Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Apache Tomcat 7 by Filip Hanik

2,268 views

Published on

Introduction to Tomcat 7 & WebSockets

Published in: Technology
  • Be the first to comment

Apache Tomcat 7 by Filip Hanik

  1. 1. Upgrading to Apache Tomcat 7Filip Hanik, Systems Engineer © 2009 VMware Inc. All rights reserved
  2. 2. Agenda Introduction Specification changes (Servlet 3.0) New features (Incl. WebSocket Deep Dive) Current status Future plans Useful resources Questions 2
  3. 3. Introduction Apache Tomcat committer & PMC member Vmware Employee and Sales Engineer Weekend Warrior with US Army Reserve 3
  4. 4. What about you? Who’s running Apache Tomcat 6? Who’s running Apache Tomcat 5 or older? 4
  5. 5. What do the version numbers mean? 7.0.22 • 7 major version • 0 minor version • 22 build number Major • New JSRs / Specifications for Servlets/JSPs • Side effect – New Java Version 5
  6. 6. What do the version numbers mean? 7.0.22 • 7 major version • 0 minor version • 22 build number Minor • 4.0 vs 4.1 • 5.0 vs 5.5 • Refactor of code base • Possible changes to config files • Possible changes to internal APIs 6
  7. 7. What do the version numbers mean? 7.0.22 • 7 major version • 0 minor version • 22 build number Build Number • Incremented with each build/SVN tag • Not all builds become release • Historically .18 has been the magic number • Stability • Bug fixes • Ready for enterprises 7
  8. 8. When to upgrade? Starts with application developers Need new features in Java Need new features in Servlet specification Need new features in a framework built for later versions 8
  9. 9. So what changed? 9
  10. 10. Specification Changes 10
  11. 11. New version of Java Less invasive as technology matures 1.5 to 1.6 should be seamless Moving to 1.6 is beneficial from performance perspective 11
  12. 12. Asynchronous Servlets No more thread per request model Servlet API still uses blocking programming model • Async is more complex, non blocking would have made it too complex Well suited for ‘Web 2.0’ applications API for developers, does not affect operations teams 12
  13. 13. Annotations Alternative to XML configuration Requires scanning of libraries Will slow down startup time • Performance can be improved by documenting JAR files not to be scanned • tomcat.util.scan.DefaultJarScanner.jarsToSkip system property • Defined in conf/catalina.properties 13
  14. 14. Web Fragments Libraries can ship with its partial web.xml configuration • Eases including frameworks Requires scanning of libraries Will slow down startup time • Performance can be improved by documenting JAR files not to be scanned • tomcat.util.scan.DefaultJarScanner.jarsToSkip system property • Defined in conf/catalina.properties 14
  15. 15. Session Management Session tracking • Cookie, URL or SSL ID Session cookie can be configured • name • domain • path • comment • secure • httpOnly 15
  16. 16. Programmatic Login Easier integration with alternative authentication solutions Calling login/logout • Directly within an application • Allows to retrieve credentials from alternative location 16
  17. 17. Other changes JSP 2.2 • JSP property group additions • New omit attribute for <jsp:attribute .../> Expression Language 2.2 • Method invocations 17
  18. 18. New featuresTomcat evolves too 18
  19. 19. Management JMX remote lifecycle listener  Allows JMX communication through firewall jconsole (or JMX client) url 19
  20. 20. ManagementManager application can differentiate between primary, backup andproxy sessions 20
  21. 21. Performance Limit loaded JSPs with LRU cache GZIP compressed output streams can now be flushed Remove bottleneck in session ID generation Crawler session manager valve AJP NIO connector (will be in 7.0.15 onwards) 21
  22. 22. Performance Tomcat jdbc-pool Alternative to commons-dbcp Well fitted for multi core machines Documented at tomcat.apache.org 22
  23. 23. Resources New singleton attribute  Create new object on JNDI lookup New closeMethod attribute  Close resources upon shutdown/undeploy 23
  24. 24. Deployment Support parallel deployment Existing sessions go to the original applications New users go to the new application Defer undeployment DEMO 24
  25. 25. Deployment Copying of  /META-INF/context.xml to  $CATALINA_BASE/<engine>/<host>/contextname.xml now optional and disabled by default One of the most confusing features in old version Often resulted in administrators unaware of accidental deployment Natural behaviour is that no files get created outside of application 25
  26. 26. Deployment Improved memory leak detection and prevention Prevents common memory leaks during undeployment Warns on unpreventable memory leaks 26
  27. 27. Security Cross-site request forgery (CSRF) protection filter CSRF protection added to manager application • role names & some URLs changed LockOutRealm used by default Access log enabled by default exec is disabled by default for SSI DefaultServlet serves content from root of context by default 27
  28. 28. Security Graceful handling of users book-marking the login page Session IDs generated using SecureRandom by default SSL renegotiation & RFC 5746 HTTP NIO connector now supports SSL renegotiation  Not having this made Apache Tomcat not be vulnerable to the man in the middle attack recently discovered Cookie paths end in / 28
  29. 29. Embedding and Extending New o.a.catalina.startup.Tomcat class for embedding Binary and source JARs provided for Apache Maven Customisable JAR scanning 29
  30. 30. Embedding and Extending New o.a.catalina.startup.Tomcat class for embedding Adding a servlet 30
  31. 31. Code clean-up Generics Better definition of Lifecycle interface Comet classes have moved to o.a.catalina.comet Expanded the unit tests Added Checkstyle and FindBugs to the build process Removed unused / deprecated / duplicated code Custom components using Tomcat internals are likely to require changes 31
  32. 32. Windows Windows installer detects 32-bit or 64-bit JVM and installs correct native binaries Windows native authentication (SPNEGO)  Integration with MS Active Directory and Domain Controller  Single Sign On based on Kerberos/SPNEGO 32
  33. 33. Current status Apache Tomcat 7 is stable as of 7.0.6  Current release is 7.0.27 Continuing to provide a release a month All releases have passed the Servlet 3.0, JSP 2.2 and EL 2.2 TCKs Servlet TCK is tested with the following combinations • HTTP BIO, NIO & APR/native • mod_jk + AJP BIO, NIO & APR/native • mod_proxy_http + HTTP BIO, NIO & APR/native • mod_proxy_ajp + AJP BIO, NIO & APR/native 33
  34. 34. What to expect from an upgrade Tomcat 4 to Tomcat 7 Tomcat 5 to Tomcat 7 Tomcat 6 to Tomcat 7 34
  35. 35. Web SocketsNew in Tomcat 7.027 Part of HTML 5 35
  36. 36. WebSockets – Bi-drectional protocol (binary/text) 36
  37. 37. Event Based on both Server and Client 37
  38. 38. Client - Initiating a WebSocket 38
  39. 39. Client - Initiating a WebScoket 39
  40. 40. Network – Opening WebSocket Request 40
  41. 41. In Tomcat 7 – Extend WebSocketServlet 41
  42. 42. In Tomcat 7 – Create a StreamInbound object 42
  43. 43. 43
  44. 44. Network – Opening WebSocket - Response 44
  45. 45. Socket Opened – First Event 45
  46. 46. 46
  47. 47. Client - Send a Message 47
  48. 48. In Tomcat 7 – Receive the message 48
  49. 49. 49
  50. 50. 50
  51. 51. Client – Receive the Message 51
  52. 52. Future Plans Servlet 3.1 addition Commons DBCP v2 Socket IO Keep on top of open bugs Continue reviewing enhancement requests 52
  53. 53. Useful Resources 53
  54. 54. Useful resources http://www.tomcatexpert.com http://tomcat.apache.org • http://blogs.apache.org/tomcat Mailing lists • users • dev • announce http://tomcat.markmail.org http://svn.apache.org/repos/asf/tomcat/trunk/webapps/ docs/changelog.xml http://ci.apache.org/projects/tomcat/tomcat7/docs/ http://s.apache.org/tomcat-7-open-issues 54
  55. 55. References 55
  56. 56. References TomcatExpert.com http://www.tomcatexpert.com/blog/2012/04/24/websockets-tomcat-7 http://www.tomcatexpert.com/blog/2012/05/01/how-apache-tomcat-imple websocket Net.tutsplus.com http://net.tutsplus.com/tutorials/javascript-ajax/start-using-html5-webso / 56
  57. 57. Vmware Supported Platform 57
  58. 58. Questions 58

×