0
Upgrading to Apache Tomcat 7Filip Hanik, Systems Engineer                                © 2009 VMware Inc. All rights res...
Agenda   Introduction   Specification changes (Servlet 3.0)   New features (Incl. WebSocket Deep Dive)   Current statu...
Introduction Apache Tomcat committer & PMC member Vmware Employee and Sales Engineer Weekend Warrior with US Army Reser...
What about you? Who’s running Apache Tomcat 6? Who’s running Apache Tomcat 5 or older?                                  ...
What do the version numbers mean? 7.0.22 • 7 major version • 0 minor version • 22 build number Major • New JSRs / Specif...
What do the version numbers mean? 7.0.22 • 7 major version • 0 minor version • 22 build number Minor • 4.0 vs 4.1 • 5.0 ...
What do the version numbers mean? 7.0.22 • 7 major version • 0 minor version • 22 build number Build Number • Incremente...
When to upgrade? Starts with application developers Need new features in Java Need new features in Servlet specificatio...
So what changed?                   9
Specification Changes                        10
New version of Java Less invasive as technology matures 1.5 to 1.6 should be seamless Moving to 1.6 is beneficial from ...
Asynchronous Servlets No more thread per request model Servlet API still uses blocking programming model • Async is more...
Annotations Alternative to XML configuration Requires scanning of libraries Will slow down startup time • Performance c...
Web Fragments Libraries can ship with its partial web.xml configuration • Eases including frameworks Requires scanning o...
Session Management Session tracking • Cookie, URL or SSL ID Session cookie can be configured • name • domain • path • co...
Programmatic Login Easier integration with alternative authentication solutions Calling login/logout • Directly within a...
Other changes JSP 2.2 • JSP property group additions • New omit attribute for <jsp:attribute .../> Expression Language 2...
New featuresTomcat evolves too                     18
Management JMX remote lifecycle listener  Allows JMX communication through firewall jconsole (or JMX client) url       ...
ManagementManager application can differentiate between primary, backup andproxy sessions                                 ...
Performance Limit loaded JSPs with LRU cache GZIP compressed output streams can now be flushed Remove bottleneck in ses...
Performance Tomcat jdbc-pool Alternative to commons-dbcp Well fitted for multi core machines Documented at tomcat.apac...
Resources New singleton attribute  Create new object on JNDI lookup New closeMethod attribute  Close resources upon sh...
Deployment Support parallel deployment Existing sessions go to the original applications New users go to the new applic...
Deployment Copying of  /META-INF/context.xml to  $CATALINA_BASE/<engine>/<host>/contextname.xml now optional and disab...
Deployment Improved memory leak detection and prevention Prevents common memory leaks during undeployment Warns on unpr...
Security Cross-site request forgery (CSRF) protection filter CSRF protection added to manager application    • role name...
Security Graceful handling of users book-marking the login page Session IDs generated using SecureRandom by default SSL...
Embedding and Extending New o.a.catalina.startup.Tomcat class for embedding Binary and source JARs provided for Apache M...
Embedding and Extending New o.a.catalina.startup.Tomcat class for embedding Adding a servlet                            ...
Code clean-up   Generics   Better definition of Lifecycle interface   Comet classes have moved to o.a.catalina.comet  ...
Windows Windows installer detects 32-bit or 64-bit JVM and installs correct native binaries Windows native authenticatio...
Current status Apache Tomcat 7 is stable as of 7.0.6  Current release is 7.0.27 Continuing to provide a release a month...
What to expect from an upgrade Tomcat 4 to Tomcat 7 Tomcat 5 to Tomcat 7 Tomcat 6 to Tomcat 7                          ...
Web SocketsNew in Tomcat 7.027  Part of HTML 5                      35
WebSockets – Bi-drectional protocol (binary/text)                                                    36
Event Based on both Server and Client                                        37
Client - Initiating a WebSocket                                  38
Client - Initiating a WebScoket                                  39
Network – Opening WebSocket Request                                      40
In Tomcat 7 – Extend WebSocketServlet                                        41
In Tomcat 7 – Create a StreamInbound object                                              42
43
Network – Opening WebSocket - Response                                         44
Socket Opened – First Event                              45
46
Client - Send a Message                          47
In Tomcat 7 – Receive the message                                    48
49
50
Client – Receive the Message                               51
Future Plans   Servlet 3.1 addition   Commons DBCP v2   Socket IO   Keep on top of open bugs   Continue reviewing enh...
Useful Resources                   53
Useful resources http://www.tomcatexpert.com http://tomcat.apache.org  • http://blogs.apache.org/tomcat Mailing lists  ...
References             55
References TomcatExpert.com http://www.tomcatexpert.com/blog/2012/04/24/websockets-tomcat-7 http://www.tomcatexpert.com/b...
Vmware Supported Platform                            57
Questions            58
Upcoming SlideShare
Loading in...5
×

Apache Tomcat 7 by Filip Hanik

1,706

Published on

Introduction to Tomcat 7 & WebSockets

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,706
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
71
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Transcript of "Apache Tomcat 7 by Filip Hanik"

  1. 1. Upgrading to Apache Tomcat 7Filip Hanik, Systems Engineer © 2009 VMware Inc. All rights reserved
  2. 2. Agenda Introduction Specification changes (Servlet 3.0) New features (Incl. WebSocket Deep Dive) Current status Future plans Useful resources Questions 2
  3. 3. Introduction Apache Tomcat committer & PMC member Vmware Employee and Sales Engineer Weekend Warrior with US Army Reserve 3
  4. 4. What about you? Who’s running Apache Tomcat 6? Who’s running Apache Tomcat 5 or older? 4
  5. 5. What do the version numbers mean? 7.0.22 • 7 major version • 0 minor version • 22 build number Major • New JSRs / Specifications for Servlets/JSPs • Side effect – New Java Version 5
  6. 6. What do the version numbers mean? 7.0.22 • 7 major version • 0 minor version • 22 build number Minor • 4.0 vs 4.1 • 5.0 vs 5.5 • Refactor of code base • Possible changes to config files • Possible changes to internal APIs 6
  7. 7. What do the version numbers mean? 7.0.22 • 7 major version • 0 minor version • 22 build number Build Number • Incremented with each build/SVN tag • Not all builds become release • Historically .18 has been the magic number • Stability • Bug fixes • Ready for enterprises 7
  8. 8. When to upgrade? Starts with application developers Need new features in Java Need new features in Servlet specification Need new features in a framework built for later versions 8
  9. 9. So what changed? 9
  10. 10. Specification Changes 10
  11. 11. New version of Java Less invasive as technology matures 1.5 to 1.6 should be seamless Moving to 1.6 is beneficial from performance perspective 11
  12. 12. Asynchronous Servlets No more thread per request model Servlet API still uses blocking programming model • Async is more complex, non blocking would have made it too complex Well suited for ‘Web 2.0’ applications API for developers, does not affect operations teams 12
  13. 13. Annotations Alternative to XML configuration Requires scanning of libraries Will slow down startup time • Performance can be improved by documenting JAR files not to be scanned • tomcat.util.scan.DefaultJarScanner.jarsToSkip system property • Defined in conf/catalina.properties 13
  14. 14. Web Fragments Libraries can ship with its partial web.xml configuration • Eases including frameworks Requires scanning of libraries Will slow down startup time • Performance can be improved by documenting JAR files not to be scanned • tomcat.util.scan.DefaultJarScanner.jarsToSkip system property • Defined in conf/catalina.properties 14
  15. 15. Session Management Session tracking • Cookie, URL or SSL ID Session cookie can be configured • name • domain • path • comment • secure • httpOnly 15
  16. 16. Programmatic Login Easier integration with alternative authentication solutions Calling login/logout • Directly within an application • Allows to retrieve credentials from alternative location 16
  17. 17. Other changes JSP 2.2 • JSP property group additions • New omit attribute for <jsp:attribute .../> Expression Language 2.2 • Method invocations 17
  18. 18. New featuresTomcat evolves too 18
  19. 19. Management JMX remote lifecycle listener  Allows JMX communication through firewall jconsole (or JMX client) url 19
  20. 20. ManagementManager application can differentiate between primary, backup andproxy sessions 20
  21. 21. Performance Limit loaded JSPs with LRU cache GZIP compressed output streams can now be flushed Remove bottleneck in session ID generation Crawler session manager valve AJP NIO connector (will be in 7.0.15 onwards) 21
  22. 22. Performance Tomcat jdbc-pool Alternative to commons-dbcp Well fitted for multi core machines Documented at tomcat.apache.org 22
  23. 23. Resources New singleton attribute  Create new object on JNDI lookup New closeMethod attribute  Close resources upon shutdown/undeploy 23
  24. 24. Deployment Support parallel deployment Existing sessions go to the original applications New users go to the new application Defer undeployment DEMO 24
  25. 25. Deployment Copying of  /META-INF/context.xml to  $CATALINA_BASE/<engine>/<host>/contextname.xml now optional and disabled by default One of the most confusing features in old version Often resulted in administrators unaware of accidental deployment Natural behaviour is that no files get created outside of application 25
  26. 26. Deployment Improved memory leak detection and prevention Prevents common memory leaks during undeployment Warns on unpreventable memory leaks 26
  27. 27. Security Cross-site request forgery (CSRF) protection filter CSRF protection added to manager application • role names & some URLs changed LockOutRealm used by default Access log enabled by default exec is disabled by default for SSI DefaultServlet serves content from root of context by default 27
  28. 28. Security Graceful handling of users book-marking the login page Session IDs generated using SecureRandom by default SSL renegotiation & RFC 5746 HTTP NIO connector now supports SSL renegotiation  Not having this made Apache Tomcat not be vulnerable to the man in the middle attack recently discovered Cookie paths end in / 28
  29. 29. Embedding and Extending New o.a.catalina.startup.Tomcat class for embedding Binary and source JARs provided for Apache Maven Customisable JAR scanning 29
  30. 30. Embedding and Extending New o.a.catalina.startup.Tomcat class for embedding Adding a servlet 30
  31. 31. Code clean-up Generics Better definition of Lifecycle interface Comet classes have moved to o.a.catalina.comet Expanded the unit tests Added Checkstyle and FindBugs to the build process Removed unused / deprecated / duplicated code Custom components using Tomcat internals are likely to require changes 31
  32. 32. Windows Windows installer detects 32-bit or 64-bit JVM and installs correct native binaries Windows native authentication (SPNEGO)  Integration with MS Active Directory and Domain Controller  Single Sign On based on Kerberos/SPNEGO 32
  33. 33. Current status Apache Tomcat 7 is stable as of 7.0.6  Current release is 7.0.27 Continuing to provide a release a month All releases have passed the Servlet 3.0, JSP 2.2 and EL 2.2 TCKs Servlet TCK is tested with the following combinations • HTTP BIO, NIO & APR/native • mod_jk + AJP BIO, NIO & APR/native • mod_proxy_http + HTTP BIO, NIO & APR/native • mod_proxy_ajp + AJP BIO, NIO & APR/native 33
  34. 34. What to expect from an upgrade Tomcat 4 to Tomcat 7 Tomcat 5 to Tomcat 7 Tomcat 6 to Tomcat 7 34
  35. 35. Web SocketsNew in Tomcat 7.027 Part of HTML 5 35
  36. 36. WebSockets – Bi-drectional protocol (binary/text) 36
  37. 37. Event Based on both Server and Client 37
  38. 38. Client - Initiating a WebSocket 38
  39. 39. Client - Initiating a WebScoket 39
  40. 40. Network – Opening WebSocket Request 40
  41. 41. In Tomcat 7 – Extend WebSocketServlet 41
  42. 42. In Tomcat 7 – Create a StreamInbound object 42
  43. 43. 43
  44. 44. Network – Opening WebSocket - Response 44
  45. 45. Socket Opened – First Event 45
  46. 46. 46
  47. 47. Client - Send a Message 47
  48. 48. In Tomcat 7 – Receive the message 48
  49. 49. 49
  50. 50. 50
  51. 51. Client – Receive the Message 51
  52. 52. Future Plans Servlet 3.1 addition Commons DBCP v2 Socket IO Keep on top of open bugs Continue reviewing enhancement requests 52
  53. 53. Useful Resources 53
  54. 54. Useful resources http://www.tomcatexpert.com http://tomcat.apache.org • http://blogs.apache.org/tomcat Mailing lists • users • dev • announce http://tomcat.markmail.org http://svn.apache.org/repos/asf/tomcat/trunk/webapps/ docs/changelog.xml http://ci.apache.org/projects/tomcat/tomcat7/docs/ http://s.apache.org/tomcat-7-open-issues 54
  55. 55. References 55
  56. 56. References TomcatExpert.com http://www.tomcatexpert.com/blog/2012/04/24/websockets-tomcat-7 http://www.tomcatexpert.com/blog/2012/05/01/how-apache-tomcat-imple websocket Net.tutsplus.com http://net.tutsplus.com/tutorials/javascript-ajax/start-using-html5-webso / 56
  57. 57. Vmware Supported Platform 57
  58. 58. Questions 58
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×