Tomcat 5 New Features



Similar documents
Apache Jakarta Tomcat

WEBLOGIC ADMINISTRATION

Mastering Tomcat Development

JBS-102: Jboss Application Server Administration. Course Length: 4 days

MagDiSoft Web Solutions Office No. 102, Bramha Majestic, NIBM Road Kondhwa, Pune Tel: /

Oracle WebLogic Server 11g Administration

CHAPTER 1 - JAVA EE OVERVIEW FOR ADMINISTRATORS

Securing your Apache Tomcat installation. Tim Funk November 2009

Introduction to Sun ONE Application Server 7

WebLogic Server 11g Administration Handbook

Oracle WebLogic Foundation of Oracle Fusion Middleware. Lawrence Manickam Toyork Systems Inc

Oracle WebLogic Server 11g: Administration Essentials

Web Application Architecture (based J2EE 1.4 Tutorial)

mod_cluster A new httpd-based load balancer Brian Stansberry JBoss, a division of Red Hat

Course Name: Course in JSP Course Code: P5

Learning GlassFish for Tomcat Users

WebSphere Application Server - Introduction, Monitoring Tools, & Administration

Oracle WebLogic Server

Programming on the Web(CSC309F) Tutorial: Servlets && Tomcat TA:Wael Aboelsaadat

In this chapter, we lay the foundation for all our further discussions. We start

SW5706 Application deployment problems

Clustering with Tomcat. Introduction. O'Reilly Network: Clustering with Tomcat. by Shyam Kumar Doddavula 07/17/2002

24x7 Scheduler Multi-platform Edition 5.2

This training is targeted at System Administrators and developers wanting to understand more about administering a WebLogic instance.

JMETER - MONITOR TEST PLAN

HP Process Automation v6 Architecture/Technologies

Glassfish, JAVA EE, Servlets, JSP, EJB

STREAMEZZO RICH MEDIA SERVER

Spring Security 3. rpafktl Pen source. intruders with this easy to follow practical guide. Secure your web applications against malicious

BEAWebLogic. Server. Configuring and Managing WebLogic Server

The Server.xml File. Containers APPENDIX A. The Server Container

Crawl Proxy Installation and Configuration Guide

Configuring ActiveVOS Identity Service Using LDAP

Intro to Load-Balancing Tomcat with httpd and mod_jk

Client-Server Architecture & J2EE Platform Technologies Overview Ahmed K. Ezzat

Blackboard Learn TM, Release 9 Technology Architecture. John Fontaine

Enterprise Applications

Building Web Applications, Servlets, JSP and JDBC

Java Servlet 3.0. Rajiv Mordani Spec Lead

5 Days Course on Oracle WebLogic Server 11g: Administration Essentials

OSGi Service Platform in Integrated Management Environments Telefonica I+D, DIT-UPM, Telvent. copyright 2004 by OSGi Alliance All rights reserved.

GlassFish v3. Building an ex tensible modular Java EE application server. Jerome Dochez and Ludovic Champenois Sun Microsystems, Inc.

WEB APPLICATION DEVELOPMENT. UNIT I J2EE Platform 9

Ch-03 Web Applications

Tomcat Servlet/JSP Reference Implementation

Apache Tomcat 7. Aleksa Vukotic James Goodwill.

Comparing IBM WebSphere Application Server v8.5 - Liberty Profile with Apache Tomcat 7

NetBeans IDE Field Guide

HPC Portal Development Platform with E-Business and HPC Portlets

IBM WebSphere Server Administration

Version Overview. Business value

Core Java+ J2EE+Struts+Hibernate+Spring

Application Servers - BEA WebLogic. Installing the Application Server

GlassFish Security. open source community experience distilled. security measures. Secure your GlassFish installation, Web applications,

enterprise^ IBM WebSphere Application Server v7.0 Security "publishing Secure your WebSphere applications with Java EE and JAAS security standards

Oracle9i Application Server: Options for Running Active Server Pages. An Oracle White Paper July 2001

WASv6_Scheduler.ppt Page 1 of 18

JAVA ENTERPRISE IN A NUTSHELL. Jim Farley and William Crawford. O'REILLY 4 Beijing Cambridge Farnham Koln Paris Sebastopol Taipei Tokyo.

How To Configure The Jasig Casa Single Sign On On A Workstation On Ahtml.Org On A Server On A Microsoft Server On An Ubuntu (Windows) On A Linux Computer On A Raspberry V

CatDV Pro Workgroup Serve r

Understanding Tomcat Security

WebLogic Server Admin

Complete Java Web Development

How to Build an E-Commerce Application using J2EE. Carol McDonald Code Camp Engineer

WebSphere Server Administration Course

Kohsuke Kawaguchi Sun Microsystems, Inc. hk2.dev.java.net, glassfish.dev.java.net. Session ID

CA IDMS Server r17. Product Overview. Business Value. Delivery Approach

FUSE-ESB4 An open-source OSGi based platform for EAI and SOA

Oracle WebLogic Server

Table of Contents JBoss AS 5 Administration

DeskNow. Ventia Pty. Ltd. Advanced setup. Version : 3.2 Date : 4 January 2007

Bridging the Gap between the Enterprise and You. Who s the JBoss now?

Service Manager and the Heartbleed Vulnerability (CVE )

Lecture 10 Fundamentals of GAE Development. Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu

Getting Started with Web Applications

DTS Web Developers Guide

An Oracle White Paper May Ready for Business: Oracle GlassFish Server

Server Setup and Configuration

Web. Services. Web Technologies. Today. Web. Technologies. Internet WWW. Protocols TCP/IP HTTP. Apache. Next Time. Lecture # Apache.

Robert Honeyman

Migrating Applications From IBM WebSphere to Apache Tomcat

WHITE PAPER. Domo Advanced Architecture

Hacking (and securing) JBoss AS

Oracle Application Server 10g

White paper. IBM WebSphere Application Server architecture

No.1 IT Online training institute from Hyderabad URL: sriramtechnologies.com

Java EE Introduction, Content. Component Architecture: Why and How Java EE: Enterprise Java

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 5

Operations and Monitoring with Spring

Scaling Progress OpenEdge Appservers. Syed Irfan Pasha Principal QA Engineer Progress Software

Customer Bank Account Management System Technical Specification Document

ServletExec TM 5.0 User Guide

Lecture 19: Web Based Management

What Is the Java TM 2 Platform, Enterprise Edition?

Transcription:

Tomcat 5 New Features ApacheCon US 2003 Session MO10 11/17/2003 16:00-17:00 Craig R. McClanahan Senior Staff Engineer Sun Microsystems, Inc. Slides: http://www.apache.org/~craigmcc/

Agenda Introduction New Servlet 2.4 Features HTTP Connectors JMX Based Architecture Security Related Issues Miscellaneous Changes Summary

Introduction In three years, Tomcat has become a very successful base platform for building Javabased web applications Code is used as the basis for the reference implementation of J2EE 1.4 We're going to focus on the changes in the Catalina servlet container between Tomcat 4 and Tomcat 5

New Servlet 2.4 Features

Servlet and Tomcat Versions Tomcat major version numbers correspond to version changes in the underlying Servlet and JSP specifications Tomcat 3.x Servlet 2.2 / JSP 1.1 Tomcat 4.x Servlet 2.3 / JSP 1.2 Tomcat 5.x Servlet 2.4 / JSP 2.0 Servlet 2.4 is primarily a maintenance release Nevertheless, some interesting changes

Servlet 2.4 XML Schema Better validation of web.xml elements Data types Primary key uniqueness Reusable elements across J2EE specifications Arbitrary ordering of elements within <webapp> DTDs still supported for backwards compatibility

Servlet 2.4 Listeners Request lifecycle listeners Complete the event handling model started in Servlet 2.3 (application and session) ServletRequestListener Beginning and end of request lifetime ServletRequestAttributeListener Add, update, remove request attributes

Servlet 2.4 Filters Servlet 2.3 Filters only invoked on initial request Not on RequestDispatcher.forward() or RequestDispatcher.include() Servlet 2.4 Filters may be requested to be invoked on any combination of request, include, or forward For backwards compatibility, request-only is the default

Servlet 2.4 Deprecation The SingleThreadModel interface has been deprecated But is still supported for backwards compatibility Original intent was to make writing threadsafe servlets easier But it never dealt adequeately with all of the relevant issues Session attributes Static variables

Servlet 2.4 Miscellaneous New ServletRequest Methods: getlocaladdr(), getlocalname(), getlocalport() New ServletResponse Methods: setcharacterencoding(), getcontenttype() Configurable locale character encoding mappings Roughly 50 other clarifications and fixes

HTTP Connectors

HTTP in Tomcat 4 Original architecture centered around three interfaces: org.apache.catalina.connector org.apache.catalina.request org.apache.catalina.response With some HTTP-specific extensions: org.apache.catalina.httprequest org.apache.catalina.httpresponse

HTTP in Tomcat 4 Pure-Java implementation in the org.apache.catalina.connector.http package HttpConnector implements Connector HttpProcessor per-thread request processor HttpRequestImpl implements HttpRequest HttpResponseImpl implements HttpResponse Tomcat 4.1 replaced this connector by Coyote Still supported for backwards compatibility

HTTP in Tomcat 4 Design goals of Coyote Focus on higer performance Independent of underlying servlet container architecture Supports Tomcat 3.3, 4.x, and 5.x Afford opportunity to refactor location of certain functionality to leverage webserver connectors

HTTP in Tomcat 4 Besides a pure-java HTTP stack, Tomcat has historically supported connections to a native code HTTP server Most common example, of course, is Apache's HTTPD server But connectors for Netscape (NSAPI), Microsoft (ISAPI) and other webservers also exist Most popular connector was (and is) mod_jk Includes basic load balancing support

HTTP in Tomcat 5 Source code for HTTP and webserver connectors factored into separate codebase jakarta-tomcat-connectors CVS respository Original pure-java HTTP stack completely replaced by Coyote Mapping of request to a particular webapp and servlet migrated to connector Webserver connector development moving towards mod_jk2

JMX Based Architecture

JMX in Tomcat 4 Tomcat 4 container lifecycle based on JavaBeans composition design patterns Components have zero-args constructor All configuration via JavaBeans properties At container startup time, component creation and wiring driven by parsing the server.xml file Embedded API also provided for programmatic startup org.apache.catalina.startup.embedded

JMX in Tomcat 4 Tomcat 4.1 added optional JMX support for configuration management Components themselves not JMX aware Configuration adds listeners to all interesting events to make corresponding changes in available Mbeans JMX support leveraged in Administration webapp for configuration changes

JMX in Tomcat 5 Tomcat 5.0 requires JMX support Components are JMX aware (including knowing their own object names) Components manage registration and deregistration of MBeans on lifecycle events Moving towards all dynamic configuraton changes being made via JMX operations Likely to leverage JMX Remoting (JSR-160) Will enable Tomcat support in JMX-based management consoles

Security Related Issues

Security Architecture Tomcat 4 supported an optional startup mode that executes webapps under a Java SecurityManager Fine-grained control over functionality accessible to webapps Includes (by default) protection of Catalina internal classes

Security Audit A security audit of the Catalina source code was conducted in September-October 2002 As a result, several changes were made to enhance the internal security of Catalina classes: Public methods changed to protected or private Facades added in front of critical internal classes Package-level protection added to configurable security policy

Miscellaneous Changes

Manager Webapp Enhancements HTML version enabled by default New information retrieval commands List OS and JVM properties List Global JNDI resources List available security roles Session statistics

Manager Webapp Enhancements Server Status Memory statistics for the JVM itself Information about thread use in container and connectors Optional detailed status for webapps and servlets (Experimental) JMX Proxy Servlet Perform MBean queries using JMX syntax Set new values for MBean attributes Likely to be replaced by JMX Remoting

Deployer Tomcat 4 supported dynamic deployment, reload, and undeployment of web applications Via direct manager webapp URL requests Via Ant tasks that wrap these requests Included ability to include a context descriptor file Tomcat 5 extensions and improvements Precompile JSP pages Validate web.xml deployment descriptor

Realms Tomcat 4 supported a variety of Realm (user database) implementations: JDBCRealm Database accessed via JDBC JNDIRealm Directory server accessed by JNDI (normally the LDAP provider is used) MemoryRealm In memory database backed by tomcat-users.xml file Tomcat 5 adds support for DataSource- Realm Database accessed via named JNDI data source

Summary Tomcat 5 is an evolutionary improvement on the Tomcat 4 code base Implement new specification features Refactorings to improve organization Refactorings to improve performance Servlet 2.4 and JSP 2.0 (along with all the other J2EE 1.4 specs) just passed final ballot in the JCP We can likely expect a Tomcat 5.0 general release very soon

Resources Tomcat Web Site http://jakarta.apache.org/tomcat/ Tomcat 5.0 Documentation http://jakarta.apache.org/tomcat/tomcat-5.0-docs/ Tomcat Mailing Lists at Apache tomcat-dev@jakarta.apache.org tomcat-user@jakarta.apache.org

Resources Tomcat Issue Tracking System http://nagoya.apache.org/bugzilla/ Servlet 2.4 Information http://java.sun.com/products/servlet/ JSP 2.0 Information http://java.sun.com/products/jsp/ Free! J2EE 1.4 App Server http://java.sun.com/j2ee/

Questions?