Apache Tomcat 8 Preview
Upcoming SlideShare
Loading in...5
×
 

Apache Tomcat 8 Preview

on

  • 3,007 views

Speakers: Daniel Mikusa and Stuart Williams ...

Speakers: Daniel Mikusa and Stuart Williams
Apache Tomcat 8 will implement new versions of the Servlet, JSP and EL specifications as well as adding support for the new WebSocket specification. Work is also planned for internal refactoring in a number of areas that will impact a number of Tomcat specific features. This presentation will provide an overview of the changes and new features introduced by both the updated specifications and the Tomcat specific changes. With the first stable Tomcat 8 release expected towards the middle of 2013 (once the Java EE 7 specifications are finalised) this session will enable attendees to identify the Tomcat 8 features of greatest interest to them and provide them with the information required to start planning their migration to Tomcat 8.

Statistics

Views

Total Views
3,007
Views on SlideShare
3,007
Embed Views
0

Actions

Likes
2
Downloads
24
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Apache Tomcat 8 Preview Apache Tomcat 8 Preview Presentation Transcript

  • Apache Tomcat 8 Preview By Daniel Mikusa & Stuart Williams © 2013 SpringOne 2GX. All rights reserved. Do not distribute without permission.
  • Agenda ● ● ● ● ● Introductions Java EE 7 Tomcat specific changes Timescales Questions
  • Introductions View slide
  • Introductions ● ● ● ● Daniel Mikusa Active on users@tomcat.apache.org Contributing Author on TomcatExpert.com Senior Technical Support Engineer at Pivotal ○ Tomcat / tc Server ○ Spring Framework ○ CloudFoundry ● ● ● ● Stuart Williams Active on users@tomcat.apache.org A committer on open source projects at Apache, Eclipse and elsewhere Consulting Architect at Pivotal View slide
  • Java EE 7
  • Java EE 7 ● Tomcat 8 ○ Servlet 3.1 ○ JSP 2.3 ○ Expression Language 3.0 ○ Web Sockets 1.0 ○ Little / no demand for other Java EE 7 components in Tomcat ■ Java Authentication SPI for Containers (JASPIC JSR 196) ● Web Container - Apache TomEE ● J2EE Container - Apache Geronimo
  • Servlet 3.1 ● ● ● Final: May 28th 2013 New Features ○ Non-blocking IO ○ HTTP Upgrade ○ Change session id on authentication Improvements ○ Protection for uncovered HTTP methods in security constraints ○ Clarified some ambiguities ○ Fixed some typos
  • Change Session Id ● ● ● To change the session id: ○ HttpServletRequest.changeSessionId() To listen for session id changes with HttpSessionIdListener Register HttpSessionIdListener with: ○ ServletContext.addListener(..) ○ @WebListener public class CustomHttpSessionIdListener implements HttpSessionIdListener { public void sessionIdChanged(HttpSessionEvent event, String oldSessionId) { …. } }
  • Uncovered HTTP Methods ● ● ● When defining security constraints, it’s possible to list specific HTTP methods covered by the security constraint ○ <http-method> ○ <http-method-omission> A method is “uncovered” when… ○ One or more methods are listed with <http-method>, any method not listed is “uncovered” ○ One or more methods are listed with <http-method-omission>, every method list is “uncovered” If no methods are specifically listed then all methods are protected
  • Uncovered HTTP Methods: Ex 1 <security-constraint> <web-resource-collection> <web-resource-name>wholesale</web-resource-name> <url-pattern>/acme/wholesale/*</url-pattern> Only GET is covered <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <role-name>SALESCLERK</role-name> </auth-constraint> </security-constraint>
  • Uncovered HTTP Methods: Ex 2 @ServletSecurity((httpMethodConstraints = { @HttpMethodConstraint(value = "GET", rolesAllowed = "R1"), @HttpMethodConstraint(value = "POST", rolesAllowed = "R1", transportGuarantee = TransportGuarantee.CONFIDENTIAL) }) Only GET & POST are covered public class Example5 extends HttpServlet { …. }
  • Servlet 3.1 Demos
  • JSP 2.3 ● ● ● ● Final: June 12th 2013 There is no JSP Expert Group JSP 2.3 is a maintenance release Changes ○ Requires Servlet 3.1, EL 3.0 & Java 7 ○ JSP must render identical response for GET, POST & HEAD; all other methods are undefined
  • EL 3.0 ● ● ● ● Final: Final May 22nd 2013 Significant Changes New Features ○ Access to static fields, methods & constructors ○ Assignment operator ○ Semi-colon operator (chain multiple commands) ○ String concatenation operator ○ New Collections API, including dynamic construction of collections & the stream method and the collection pipeline ○ Lambda Expressions Incompatibilities ○ Default coercion for nulls to non-primitive types, except Strings, return null. Ex: null -> Boolean returns null, but null -> boolean returns false.
  • EL 3.0 Demos
  • WebSocket 1.0 ● ● ● ● ● ● ● ● Final: May 22nd 2013 Tomcat 7 has supported WebSockets for a while (different API) Tomcat 8 implements new API Tomcat 7 has been upgraded to support new API (as of Tomcat 7.0.4x) Both implement client & server APIs Additional Features ○ Encoding / decoding (lots of debate here) ○ Annotations Differences ○ Tomcat 7’s implementation is blocking within a Frame ○ WebSocket 1.0 is non-blocking although some writes do block Non-blocking ○ Works with the BIO connector but obviously is not really non-blocking ○ Fundamentally changes the API
  • Tomcat Specific Changes
  • Tomcat Specific Changes ● ● ● Resources ○ Aliases ○ VirtualDirContext / VirtualWebappLoader ○ External repositories for the WebappClassLoader ○ Servlet 3.0 resource JARS Tomcat 7 implements each of these slightly differently ○ Very fragile ○ Servlet 3.1 overlays would have been difficult New resources implementation ○ Much cleaner implementation ○ Overlays now simpler to implement (but have been dropped from Servlet 3.1)
  • Resources ● ● ● Ordering ○ Pre Resources ○ Main Resources (i.e. the docBase for a context) ○ Jar Resources ○ Post Resources Types ○ DirResourceSet - a directory ○ FileResourceSet - a single file ○ JarResourceSet - a JAR file General recommendation is avoid using directly as this is Tomcat specific
  • Resources <?xml version='1.0' encoding='utf-8'?> <Context> <Resources> <PreResources className="org.apache.catalina.webresources. FileResourceSet" base="/app/files/special.txt" webAppMount="/static/special. txt" /> <PostResources className="org.apache.catalina.webresources. DirResourceSet" base="/app/files/static" webAppMount="/static" /> </Resources> </Context>
  • Tomcat Specific Changes (cont.) ● ● ● ● NIO connector is now the default Additional diagnostic information in the Manager ○ SSL ciphers ○ May be back-ported to Tomcat 7 API changing clean-up ○ Remove duplicated functionality ○ Move Manager, Loader & Resources from Container to Context ○ Move Mapper from Connector to Service Code clean-up ○ Reduce warnings ○ IDE, FindBugs, Javadocs, Checkstyle, etc...
  • Timescales
  • Timescales ● ● Java EE 7 Final has shipped Tomcat 8.0.0 ○ 8.0.0.RC1 (alpha) is available ○ Alpha has complete implementations of Servlet 3.1, JSP 2.3, EL 3.0 & WebSocket 1.0 ○ Code is not ready for production usage, purpose is to gather community feedback ○ Additional internal refactoring will likely occur prior to a non-alpha release ○ Based on past experience, 8.0.0 release will likely hit six to nine months after initial alpha release (Feb - May 2014). Depends on community usage and feedback.
  • Questions
  • Learn More. Stay Connected. ● ● ● ● ● ● Demo Code: github.com/swilliams-vmw/s2gx-tomcat Website: tomcat.apache.org Download: tomcat.apache.org/download-80.cgi Documentation: tomcat.apache.org/tomcat-8.0-doc/index.html Migration Guide: tomcat.apache.org/migration.html Mailing Lists: tomcat.apache.org/lists.html ● Find Session replays on YouTube: spring.io/video