Apache Tomcat 7 by Filip Hanik
-
Upload
edgarespina -
Category
Technology
-
view
1.543 -
download
0
description
Transcript of Apache Tomcat 7 by Filip Hanik
© 2009 VMware Inc. All rights reserved
Upgrading to Apache Tomcat 7
Filip Hanik, Systems Engineer
2
Agenda
Introduction
Specification changes (Servlet 3.0)
New features (Incl. WebSocket Deep Dive)
Current status
Future plans
Useful resources
Questions
3
Introduction
Apache Tomcat committer & PMC member
Vmware Employee and Sales Engineer
Weekend Warrior with US Army Reserve
4
What about you?
Who’s running Apache Tomcat 6?
Who’s running Apache Tomcat 5 or older?
5
What do the version numbers mean?
7.0.22
• 7 major version
• 0 minor version
• 22 build number
Major
• New JSRs / Specifications for Servlets/JSPs
• Side effect – New Java Version
6
What do the version numbers mean?
7.0.22
• 7 major version
• 0 minor version
• 22 build number
Minor
• 4.0 vs 4.1
• 5.0 vs 5.5
• Refactor of code base
• Possible changes to config files
• Possible changes to internal APIs
7
What do the version numbers mean?
7.0.22
• 7 major version
• 0 minor version
• 22 build number
Build Number
• Incremented with each build/SVN tag
• Not all builds become release
• Historically .18 has been the magic number
• Stability
• Bug fixes
• Ready for enterprises
8
When to upgrade?
Starts with application developers
Need new features in Java
Need new features in Servlet specification
Need new features in a framework built for later versions
9
So what changed?
10
Specification Changes
11
New version of Java
Less invasive as technology matures
1.5 to 1.6 should be seamless
Moving to 1.6 is beneficial from performance perspective
12
Asynchronous Servlets
No more thread per request model
Servlet API still uses blocking programming model
• Async is more complex, non blocking would have made it too complex
Well suited for ‘Web 2.0’ applications
API for developers, does not affect operations teams
13
Annotations
Alternative to XML configuration
Requires scanning of libraries
Will slow down startup time
• Performance can be improved by documenting JAR files not to be scanned
• tomcat.util.scan.DefaultJarScanner.jarsToSkip system property
• Defined in conf/catalina.properties
14
Web Fragments
Libraries can ship with its partial web.xml configuration
• Eases including frameworks
Requires scanning of libraries
Will slow down startup time
• Performance can be improved by documenting JAR files not to be scanned
• tomcat.util.scan.DefaultJarScanner.jarsToSkip system property
• Defined in conf/catalina.properties
15
Session Management
Session tracking
• Cookie, URL or SSL ID
Session cookie can be configured
• name
• domain
• path
• comment
• secure
• httpOnly
16
Programmatic Login
Easier integration with alternative authentication solutions
Calling login/logout
• Directly within an application
• Allows to retrieve credentials from alternative location
17
Other changes
JSP 2.2
• JSP property group additions
• New omit attribute for <jsp:attribute .../>
Expression Language 2.2
• Method invocations
18
New featuresTomcat evolves too
19
Management
JMX remote lifecycle listener Allows JMX communication through firewall
jconsole (or JMX client) url
20
Management
Manager application can differentiate between primary, backup and proxy sessions
21
Performance
Limit loaded JSPs with LRU cache
GZIP compressed output streams can now be flushed
Remove bottleneck in session ID generation
Crawler session manager valve
AJP NIO connector (will be in 7.0.15 onwards)
22
Performance
Tomcat jdbc-pool
Alternative to commons-dbcp
Well fitted for multi core machines
Documented at tomcat.apache.org
23
Resources
New singleton attribute Create new object on JNDI lookup
New closeMethod attribute Close resources upon shutdown/undeploy
24
Deployment
Support parallel deployment
Existing sessions go to the original applications
New users go to the new application
Defer undeployment
DEMO
25
Deployment
Copying of /META-INF/context.xml to
$CATALINA_BASE/<engine>/<host>/contextname.xml
now optional and disabled by default
One of the most confusing features in old version
Often resulted in administrators unaware of accidental deployment
Natural behaviour is that no files get created outside of application
26
Deployment
Improved memory leak detection and prevention
Prevents common memory leaks during undeployment
Warns on unpreventable memory leaks
27
Security
Cross-site request forgery (CSRF) protection filter
CSRF protection added to manager application
• role names & some URLs changed
LockOutRealm used by default
Access log enabled by default
exec is disabled by default for SSI
DefaultServlet serves content from root of context by default
28
Security
Graceful handling of users book-marking the login page
Session IDs generated using SecureRandom by default
SSL renegotiation & RFC 5746
HTTP NIO connector now supports SSL renegotiation Not having this made Apache Tomcat not be vulnerable to the man in the middle
attack recently discovered
Cookie paths end in /
29
Embedding and Extending
New o.a.catalina.startup.Tomcat class for embedding
Binary and source JARs provided for Apache Maven
Customisable JAR scanning
30
Embedding and Extending
New o.a.catalina.startup.Tomcat class for embedding
Adding a servlet
31
Code clean-up
Generics
Better definition of Lifecycle interface
Comet classes have moved to o.a.catalina.comet
Expanded the unit tests
Added Checkstyle and FindBugs to the build process
Removed unused / deprecated / duplicated code
Custom components using Tomcat internals are likely to require changes
32
Windows
Windows installer detects 32-bit or 64-bit JVM and installs correct native binaries
Windows native authentication (SPNEGO) Integration with
MS Active DirectoryandDomain Controller
Single Sign On based on Kerberos/SPNEGO
33
Current status
Apache Tomcat 7 is stable as of 7.0.6 Current release is 7.0.27
Continuing to provide a release a month
All releases have passed the Servlet 3.0, JSP 2.2 and EL 2.2 TCKs
Servlet TCK is tested with the following combinations
• HTTP BIO, NIO & APR/native
• mod_jk + AJP BIO, NIO & APR/native
• mod_proxy_http + HTTP BIO, NIO & APR/native
• mod_proxy_ajp + AJP BIO, NIO & APR/native
34
What to expect from an upgrade
Tomcat 4 to Tomcat 7
Tomcat 5 to Tomcat 7
Tomcat 6 to Tomcat 7
35
Web SocketsNew in Tomcat 7.027
Part of HTML 5
36
WebSockets – Bi-drectional protocol (binary/text)
37
Event Based on both Server and Client
38
Client - Initiating a WebSocket
39
Client - Initiating a WebScoket
40
Network – Opening WebSocket Request
41
In Tomcat 7 – Extend WebSocketServlet
42
In Tomcat 7 – Create a StreamInbound object
43
44
Network – Opening WebSocket - Response
45
Socket Opened – First Event
46
47
Client - Send a Message
48
In Tomcat 7 – Receive the message
49
50
51
Client – Receive the Message
52
Future Plans
Servlet 3.1 addition
Commons DBCP v2
Socket IO
Keep on top of open bugs
Continue reviewing enhancement requests
53
Useful Resources
54
Useful resources
http://www.tomcatexpert.com
http://tomcat.apache.org
• http://blogs.apache.org/tomcat
Mailing lists
• users
• dev
• announce
http://tomcat.markmail.org
http://svn.apache.org/repos/asf/tomcat/trunk/webapps/ docs/changelog.xml
http://ci.apache.org/projects/tomcat/tomcat7/docs/
http://s.apache.org/tomcat-7-open-issues
55
References
56
References
TomcatExpert.comhttp://www.tomcatexpert.com/blog/2012/04/24/websockets-tomcat-7http://www.tomcatexpert.com/blog/2012/05/01/how-apache-tomcat-implemented-websocket
Net.tutsplus.comhttp://net.tutsplus.com/tutorials/javascript-ajax/start-using-html5-websockets-today/
57
Vmware Supported Platform
58
Questions