Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Apache Tomcat Roadmap

2,842 views

Published on

SpringOne Platform 2016
Speaker: Mark Thomas; Apache Tomcat Committer, Pivotal

Development of Apache Tomcat continues at a strong pace. This presentation will cover:

Future development plans (features, timing)
Current work
Overview of new features available now in Tomcat 9 / Tomcat 8.5
SNI
OpenSSL based TLS
OAuth (via JASPIC)
Why do we need Tomcat 8.5?
Migrating from older versions
End-of-life plans for older versions

Progress towards a Servlet 4.0 implementation As a result of attending this presentation, the audience will gain an understanding of the new features available now or soon to be available in Tomcat 9 and how they can best utilize these features in their applications.

Published in: Technology
  • Be the first to comment

Apache Tomcat Roadmap

  1. 1. Apache Tomcat Roadmap Mark Thomas markt@apache.org
  2. 2. Introduction • Mark Thomas • markt@apache.org • Apache Tomcat committer since 2003 • Consultant Software Engineer at Pivotal • Disclaimer • This presentation is my personal view • I am not speaking on behalf of o The Apache Tomcat PMC o The ASF o Pivotal 2
  3. 3. Agenda • Mapping Tomcat versions to Java EE specifications • Support timescales • Release schedule • What is new (so far) for Tomcat in Java EE 8? • New features available now in 8.5.x / 9.0.x • Future plans • Questions 3
  4. 4. Tomcat and Java EE 4 Tomcat 5.5.x Tomcat 6.0.x Tomcat 7.0.x Tomcat 8.0.x Tomcat 8.5.x Tomcat 9.0.x Java EE 4 5 6 7 7 8 Servlet 2.4 2.5 3 3.1 3.1+ 4.0 JSP 2.0 2.1 2.2 2.3 2.3 2.4? UEL N/A 2.1 2.2 3.0 3.0 3.1? WebSocket N/A N/A 1.1 1.1 1.1 1.2? JASPIC N/A N/A N/A N/A 1.1 1.1?
  5. 5. Support timescales 5 Tomcat 5.5.x Tomcat 6.0.x Tomcat 7.0.x Tomcat 8.0.x Tomcat 8.5.x Tomcat 9.0.x First release 09 2003 10 2006 06 2010 08 2013 03 2016 11 2015 First stable release 08 2004 02 2007 01 2011 02 2014 06 2016 ??? End Of Life 09 2012 12 2016 - - - - Lifetime ~8 years ~10 years - - - - Current Release Schedule EOL 6 monthly monthly monthly (will reduce) monthly monthly
  6. 6. Release timescales • Roughly monthly • Older branches get released less frequently • Aim to fix all open bugs before a release • Excludes those in NEEDINFO state • The tomcat community does not have access to the TCKs • A number of downstream vendors do • Those vendors do report TCK failure related bugs to Tomcat • Security vulnerabilities are announced once a release is available for all affected versions 6
  7. 7. New in Java EE 8: Servlet 4.0 • Broadly agreed • HTTP/2 support • Default NO-OP methods for listeners • Abstract base class HttpFilter • Currently being discussed • Access to mapping information • Possible additional plans • Non-blocking access to request parameters • Reactive support 7
  8. 8. New in Java EE 8: The rest • Zip. Zero. Nothing. • JSP • Clarifications • Alignment with UEL • UEL • Clarifications • Alignment with JSP • JASPIC • Stable / Complete • WebSocket • Standard API for extension implementations 8
  9. 9. Tomcat and Java EE • The major Tomcat version is tied to the Java EE version • The first stable release depends on all specifications being final • Given the current Java EE 8 hiatus, that might change for 9.0.x • The community hasn’t thought through how this might work yet • This is largely why Tomcat 8.5.x was introduced 9
  10. 10. New Features in 8.5.x / 9.0.x • Major overhaul of TLS support • Tomcat <= 8.0.x • One TLS virtual host per Connector • One certificate per virtual host • Tomcat >= 8.5.x • Multiple virtual hosts per Connector (SNI) • Multiple certificates per virtual host • TLS configuration has changed to support this • HTTP/2 requires ALPN which requires OpenSSL • OpenSSL option for NIO and NIO2 • Common configuration attributes where possible for JSSE and OpenSSL 10
  11. 11. TLS Connector in 8.0.x 11 <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1" keystoreFile="${catalina.base}/conf/localhost.jks" keystorePass="changeit" truststoreFile="${catalina.base}/conf/ca.jks" truststorePass="changeit"/>
  12. 12. TLS Connector in 8.5.x onwards 12 <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" maxThreads="150" SSLEnabled="true" > <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> <SSLHostConfig> <Certificate certificateKeyFile="conf/localhost-rsa-key.pem" certificateFile="conf/localhost-rsa-cert.pem" certificateChainFile="conf/localhost-rsa-chain.pem" type="RSA" /> </SSLHostConfig> </Connector>
  13. 13. New Features in 8.5.x / 9.0.x • JASPIC • Java Authentication Service Provider Interface for Containers • Pluggable authentication • Example configuration provided for integration with Google OAuth 2 • Wild card support for virtual host names • HTTP Server header not sent by default • Limit Manager and Host Manager to localhost by default • Add support for relative HTTP redirects • Ands lots more… 13
  14. 14. Removed Features in 8.5.x onwards • BIO HTTP and BIO AJP connectors • WebSocket and Servlet 3.1 require non-blocking • Faking non-blocking in the BIO connectors was fragile • Comet • Proprietary interface for asynchronous I/O • Users have moved to WebSocket • Added complexity 14
  15. 15. Internal Changes in 8.5.x onwards • Connector refactoring • Reduce duplication (around 3k of 120k LoC) • Align behavior • WebSocket no longer written on top of Servlet 3.1 API • Servlet API doesn’t support switching between blocking and non-blocking • Direct to Tomcat’s I/O layer • Simpler • Faster • RFC 6265 CookieProcessor now the default • Note UTF-8 extension 15
  16. 16. Future Plans • Further Connector refactoring / clean-up • Aim to minimize implementation specific and protocol specific code • Review JACC (Java Authorization Contract for Containers) • No demand for this • Might be useful • No plans to implement the web profile • TomEE • JSP performance improvements • Mainly around compilation not runtime • More tuning 16
  17. 17. Questions • Over to you… 17
  18. 18. Learn More. Stay Connected. Tomcat “Ask me anything” all week Thursday, 9am: Designing, Implementing, and Using Reactive APIs @springcentral spring.io/blog @pivotal pivotal.io/blog @pivotalcf http://engineering.pivotal.io

×