Date: Fri, 29 Mar 2024 08:06:45 +0000 (UTC) Message-ID: <264313303.15.1711699605493@b741ad84f663> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_14_1105869638.1711699605492" ------=_Part_14_1105869638.1711699605492 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Ceptor Dispatcher is deprecated and replaced by Ceptor G= ateway which offers much more functionality than is provided by the dis= patcher.
Existing customers should migrate from Dispatcher to Gateway as soon as = possible, and new customers must not take the dispatcher into use.
Ceptor Dispatcher is a Reverse Proxy Server, which is typically deployed= in a DMZ zone.
It is capable of running in a servlet container of your choice, or it ca= n run in the Web Server provided by Ceptor as part of the distribution.
But, newer deployments should use Ceptor Gateway instead of the Dispatcher, since it contains more functionality, and is e= asier to configure. Also, new features will be added to the gateway, but in= general not to the dispatcher.
The Dispatchers job, is basically to forward requests to web application= servers. It also assigns session id=E2=80=99s to browsers, and performs lo= ad-balancing by assigning servers to users. The dispatcher also makes sure = that clients reach the same server for every request they perform, so sessi= on state information can be kept in memory on the application server, inste= ad of sharing it via databases.
In short, the dispatcher sits in the DMZ zone between firewalls, a= nd forwards requests to an application web server.
If the dispatcher gets a request from a browser without a sessionid cook= ie, it will contact the session creation servlet, and ask it to create a ne= w session. It then puts that session id in a cookie, and sends it to the br= owser, so the browser can send the sessionid to the server in the next requ= est.
The reason why the dispatcher does not use an Agent to contact the Sessi= onController, is that it only needs to be able to create new sessions. With= an Agent, it could also retrieve session information from the Server, such= as userid and password. Since the dispatcher is usually deployed in the DM= Z zone, which is considered insecure, it is more secure if the computer run= ning the dispatcher does not have full access to the SessionController serv= er. That way, if the dispatcher computer is hacked, the only thing a hacker= can do, is to create new sessions, not spy on existing ones.
The dispatcher itself is a servlet that runs on top of a web server and = a servletengine, such as WebLogic or Tomcat with Apache. The servlet is con= figured to forward certain URLs to the web application server, such as /ser= vlet/* or /include/* or /jsp/* while other URLs are processed locally, such= as static html pages and images.
The dispatcher is also able to filter access to specific URLs based on t= he authorizations of a particular the user. This means that certain URLs ca= n be made available to e.g. administrators only, and all non-known URLs can= be blocked providing additional security.
In order to retrieve information from the dispatcher servlet, a few spec= ial URLs exists: If an url that is passed to the dispatcher servlet ends wi= th =E2=80=9C.statistics=E2=80=9D, =E2=80=9C.errorstatistics=E2=80=9D or =E2= =80=9C.urlstatistics=E2=80=9D, it is not forwarded to the application web s= erver, but the dispatcher instead generates an answer.
If the url ends with =E2=80=9C.statistics=E2=80=9D the dispatcher return= s a page where the application web servers and their status (up/down) is li= sted. This can be used to quickly determine if the dispatcher can reach all= its defined web servers.
An URL ending with =E2=80=9C.errorstatistics=E2=80=9D returns a page lis= ting the last 100 errors that have occurred in the dispatcher while process= ing requests. This can give valuable information about the current state of= the system.
If the URL ends with =E2=80=9C.urlstatistics=E2=80=9D, the last 1000 URL= s that have passed through the dispatcher are listed, along with informatio= n about the size of the reply, and the time in milliseconds it took the app= lication web server to reply.
The URLs ending with =E2=80=9C.errorstatistics=E2=80=9D and =E2=80=9C.ur= lstatistics=E2=80=9D are password protected, so not everyone can see the li= st of URLs and errors that occurred, but the =E2=80=9C.statistics=E2=80=9D = page is not password protected, since it only shows a list of logical serve= r names (not tied to the DNS name) and their current status (up/down). This= .statistics page can also be used by a load balancer to determine if it sh= ould forward requests to this dispatcher or not, since if all application w= eb servers are marked down, because of e.g. network problems, there is no r= eason to send request to it.