Tomcat New Evolution

3,519 views

Published on

Published in: Technology
  • el texto...Aquí el texto corregido Alfonso Lagunas
    necesito que me corrijas este testo que voy apurado :hoy a empezado : un dia me levanto y me a go una pregunta y decido pensar solamente delicarle ,una fracion de timpo mayor y,, sonrio,, por que soy una persona tranquila , pero lo que no pueden parar solamente que me pongo a a sonreir pero no creo que me rio por que piense que soy tonto no decido callar y a go este comunicado y no te dejo nada al azar decido explicartelo solo por que lo escuches no hace falta que agas nada ,, , y pensé voy hacer una cosa diferente voy a cerrar los ojos por un momento voy a respirar calma a pensar que puedo hacer yo para crear un movimiento para dar empleo cosas buenas y no necesito a nadie si no quereis ayudarme soy un poco radical por mis ciscuntancias pero no creo que eso sea tan malo ,, yo creo que cuando una persona se cansa busca su mejor salida lo que el siente y intenta proyectarlo por que lo ha vivido, pero claro tan bien puede ay gente que piense ,, exclama ya pero lo haces por que tu quieres ya ,,, bueno .Pensamientos para todos solo que esta vez he decidido informar de lo que pienso simplemente necesita lapiz y un papel para comunicar lo que uno piensa no quiero hacer nada de mal royo solo quiero que sepais que me apetece unir a la gente en un solo sentido no en el que digo yo ni dice nadie si no al que me sale de mis ideas pensadas con el corazon como he sufrido por ser como soy bamos que paso de burbujas de todas las formas que hoy me he sentado aqui a ti y abeirto a sugerencias pero las minimas por que yo ya lo he pensado mucho bamos lo tengo hasta en graficas que ya os invitare a la plataforma gente en movimiento juventuz cantabria bueno cada cosa mira como ago propaganda ,,,que hay podeis informaros tendremos nuestro buen royo jentes de cantabria asociaciones que creo que tanbien ago yamamiento y no estoy cerado hacer algo y intentar canbiar y esfuerzo no tener el dia bago que saben mis mas allegados como soy , voy hacer yo solo comunicaros solamente que sepas por lo que yo quiero ayudarte en lo que yo se hacer donde estes no te sientas solo no eres un solo grano de arena eres parte de tu gente, no quiero que por hacer este comunicado leciones lexivas fenomenos pidamide. solo piensa por un momento como pienso yo solo te lo voy a pedir una sola vez. No tengo fuerzas para seguir en mi situacion soy consciente solo por hacer solo quiero poder hacer lo que ago y ayudar esa es mi solucion espero que les balga de ayuda y redirecionen este comun solo a otra persona , o lo rapido que quieras tu que vaya me da igual como si no funciona pero si funciona espero que no sea niguna ley etraña que no nos poermita expresarnos con moderacion gracias me llamo alfonso muiguel lagunas gonzalez y estohttp://blogs.monografias.com/y encantado de conocerte posdata si meto este texto en pagina sale gete que habla muy bien sera que tanbien tienen razon
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Tomcat New Evolution

  1. 1. Tomcat New Evolution Allan Huang @ esobi Inc.
  2. 2. Agenda   Tomcat 6 New Features Tomcat 7 New Features
  3. 3. Tomcat Versions     Tomcat 5.5.36 was released on 2012-10-10 Tomcat 6.0.37 was released on 2013-05-03 Tomcat 7.0.42 was released on 2013-07-05 Tomcat 8.0.0-RC3 is developing currently
  4. 4. Tomcat 6
  5. 5. Tomcat 6 Basis    Need Java 1.5 or further version Servlet 2.5, EL 2.1, JSP 2.1, and JSR 250 (Common Annotation) support Restructured code base     Merge the common, shared, and server repositories into a single folder, "$CATALINA_HOME/lib" Reduced duplicate code Removed obsolete items Reduced distribution size
  6. 6. Memory Leak Causes  Web application calls standard Java APIs that will cause memory leaks       Use Javax.imageio API, java.bean.introspector.flushCaches(), XML parsing, RMI, reading resources from jar files. JDBC drivers registration Some logging framework Storing objects in ThreadLocals and not removing them Starting threads and not stopping them Not clear ResourceBundle cache (from Java 1.6)
  7. 7. Tomcat Class Loaders
  8. 8. Tomcat 6 New Features (1)   Ensure nothing retains a reference to the web application class loader to prevent OutOfMemoryError. Memory Leak Prevention  By making sure that Tomcat code makes the calls firstly, the memory leaks are prevented.   JreMemoryLeakPreventionListener Memory Leak Detection  When a web application is stopped, undeployed or reloaded, Tomcat scans the code for standard causes of memory leaks, and fixes them.  Implemented in the WebappClassLoader
  9. 9. Memory Leak Protection in Tomcat  Development mode     Classes are stored in PermGen using class name Each web application has its own class loader Fix some of the common causes of Memory Leaks from the PermGen space by removing references to objects that don't get Garbage Collected Production mode  It is a good practice to stop Tomcat, clear the work folder and the old web application, deploy the new web application and restart Tomcat.
  10. 10. Cross-Site Request Forgery
  11. 11. Tomcat 6 New Features (2)  CSRF Protection    Cross-Site Request Forgery / One-Click Attack / Session Riding Malicious code runs in HTML emails, social media links or flash files, riding on the open authenticated session, it opens a back door to the application for the attacker to cripple a site or control the users account. Use a nonce / token issued in an authentication protocol to ensure that old communications cannot be reused in replay CSRF attacks.  CsrfPreventionFilter
  12. 12. Session Fixation
  13. 13. Tomcat 6 New Features (3)  Session Fixation Protection    Attacks attempt to exploit the vulnerability of a system which allows one person to fixate (set) another person's session ID Most attacks are web based, and most rely on session ID being accepted from URLs (query string) or POST data Identity Confirmation  This attack can be largely avoided by changing the session ID when users log in.
  14. 14. Tomcat 6 New Features (4)   A new NIO (New I/O) Connector allows asynchronous communication of low-level I/O data. With usage of APR (Apache Portable Runtime) or NIO APIs as the basis of its connectors, Tomcat is able to provide a number of extensions over the regular blocking IO as provided with support for the Servlet API. I/O New I/O Stream Oriented Buffer Oriented Blocking I/O Non-Blocking I/O Selectors
  15. 15. I/O vs. New I/O I/O New I/O
  16. 16. NIO Connector
  17. 17. Tomcat Connector Comparison Java Blocking Connector Java Non-Blocking Connector APR / Native Connector Class Name Http11Protocol Http11NioProtocol Http11AprProtocol Tomcat Version 3.x onwards 6.x onwards 5.5.x onwards Support Polling NO YES YES Polling Size N/A maxConnections maxConnections Read HTTP Request Blocking Non Blocking Blocking Read HTTP Body Blocking Sim Blocking Blocking Write HTTP Response Blocking Sim Blocking Blocking Wait for next Request Blocking Non Blocking Non Blocking SSL Support Java SSL Java SSL OpenSSL SSL Handshake Blocking Non Blocking Blocking Max Connections maxConnections maxConnections maxConnections
  18. 18. Tomcat 6 New Features (5)  Comet Support     Comet is a web application model in which a long-held HTTP request allows a web server to push data to a browser, without the browser explicitly requesting it. Ajax Push, Reverse Ajax, Two-way-web, HTTP Streaming, HTTP Server Push Usage of Comet requires using the APR or NIO HTTP connectors. The classic java.io HTTP connector and the AJP connectors do not support Comet.
  19. 19. Comet Implementation  Streaming (Tomcat Implementation)   An application using streaming Comet opens a single persistent connection from the client browser to the server for all Comet events. Long Polling  The browser makes an Ajax-style request to the server, which is kept open until the server has new data to send to the browser.
  20. 20. Comet Application Model
  21. 21. Comet Example Client-Side Server-Side
  22. 22. Tomcat 6 New Features (6)  The new Executor element represents a thread pool that can be shared between connectors in Tomcat, but also other components when those get configured to support executors.
  23. 23. Tomcat 6 New Features (7)    A limitation of java.util.logging appears to be the inability to have per-web application logging, as the configuration is per-VM. Replace the default LogManager implementation with a container friendly implementation called JULI (Java Utility Logging Implementation) Use tomcat-juli.jar to allows the implementation of an alternate commonslogging adaptor such as Log4J.
  24. 24. Tomcat 6 New Features (8)   Tomcat provides factories for Web Services JSR 109 which may be used to resolve web services references. Place the generated catalina-ws.jar as well as jaxrpc.jar and wsdl4j.jar in the Tomcat lib folder.
  25. 25. Web Service Architecture
  26. 26. Tomcat 6 New Features (9)  Changes to the configuration rules allow users to define multiple URL-pattern elements within a single servlet-mapping element.
  27. 27. Tomcat 6 New Features (10)  Common Annotations Support          @HandlesTypes @HttpConstraint @HttpMethodConstraint @MultipartConfig @ServletSecurity @WebFilter @WebInitParam @WebListener @WebServlet
  28. 28. Single Server Problems     A single server cannot handle the high number of incoming requests efficiently. A stateful application needs a way of preserving session data if its server fails. A developer requires the capability to make configuration changes or deploy updates to their applications without discontinuing service. A clustered architecture solves these problems using a combination of load balancing, multiple servers to process the balanced load, and some kind of session replication.
  29. 29. Tomcat 6 New Features (11)  HA (High Availability) – Load Balance     Static content is served directly by Apache HTTP server and any dynamic requests forwarded to the Tomcat servers based on some algorithm. JK 1.2.x native connector Apache HTTP Server 2.x with mod_proxy HA (High Availability) – Fail-over Solution   If the load balancer detects that one of the nodes has gone down it will redirect all the traffic to the second instance and your clients, apart from any on the failed node. Tomcat Session Replication
  30. 30. Tomcat Clustering
  31. 31. Apache + Tomcat + MySQL
  32. 32. Tomcat 7
  33. 33. Tomcat 7 Basis      Need Java 1.6 or further version Servlet 3.0, EL 2.2, and JSP 2.2, WebSocket RFC 6455 support Improved security for the Manager and Host Manager applications Offers tomcat-api.jar which contains interfaces that are shared by the Jasper and Catalina Provides improved configurability through newly added container components
  34. 34. Tomcat 7 New Features (1)   A Web application might need static resources that increases the size of the war file and also leads to duplication of static resources. Allows a new aliases attribute in the context element that can point to the static resources are stored outside the war file.
  35. 35. Tomcat 7 New Features (2)  WebSocket Support   WebSocket developed as part of the HTML5 initiative — introduced the WebSocket JavaScript interface, which defines a full-duplex single socket connection over which messages can be sent between client and server. The WebSocket standard simplifies much of the complexity around bi-directional web communication and connection management.
  36. 36. WebSocket Structure
  37. 37. WebSocket Example Client-Side Server-Side
  38. 38. Tomcat 7 New Features (3)   Tomcat can be embedded in an application and it can be configured and started programmatically. A new Tomcat class uses defaults for several configuration elements and provides an easier and simpler way to embed Tomcat.
  39. 39. Embedded Tomcat Example
  40. 40. Tomcat 7 New Features (4)    AsyncFileHandler employs a producer/consumer relationship with the queue to store log messages. Replace all occurrences of FileHandler with AsyncFileHandler in the "$CATALINA_HOME/conf/logging.properties" file. The application must use java.util.Logging; asynchronous logging does not work with Log4j.
  41. 41. AsynFileHandler Class Diagram
  42. 42. Reference (1)         Apache Tomcat - Which Version Do I Want? Memory Leak Protection in Tomcat 7 Tomcat Wiki – Memory Leak Protection Cross-site Request Forgery Session Fixation Wikipedia The Top 3 Apache Tomcat 7 features now Available in A Tomcat 6 – New Features, Migration, and Tomcat 7 Java NIO vs. IO
  43. 43. Reference (2)          Comet (programming) Wikipedia Apache Tomcat Configuration Reference - The Executor (thread pool) A Simple Guide To Tomcat Logging Setting up Clustering on Apache/Tomcat using Jakarta mod_jk Top 7 Features in Tomcat 7: The New and the Improved What’s New in Tomcat 7 Tomcat 7 Changes And New Features HTML5 WebSocket Client WebSocket Wikipedia
  44. 44. Q&A

×