The Apache Tomcat Servlet/JSP Container

The Apache Tomcat 5.5 Servlet/JSP Container

Apache Logo


Top Level Elements



Nested Components

Global Settings

Apache Tomcat Configuration Reference

The AJP Connector

Printer Friendly Version

The AJP Connector element represents a Connector component that communicates with a web connector via the AJP protocol. This is used for cases where you wish to invisibly integrate Tomcat 5 into an existing (or new) Apache installation, and you want Apache to handle the static content contained in the web application, and/or utilize Apache's SSL processing.

This connector supports load balancing when used in conjunction with the jvmRoute attribute of the Engine.

The native connectors supported with this Tomcat release are:

  • JK 1.2.x with any of the supported servers
  • mod_proxy on Apache httpd 2.x (included by default in Apache HTTP Server 2.2), with AJP enabled: see the httpd docs for details.

Other native connectors supporting AJP may work, but are no longer supported.

Common Attributes

All implementations of Connector support the following attributes:


A boolean value which can be used to enable or disable the TRACE HTTP method. If not specified, this attribute is set to false.


If set to true, all paths for session cookies will be set to /. This can be useful for portlet specification implementations, but will greatly affect performance if many applications are accessed on a given server by the client. If not specified, this attribute is set to false.


Set to true if you want calls to request.getRemoteHost() to perform DNS lookups in order to return the actual host name of the remote client. Set to false to skip the DNS lookup and return the IP address in String form instead (thereby improving performance). By default, DNS lookups are enabled.


The maximum size in bytes of the POST which will be handled by the container FORM URL parameter parsing. The feature can be disabled by setting this attribute to a value less than or equal to 0. If not specified, this attribute is set to 2097152 (2 megabytes).


The maximum size in bytes of the POST which will be saved/buffered by the container during FORM or CLIENT-CERT authentication. For both types of authentication, the POST will be saved/buffered before the user is authenticated. For CLIENT-CERT authentication, the POST is buffered for the duration of the SSL handshake and the buffer emptied when the request is processed. For FORM authentication the POST is saved whilst the user is re-directed to the login form and is retained until the user successfully authenticates or the session associated with the authentication request expires. The limit can be disabled by setting this attribute to -1. Setting the attribute to zero will disable the saving of POST data during authentication. If not specified, this attribute is set to 4096 (4 kilobytes).


This attribute value must be AJP/1.3 to use the AJP handler.


If this Connector is being used in a proxy configuration, configure this attribute to specify the server name to be returned for calls to request.getServerName(). See Proxy Support for more information.


If this Connector is being used in a proxy configuration, configure this attribute to specify the server port to be returned for calls to request.getServerPort(). See Proxy Support for more information.


If this Connector is supporting non-SSL requests, and a request is received for which a matching <security-constraint> requires SSL transport, Catalina will automatically redirect the request to the port number specified here.


This attribute controls request registration for JMX monitoring of the Connector. It is enabled by default, but may be turned it off to save a bit of memory.


Set this attribute to the name of the protocol you wish to have returned by calls to request.getScheme(). For example, you would set this attribute to "https" for an SSL Connector. The default value is "http". See SSL Support for more information.


Set this attribute to true if you wish to have calls to request.isSecure() to return true for requests received by this Connector (you would want this on an SSL Connector). The default value is false.


This specifies the character encoding used to decode the URI bytes, after %xx decoding the URL. If not specified, ISO-8859-1 will be used.


This specifies if the encoding specified in contentType should be used for URI query parameters, instead of using the URIEncoding. This setting is present for compatibility with Tomcat 4.1.x, where the encoding specified in the contentType, or explicitely set using Request.setCharacterEncoding method was also used for the parameters from the URL. The default value is false.


Set this attribute to true to cause Tomcat to use the ServerName passed by the native web server to determine the Host to send the request to. The default value is false.


Set this attribute to true to cause Tomcat to advertise support for the Srevlet specification using the header recommended in the specification. The default value is false.

Standard Implementation

To use AJP, you must specify the protocol attribute (see above).

This implementation supports the AJP 1.3 protocol.

It supports the following additional attributes (in addition to the common attributes listed above):


For servers with more than one IP address, this attribute specifies which address will be used for listening on the specified port. By default, this port will be used on all IP addresses associated with the server. A value of indicates that the Connector will only listen on the loopback interface.


The maximum queue length for incoming connection requests when all possible request processing threads are in use. Any requests received when the queue is full will be refused. The default value is 100.


The size of the output buffer to use. If less than or equal to zero, then output buffering is disabled. The default value is -1 (i.e. buffering disabled)


The number of milliseconds this Connector will wait, after accepting a connection, for the request URI line to be presented. The default value is infinite (i.e. no timeout).

minProcessors deprecated

The minimum number of processors to start at initialization time. If not specified, this atttribute is set to 5.

maxProcessors deprecated

The maximum number of processors allowed. This should be set to a value that is greater than or equal to the maximum number of concurrent connections the remote web server can open to Tomcat simultaneously. For example, if the web server is Apache 1.x or 2.x Tomcat's maxProcessors should be set to the value of Apache's maxClients directive.

A maxProcessors value of zero (0) signifies that the number of processors is unlimited. If not specified, this atttribute defaults to 20.


The maximum number of unused request processing threads that will be allowed to exist until the thread pool starts stopping the unnecessary threads. The default value is 50.


The maximum number of request processing threads to be created by this Connector, which therefore determines the maximum number of simultaneous requests that can be handled. If not specified, this attribute is set to 200.


The number of request processing threads that will be created when this Connector is first started. The connector will also make sure it has the specified number of idle processing threads available. This attribute should be set to a value smaller than that set for maxThreads. The default value is 4.


This attribute sets the maximum AJP packet size in Bytes. The maximum value is 65536. It should be the same as the max_packet_size directive configured for mod_jk. Normally it is not necessary to change the maximum packet size. Problems with the default value have been reported when sending certificates or certificate chains. The default value is 8192.


The TCP port number on which this Connector will create a server socket and await incoming connections. Your operating system will allow only one server application to listen to a particular port number on a particular IP address.


Only requests from workers with this secret keyword will be accepted.


If true and a secret has been configured, a correctly fomatted AJP request (that includes the secret) will shutdown the Tomcat instance associated with this connector. This is set to false by default.


If set to true, then a random value for request.secret will be generated. It is for use with request.shutdownEnabled. This is set to false by default.


If set to true, the TCP_NO_DELAY option will be set on the server socket, which improves performance under most circumstances. This is set to true by default.


If set to true, the authetication will be done in Tomcat. Otherwise, the authenticated principal will be propagated from the native webserver and used for authorization in Tomcat. The default value is true.

Nested Components

None at this time.

Copyright © 1999-2008, Apache Software Foundation