0, the successor to JSWDK 2.1, and derailed further development of Apache JServ servlet engine and AJP towards support of [[Java servlet]] API version 2.1.<ref>{{cite web |title=The Origin Story of Tomcat |url=https://technotif.com/the-origin-story-of-tomcat/ |website=TechNotif |access-date=2018-07-25}}</ref>

The current specification remains at version 1.3,<ref name="AJPv13a">{{cite web |title=AJP Protocol Reference - AJPv13 |work=Apache Tomcat |url=https://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html |access-date=2016-08-20}}</ref> however there is a published extension proposal<ref name="AJPv13ext">{{cite web |title=AJP Protocol Reference - AJPv13 Extension Proposal |work=Apache Tomcat |url=https://tomcat.apache.org/connectors-doc/ajp/ajpv13ext.html |access-date=2016-08-20}}</ref> as well as an archived experimental 1.4 proposal.<ref name="AJPv14">{{cite web |title=AJPv14 Proposal |work=Apache Tomcat |url=https://archive.apache.org/dist/tomcat/tomcat-connectors/jk2/v2.0.0/doc/common/AJPv14-proposal.html |access-date=2019-05-06}}</ref>

==See also==
*[[Web Services for Remote Portlets]]


==References==
==References==
Line 18: Line 26:
* [http://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html The Apache Tomcat Connector - AJP Protocol Reference] AJPv13
* [http://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html The Apache Tomcat Connector - AJP Protocol Reference] AJPv13
* [http://tomcat.apache.org/tomcat-3.3-doc/AJPv13.html Apache JServ Protocol version 1.3] Dan Milstein, December 2000.
* [http://tomcat.apache.org/tomcat-3.3-doc/AJPv13.html Apache JServ Protocol version 1.3] Dan Milstein, December 2000.
*{{cite web | title=BonCode Connector | website=BonCode | date=2016-08-16 | url=http://www.boncode.net/boncode-connector | access-date=2017-10-09}} BonCode IIS implementation of AJP
* [http://tomcat.apache.org/tomcat-5.5-doc/config/ajp.html Apache Tomcat Configuration Reference The AJP Connector]
* [http://httpd.apache.org/docs/2.2/mod/mod_proxy.html Apache Module mod_proxy] (Apache Version 2.2)
* [http://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html Apache Module mod_proxy_ajp]
* [http://tomcatiis.riaforge.org Implementation of Apache JServ protocol for Internet Information Server]
* [http://java.apache.org/ The Java Apache]


{{Web server interfaces}}
{{Web interfaces}}


[[Category:Apache Software Foundation|JServ]]
[[Category:Apache Software Foundation|JServ]]

Latest revision as of 23:37, 23 February 2023

The Apache JServ Protocol (AJP) is a binary protocol that can proxy inbound requests from a web server through to an application server that sits behind the web server. AJP is a highly trusted protocol and should never be exposed to untrusted clients, which could use it to gain access to sensitive information or execute code on the application server.[1]

It also supports some monitoring in that the web server can ping the application server. Web implementors typically use AJP in a load-balanced deployment where one or more front-end web servers feed requests into one or more application servers. Sessions are redirected to the correct application server using a routing mechanism wherein each application server instance gets a name (called a route). In this scenario the web server functions as a reverse proxy[2] for the application server. Lastly, AJP supports request attributes which, when populated with environment-specific settings in the reverse proxy, provides for secure communication between the reverse proxy and application server.[3][4]

AJP runs in Apache HTTP Server 1.x using the mod_jk plugin and in Apache 2.x using mod_proxy_ajp, mod_proxy and proxy balancer modules together. Other web server implementations exist for: lighttpd 1.4.59,[5] nginx,[6] Grizzly 2.1,[7] and the Internet Information Services.[2]

Web container application servers supporting AJP include: Apache Tomcat, WildFly (formerly JBoss AS), and GlassFish.

History

[edit]

Alexei Kosut originally developed the Apache JServ Protocol in July 1997[8] but the version 1.0 specification was published later on July 29, 1998.[9] He also wrote the first implementations of it in the same month, with the releases of the Apache JServ servlet engine 0.9 and the Apache mod_jserv 0.9a (released on July 30, 1997).[10]

The specification was updated to version 1.1 on September 9, 1998.[11] Also in 1998, a revamped protocol was created and published in specification versions 2[12] and 2.1,[8] however it was never adopted.

In 1999, Sun Microsystems donated their JavaServer Web Development Kit (JSWDK; codenamed Tomcat) reference implementation to Apache Software Foundation. This became Apache Tomcat version 3.0, the successor to JSWDK 2.1, and derailed further development of Apache JServ servlet engine and AJP towards support of Java servlet API version 2.1.[13]

The current specification remains at version 1.3,[14] however there is a published extension proposal[15] as well as an archived experimental 1.4 proposal.[16]

See also

[edit]

References

[edit]
  1. ^ "AJP File Read/Inclusion in Apache Tomcat (CVE-2020-1938) and Undertow (CVE-2020-1745)". Red Hat Customer Portal. Retrieved 1 March 2020.
  2. ^ a b "BonCode Apache Tomcat AJP 1.3 Connector". boncode.net. Retrieved 9 October 2017.
  3. ^ "NativeSPAttributeAccess". Shibboleth Consortium. Retrieved 13 November 2017.
  4. ^ "Apache Module mod_proxy_ajp". Apache HTTP Server Project. Retrieved 13 November 2017.
  5. ^ "Docs - Lighttpd - lighty labs". redmine.lighttpd.net. Retrieved 14 July 2021.
  6. ^ Yao(姚伟斌), Weibin (6 October 2017). "nginx_ajp_module: support AJP protocol proxy with Nginx". Retrieved 9 October 2017 – via GitHub.
  7. ^ "AJP". Grizzly 2.3 User's Guide. java.net. Retrieved 2013-04-29.
  8. ^ a b Barbieri, Federico; Fumagalli, Pierpaolo; Kluft, Ian; Korthof, Ed; Mazzocchi, Stefano; Pool, Martin (June 30, 1998). "Apache JServ Protocol Version 2.1". Java Apache Project. Archived from the original on 2003-08-04.
  9. ^ Kosut, Alexei (July 29, 1998). "Apache JServ Protocol Version 1.0". Java Apache Project. Archived from the original on 2003-04-15.
  10. ^ "History of Changes - Apache JServ Project". Java Apache Project. Archived from the original on 2003-04-16.
  11. ^ Kosut, Alexei (September 9, 1998). "Apache JServ Protocol Version 1.1". Java Apache Project. Archived from the original on 2003-08-04.
  12. ^ Kluft, Ian; Korthof, Ed; Mazzocchi, Stefano (February 15, 1998). "Apache JServ Protocol Version 2". Java Apache Project. Archived from the original on 2003-08-05.
  13. ^ "The Origin Story of Tomcat". TechNotif. Retrieved 2018-07-25.
  14. ^ "AJP Protocol Reference - AJPv13". Apache Tomcat. Retrieved 2016-08-20.
  15. ^ "AJP Protocol Reference - AJPv13 Extension Proposal". Apache Tomcat. Retrieved 2016-08-20.
  16. ^ "AJPv14 Proposal". Apache Tomcat. Retrieved 2019-05-06.
[edit]