Avoid overly specific casting in SslConnectorCustomizer

[mmoayyed]

I am starting to experiment with Apache Tomcat 11 and Spring Boot 3.4.x. A first blocking issue I have run into is the following:

Caused by: java.lang.ClassNotFoundException: org.apache.coyote.http11.AbstractHttp11JsseProtocol
        at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641) ~[?:?]
        at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188) ~[?:?]
        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526) ~[?:?]
        at org.springframework.boot.web.embedded.tomcat.SslConnectorCustomizer.customize(SslConnectorCustomizer.java:69) ~[spring-boot-3.4.1.jar:3.4.1]
        at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.customizeSsl(TomcatServletWebServerFactory.java:383) ~[spring-boot-3.4.1.jar:3.4.1]
        at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.customizeConnector(TomcatServletWebServerFactory.java:359) ~[spring-boot-3.4.1.jar:3.4.1]
        at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.getWebServer(TomcatServletWebServerFactory.java:212) ~[spring-boot-3.4.1.jar:3.4.1]

SslConnectorCustomizer uses AbstractHttp11JsseProtocol which seems to have been removed. However, I think this can be reworked to use AbstractHttp11Protocol instead, regardless of Tomcat 11, and there should be no need to cast down to AbstractHttp11JsseProtocol, unless I am missing something else.

I realize that Tomcat 11 is not officially supported, but this change seemed like a step in the right direction, and a small one at that with I suspect no loss of functionality. I am happy to put together a pull request if this is something you'd like to see.

Thank you.

[snicoll]

There are many more things to consider before we can look at Tomcat 11. This is going to be tackled in the Spring Boot 4 milestones but we're not there yet.

[wilkinsona]

That said, we could consider this in a similar manner to #42730 and #42731. We'd have to decide if it's worth the risk, though.

#42730 added a smoke tests to cover the basics with Tomcat 11. It does not use SSL. #42731 removed the use of some deprecated Tomcat API that should have already been removed in Boot 3.3. The change proposed here is quite different as it would affect everyone using Tomcat and SSL and, therefore, brings with it much greater risk.

apache/tomcat@2b4be93 is the commit that removed AbstractHttp11JsseProtocol in Tomcat 11. As far as I can tell, we could safely move to using AbstractHttp11Protocol with Tomcat 10.1.x as it provides all of the methods that we need for SSL customization. Let's decide if this is a risk we want to take. If it is, we can ask Mark Thomas if my assessment's accurate before proceeding.

[wilkinsona]

@markt-asf Is changing the code in SslConnectorCustomizer to refer to AbstractHttp11Protocol rather than AbstractHttp11JsseProtocol safe to do in Boot 3.x which has a Tomcat 10.1 baseline?

[markt-asf]

Should be, yes. There is no APR/native Connector/Endpoint in 10.1.x.

[wilkinsona]

Thanks, Mark.