Allan Huang, profile picture
Uploaded byAllan Huang
PPT, PDF4,169 views

Tomcat New Evolution

Tomcat New Evolution discusses the new features introduced in Tomcat 6 and 7. Some key highlights include: - Tomcat 6 introduced features like memory leak prevention, CSRF protection, session fixation protection, NIO connector, Comet support, logging improvements, web services support, and clustering. - Tomcat 7 features included externalizing static resources, WebSocket support, easier embedded usage, and asynchronous logging. - Both versions aimed to improve performance, security, and scalability through these new capabilities. Tomcat continues evolving to support newer standards and address common issues.

Embed presentation

Downloaded 68 times
Tomcat New Evolution Allan Huang @ esobi Inc.
Agenda   Tomcat 6 New Features Tomcat 7 New Features
Tomcat Versions     Tomcat 5.5.36 was released on 2012-10-10 Tomcat 6.0.37 was released on 2013-05-03 Tomcat 7.0.42 was released on 2013-07-05 Tomcat 8.0.0-RC3 is developing currently
Tomcat 6
Tomcat 6 Basis    Need Java 1.5 or further version Servlet 2.5, EL 2.1, JSP 2.1, and JSR 250 (Common Annotation) support Restructured code base     Merge the common, shared, and server repositories into a single folder, "$CATALINA_HOME/lib" Reduced duplicate code Removed obsolete items Reduced distribution size
Memory Leak Causes  Web application calls standard Java APIs that will cause memory leaks       Use Javax.imageio API, java.bean.introspector.flushCaches(), XML parsing, RMI, reading resources from jar files. JDBC drivers registration Some logging framework Storing objects in ThreadLocals and not removing them Starting threads and not stopping them Not clear ResourceBundle cache (from Java 1.6)
Tomcat Class Loaders
Tomcat 6 New Features (1)   Ensure nothing retains a reference to the web application class loader to prevent OutOfMemoryError. Memory Leak Prevention  By making sure that Tomcat code makes the calls firstly, the memory leaks are prevented.   JreMemoryLeakPreventionListener Memory Leak Detection  When a web application is stopped, undeployed or reloaded, Tomcat scans the code for standard causes of memory leaks, and fixes them.  Implemented in the WebappClassLoader
Memory Leak Protection in Tomcat  Development mode     Classes are stored in PermGen using class name Each web application has its own class loader Fix some of the common causes of Memory Leaks from the PermGen space by removing references to objects that don't get Garbage Collected Production mode  It is a good practice to stop Tomcat, clear the work folder and the old web application, deploy the new web application and restart Tomcat.
Cross-Site Request Forgery
Tomcat 6 New Features (2)  CSRF Protection    Cross-Site Request Forgery / One-Click Attack / Session Riding Malicious code runs in HTML emails, social media links or flash files, riding on the open authenticated session, it opens a back door to the application for the attacker to cripple a site or control the users account. Use a nonce / token issued in an authentication protocol to ensure that old communications cannot be reused in replay CSRF attacks.  CsrfPreventionFilter
Session Fixation
Tomcat 6 New Features (3)  Session Fixation Protection    Attacks attempt to exploit the vulnerability of a system which allows one person to fixate (set) another person's session ID Most attacks are web based, and most rely on session ID being accepted from URLs (query string) or POST data Identity Confirmation  This attack can be largely avoided by changing the session ID when users log in.
Tomcat 6 New Features (4)   A new NIO (New I/O) Connector allows asynchronous communication of low-level I/O data. With usage of APR (Apache Portable Runtime) or NIO APIs as the basis of its connectors, Tomcat is able to provide a number of extensions over the regular blocking IO as provided with support for the Servlet API. I/O New I/O Stream Oriented Buffer Oriented Blocking I/O Non-Blocking I/O Selectors
I/O vs. New I/O I/O New I/O
NIO Connector
Tomcat Connector Comparison Java Blocking Connector Java Non-Blocking Connector APR / Native Connector Class Name Http11Protocol Http11NioProtocol Http11AprProtocol Tomcat Version 3.x onwards 6.x onwards 5.5.x onwards Support Polling NO YES YES Polling Size N/A maxConnections maxConnections Read HTTP Request Blocking Non Blocking Blocking Read HTTP Body Blocking Sim Blocking Blocking Write HTTP Response Blocking Sim Blocking Blocking Wait for next Request Blocking Non Blocking Non Blocking SSL Support Java SSL Java SSL OpenSSL SSL Handshake Blocking Non Blocking Blocking Max Connections maxConnections maxConnections maxConnections
Tomcat 6 New Features (5)  Comet Support     Comet is a web application model in which a long-held HTTP request allows a web server to push data to a browser, without the browser explicitly requesting it. Ajax Push, Reverse Ajax, Two-way-web, HTTP Streaming, HTTP Server Push Usage of Comet requires using the APR or NIO HTTP connectors. The classic java.io HTTP connector and the AJP connectors do not support Comet.
Comet Implementation  Streaming (Tomcat Implementation)   An application using streaming Comet opens a single persistent connection from the client browser to the server for all Comet events. Long Polling  The browser makes an Ajax-style request to the server, which is kept open until the server has new data to send to the browser.
Comet Application Model
Comet Example Client-Side Server-Side
Tomcat 6 New Features (6)  The new Executor element represents a thread pool that can be shared between connectors in Tomcat, but also other components when those get configured to support executors.
Tomcat 6 New Features (7)    A limitation of java.util.logging appears to be the inability to have per-web application logging, as the configuration is per-VM. Replace the default LogManager implementation with a container friendly implementation called JULI (Java Utility Logging Implementation) Use tomcat-juli.jar to allows the implementation of an alternate commonslogging adaptor such as Log4J.
Tomcat 6 New Features (8)   Tomcat provides factories for Web Services JSR 109 which may be used to resolve web services references. Place the generated catalina-ws.jar as well as jaxrpc.jar and wsdl4j.jar in the Tomcat lib folder.
Web Service Architecture
Tomcat 6 New Features (9)  Changes to the configuration rules allow users to define multiple URL-pattern elements within a single servlet-mapping element.
Tomcat 6 New Features (10)  Common Annotations Support          @HandlesTypes @HttpConstraint @HttpMethodConstraint @MultipartConfig @ServletSecurity @WebFilter @WebInitParam @WebListener @WebServlet
Single Server Problems     A single server cannot handle the high number of incoming requests efficiently. A stateful application needs a way of preserving session data if its server fails. A developer requires the capability to make configuration changes or deploy updates to their applications without discontinuing service. A clustered architecture solves these problems using a combination of load balancing, multiple servers to process the balanced load, and some kind of session replication.
Tomcat 6 New Features (11)  HA (High Availability) – Load Balance     Static content is served directly by Apache HTTP server and any dynamic requests forwarded to the Tomcat servers based on some algorithm. JK 1.2.x native connector Apache HTTP Server 2.x with mod_proxy HA (High Availability) – Fail-over Solution   If the load balancer detects that one of the nodes has gone down it will redirect all the traffic to the second instance and your clients, apart from any on the failed node. Tomcat Session Replication
Tomcat Clustering
Apache + Tomcat + MySQL
Tomcat 7
Tomcat 7 Basis      Need Java 1.6 or further version Servlet 3.0, EL 2.2, and JSP 2.2, WebSocket RFC 6455 support Improved security for the Manager and Host Manager applications Offers tomcat-api.jar which contains interfaces that are shared by the Jasper and Catalina Provides improved configurability through newly added container components
Tomcat 7 New Features (1)   A Web application might need static resources that increases the size of the war file and also leads to duplication of static resources. Allows a new aliases attribute in the context element that can point to the static resources are stored outside the war file.
Tomcat 7 New Features (2)  WebSocket Support   WebSocket developed as part of the HTML5 initiative — introduced the WebSocket JavaScript interface, which defines a full-duplex single socket connection over which messages can be sent between client and server. The WebSocket standard simplifies much of the complexity around bi-directional web communication and connection management.
WebSocket Structure
WebSocket Example Client-Side Server-Side
Tomcat 7 New Features (3)   Tomcat can be embedded in an application and it can be configured and started programmatically. A new Tomcat class uses defaults for several configuration elements and provides an easier and simpler way to embed Tomcat.
Embedded Tomcat Example
Tomcat 7 New Features (4)    AsyncFileHandler employs a producer/consumer relationship with the queue to store log messages. Replace all occurrences of FileHandler with AsyncFileHandler in the "$CATALINA_HOME/conf/logging.properties" file. The application must use java.util.Logging; asynchronous logging does not work with Log4j.
AsynFileHandler Class Diagram
Reference (1)         Apache Tomcat - Which Version Do I Want? Memory Leak Protection in Tomcat 7 Tomcat Wiki – Memory Leak Protection Cross-site Request Forgery Session Fixation Wikipedia The Top 3 Apache Tomcat 7 features now Available in A Tomcat 6 – New Features, Migration, and Tomcat 7 Java NIO vs. IO
Reference (2)          Comet (programming) Wikipedia Apache Tomcat Configuration Reference - The Executor (thread pool) A Simple Guide To Tomcat Logging Setting up Clustering on Apache/Tomcat using Jakarta mod_jk Top 7 Features in Tomcat 7: The New and the Improved What’s New in Tomcat 7 Tomcat 7 Changes And New Features HTML5 WebSocket Client WebSocket Wikipedia
Q&A

More Related Content

PDF
Introduction to Apache Tomcat 7 Presentation
byTomcat Expert
 
PPT
Hacking Tomcat
byguestc27cd9
 
PPT
Tomcat Clustering
bygouthamrv
 
PDF
Servlet 3.1
byArun Gupta
 
PDF
Tomcat Optimisation & Performance Tuning
bylovingprince58
 
PPT
Apache Tomcat 7 by Filip Hanik
byEdgar Espina
 
PPT
Auxiliary : Tomcat
bywebhostingguy
 
PDF
Tomcat next
byJean-Frederic Clere
 
Introduction to Apache Tomcat 7 Presentation
byTomcat Expert
 
Hacking Tomcat
byguestc27cd9
 
Tomcat Clustering
bygouthamrv
 
Servlet 3.1
byArun Gupta
 
Tomcat Optimisation & Performance Tuning
bylovingprince58
 
Apache Tomcat 7 by Filip Hanik
byEdgar Espina
 
Auxiliary : Tomcat
bywebhostingguy
 
Tomcat next
byJean-Frederic Clere
 

What's hot

PPTX
Web container and Apache Tomcat
byAuwal Amshi
 
PPT
Tomcat Server
byAnirban Majumdar
 
PPT
Tomcat
byVenkat Pinagadi
 
PPT
Tomcat server
byUtkarsh Agarwal
 
PDF
Apache Tomcat 8 Application Server
bymohamedmoharam
 
PDF
Tomcat and apache httpd training
byFranck SIMON
 
PPTX
Apache tomcat
byShashwat Shriparv
 
PPTX
Introduction of Tomcat
byDebashis Nath
 
DOC
Jetty Vs Tomcat
byTomoaki Sawada
 
PPT
Advanced WebLogic Monitoring: JMX and WLSDM Automation
byM. Fevzi Korkutata
 
PPTX
Exploring Java Heap Dumps (Oracle Code One 2018)
byRyan Cuprak
 
PDF
Changes in WebLogic 12.1.3 Every Administrator Must Know
byBruno Borges
 
PDF
Apache Tomcat + Java EE = Apache TomEE
byJacek Laskowski
 
PPT
Shopzilla On Concurrency
byRodney Barlow
 
PPT
Tomcat Configuration (1)
bynazeer pasha
 
PPTX
Introduction to-osgi
byIoannis Canellos
 
PDF
How to monitor and manage Apache Tomcat
byEgnyte
 
PPT
Apache TomEE - Tomcat with a kick
byVishwanath Krishnamurthi
 
PDF
25 Apache Performance Tips
byMonitis_Inc
 
PPTX
Apache Performance Tuning: Scaling Out
bySander Temme
 
Web container and Apache Tomcat
byAuwal Amshi
 
Tomcat Server
byAnirban Majumdar
 
Tomcat
byVenkat Pinagadi
 
Tomcat server
byUtkarsh Agarwal
 
Apache Tomcat 8 Application Server
bymohamedmoharam
 
Tomcat and apache httpd training
byFranck SIMON
 
Apache tomcat
byShashwat Shriparv
 
Introduction of Tomcat
byDebashis Nath
 
Jetty Vs Tomcat
byTomoaki Sawada
 
Advanced WebLogic Monitoring: JMX and WLSDM Automation
byM. Fevzi Korkutata
 
Exploring Java Heap Dumps (Oracle Code One 2018)
byRyan Cuprak
 
Changes in WebLogic 12.1.3 Every Administrator Must Know
byBruno Borges
 
Apache Tomcat + Java EE = Apache TomEE
byJacek Laskowski
 
Shopzilla On Concurrency
byRodney Barlow
 
Tomcat Configuration (1)
bynazeer pasha
 
Introduction to-osgi
byIoannis Canellos
 
How to monitor and manage Apache Tomcat
byEgnyte
 
Apache TomEE - Tomcat with a kick
byVishwanath Krishnamurthi
 
25 Apache Performance Tips
byMonitis_Inc
 
Apache Performance Tuning: Scaling Out
bySander Temme
 

Viewers also liked

PPTX
Ali-tomcat
bywang hongjiang
 
PPTX
Websockets on the JVM: Atmosphere to the rescue!
byjfarcand
 
PPTX
What's New in Docker - February 2017
byPatrick Chanezon
 
PDF
Tomcatx performance-tuning
byVladimir Khokhryakov
 
PDF
Tomcat openssl
byJean-Frederic Clere
 
PPTX
Docker introduction
bydotCloud
 
PPTX
Case study - Application Re architecture (ODC)
byFaichi Solutions
 
PDF
Tomcat next
byJean-Frederic Clere
 
PPTX
Fastest Servlets in the West
byStuart (Pid) Williams
 
PPTX
Async servlets
byNiklas Walter
 
PPTX
Microservices Platforms - Which is Best?
byPayara
 
PPTX
Why Play Framework is fast
byLegacy Typesafe (now Lightbend)
 
PPTX
NIO and NIO2
byBalamurugan Soundararajan
 
PDF
Having fun with Raspberry and Apache projects
byJean-Frederic Clere
 
Ali-tomcat
bywang hongjiang
 
Websockets on the JVM: Atmosphere to the rescue!
byjfarcand
 
What's New in Docker - February 2017
byPatrick Chanezon
 
Tomcatx performance-tuning
byVladimir Khokhryakov
 
Tomcat openssl
byJean-Frederic Clere
 
Docker introduction
bydotCloud
 
Case study - Application Re architecture (ODC)
byFaichi Solutions
 
Tomcat next
byJean-Frederic Clere
 
Fastest Servlets in the West
byStuart (Pid) Williams
 
Async servlets
byNiklas Walter
 
Microservices Platforms - Which is Best?
byPayara
 
Why Play Framework is fast
byLegacy Typesafe (now Lightbend)
 
NIO and NIO2
byBalamurugan Soundararajan
 
Having fun with Raspberry and Apache projects
byJean-Frederic Clere
 

Similar to Tomcat New Evolution

PPT
Servlet by Rj
byShree M.L.Kakadiya MCA mahila college, Amreli
 
PPTX
unit-iii-server-side-technologies-servlet-jsp.pptx
byamitsharmahimcs
 
PDF
Wt unit 3 server side technology
byPUNE VIDYARTHI GRIHA'S COLLEGE OF ENGINEERING, NASHIK
 
PDF
spring Boot Tutorial Part 1(JPA&Hibernate)
byabdelr7man3mad2004
 
PPTX
Apache
byreddivarihareesh
 
PPTX
Http Server Programming in JAVA - Handling http requests and responses
bybharathiv53
 
PPT
TOMCAT WEB SERVER TECHNICAL BY SAIKIRAN PANJALA
bySaikiran Panjala
 
DOCX
Apache tomcat
byAbhishek Kesharwani
 
PPTX
CS8651 IP Unit 3.pptx
byVigneshkumar Ponnusamy
 
PPT
Web Server/App Server Connectivity
bywebhostingguy
 
PDF
wa-cometjava-pdf
byHiroshi Ono
 
PPT
Hackingtomcat
byAung Khant
 
PDF
Developing Revolutionary Web Applications using Comet and Ajax Push
byDoris Chen
 
PDF
Wt unit 3 server side technology
byPUNE VIDYARTHI GRIHA'S COLLEGE OF ENGINEERING, NASHIK
 
PPTX
2015 UJUG, Servlet 4.0 portion
bymnriem
 
PDF
Introduction tomcat7 servlet3
byJavaEE Trainers
 
PDF
Enterprise(d) Tomcat & httpd
byVaclav Tunka
 
PDF
HTTP/2 Comes to Java - What Servlet 4.0 Means to You
byDavid Delabassee
 
PPTX
Java EE 8: What Servlet 4.0 and HTTP/2 mean to you
byAlex Theedom
 
PDF
WSO2 Application Server
bySagara Gunathunga
 
Servlet by Rj
byShree M.L.Kakadiya MCA mahila college, Amreli
 
unit-iii-server-side-technologies-servlet-jsp.pptx
byamitsharmahimcs
 
Wt unit 3 server side technology
byPUNE VIDYARTHI GRIHA'S COLLEGE OF ENGINEERING, NASHIK
 
spring Boot Tutorial Part 1(JPA&Hibernate)
byabdelr7man3mad2004
 
Apache
byreddivarihareesh
 
Http Server Programming in JAVA - Handling http requests and responses
bybharathiv53
 
TOMCAT WEB SERVER TECHNICAL BY SAIKIRAN PANJALA
bySaikiran Panjala
 
Apache tomcat
byAbhishek Kesharwani
 
CS8651 IP Unit 3.pptx
byVigneshkumar Ponnusamy
 
Web Server/App Server Connectivity
bywebhostingguy
 
wa-cometjava-pdf
byHiroshi Ono
 
Hackingtomcat
byAung Khant
 
Developing Revolutionary Web Applications using Comet and Ajax Push
byDoris Chen
 
Wt unit 3 server side technology
byPUNE VIDYARTHI GRIHA'S COLLEGE OF ENGINEERING, NASHIK
 
2015 UJUG, Servlet 4.0 portion
bymnriem
 
Introduction tomcat7 servlet3
byJavaEE Trainers
 
Enterprise(d) Tomcat & httpd
byVaclav Tunka
 
HTTP/2 Comes to Java - What Servlet 4.0 Means to You
byDavid Delabassee
 
Java EE 8: What Servlet 4.0 and HTTP/2 mean to you
byAlex Theedom
 
WSO2 Application Server
bySagara Gunathunga
 

More from Allan Huang

PPT
HTML5 Offline Web Application
byAllan Huang
 
PPT
Netty 4-based RPC System Development
byAllan Huang
 
PPTX
Concurrency in Java
byAllan Huang
 
PPT
HTML5 Multithreading
byAllan Huang
 
PPT
Java JSON Parser Comparison
byAllan Huang
 
PPTX
Drools
byAllan Huang
 
PPT
Java New Evolution
byAllan Huang
 
PPT
eSobi Website Multilayered Architecture
byAllan Huang
 
PPT
HTML5 Data Storage
byAllan Huang
 
PPT
eSobi Site Initiation
byAllan Huang
 
PPT
Architecture of eSobi club based on J2EE
byAllan Huang
 
PPTX
Build, logging, and unit test tools
byAllan Huang
 
PPT
Build Cross-Platform Mobile Application with PhoneGap
byAllan Huang
 
PPT
JQuery New Evolution
byAllan Huang
 
PPT
Boilerpipe Integration And Improvement
byAllan Huang
 
PPT
Java Script Patterns
byAllan Huang
 
PPT
Web Crawler
byAllan Huang
 
PPT
Responsive Web Design
byAllan Huang
 
PPT
YQL Case Study
byAllan Huang
 
PPT
Weighted feed recommand
byAllan Huang
 
HTML5 Offline Web Application
byAllan Huang
 
Netty 4-based RPC System Development
byAllan Huang
 
Concurrency in Java
byAllan Huang
 
HTML5 Multithreading
byAllan Huang
 
Java JSON Parser Comparison
byAllan Huang
 
Drools
byAllan Huang
 
Java New Evolution
byAllan Huang
 
eSobi Website Multilayered Architecture
byAllan Huang
 
HTML5 Data Storage
byAllan Huang
 
eSobi Site Initiation
byAllan Huang
 
Architecture of eSobi club based on J2EE
byAllan Huang
 
Build, logging, and unit test tools
byAllan Huang
 
Build Cross-Platform Mobile Application with PhoneGap
byAllan Huang
 
JQuery New Evolution
byAllan Huang
 
Boilerpipe Integration And Improvement
byAllan Huang
 
Java Script Patterns
byAllan Huang
 
Web Crawler
byAllan Huang
 
Responsive Web Design
byAllan Huang
 
YQL Case Study
byAllan Huang
 
Weighted feed recommand
byAllan Huang
 

Recently uploaded

PDF
[BDD 2025 - Full-Stack Development] Agentic AI Architecture: Redefining Syste...
byWintari Yasmin
 
PDF
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
PDF
[DevFest Strasbourg 2025] - NodeJs Can do that !!
bymoassiongbon
 
PDF
[BDD 2025 - Full-Stack Development] Digital Accessibility: Why Developers nee...
bywintari3
 
PDF
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
PPTX
kernel PPT (Explanation of Windows Kernal).pptx
byINFOBYTES1
 
PDF
Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architectu...
byCheryl Hung
 
PDF
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
PDF
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
PDF
10 Best Automation QA Testing Software Tools in 2025.pdf
byRohitBhandari66
 
PDF
DUBAI IT MODERNIZATION WITH AZURE MANAGED SERVICES.pdf
byLogicEra
 
PDF
Lets Build a Serverless Function with Kiro
byChris Bingham
 
PDF
[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...
byWintari Yasmin
 
PPTX
Guardrails in Action - Ensuring Safe AI with Azure AI Content Safety.pptx
byUdaiappa Ramachandran
 
PPTX
Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]
byUiPathCommunity
 
PDF
[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...
byWintari Yasmin
 
PDF
Integrating AI with Meaningful Human Collaboration
byCadabra Studio
 
PDF
So You Want to Work at Google | DevFest Seattle 2025
byMargaret Maynard-Reid
 
PPTX
Leon Brands - Intro to GPU Occlusion (Graphics Programming Conference 2024)
byleonbrands1998
 
PDF
How Much Does It Cost To Build Software
bycollinmishell2
 
[BDD 2025 - Full-Stack Development] Agentic AI Architecture: Redefining Syste...
byWintari Yasmin
 
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
[DevFest Strasbourg 2025] - NodeJs Can do that !!
bymoassiongbon
 
[BDD 2025 - Full-Stack Development] Digital Accessibility: Why Developers nee...
bywintari3
 
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
kernel PPT (Explanation of Windows Kernal).pptx
byINFOBYTES1
 
Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architectu...
byCheryl Hung
 
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
10 Best Automation QA Testing Software Tools in 2025.pdf
byRohitBhandari66
 
DUBAI IT MODERNIZATION WITH AZURE MANAGED SERVICES.pdf
byLogicEra
 
Lets Build a Serverless Function with Kiro
byChris Bingham
 
[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...
byWintari Yasmin
 
Guardrails in Action - Ensuring Safe AI with Azure AI Content Safety.pptx
byUdaiappa Ramachandran
 
Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]
byUiPathCommunity
 
[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...
byWintari Yasmin
 
Integrating AI with Meaningful Human Collaboration
byCadabra Studio
 
So You Want to Work at Google | DevFest Seattle 2025
byMargaret Maynard-Reid
 
Leon Brands - Intro to GPU Occlusion (Graphics Programming Conference 2024)
byleonbrands1998
 
How Much Does It Cost To Build Software
bycollinmishell2
 

Tomcat New Evolution

  • 1.
    Tomcat New Evolution AllanHuang @ esobi Inc.
  • 2.
    Agenda   Tomcat 6 NewFeatures Tomcat 7 New Features
  • 3.
    Tomcat Versions     Tomcat 5.5.36was released on 2012-10-10 Tomcat 6.0.37 was released on 2013-05-03 Tomcat 7.0.42 was released on 2013-07-05 Tomcat 8.0.0-RC3 is developing currently
  • 4.
  • 5.
    Tomcat 6 Basis    NeedJava 1.5 or further version Servlet 2.5, EL 2.1, JSP 2.1, and JSR 250 (Common Annotation) support Restructured code base     Merge the common, shared, and server repositories into a single folder, "$CATALINA_HOME/lib" Reduced duplicate code Removed obsolete items Reduced distribution size
  • 6.
    Memory Leak Causes  Webapplication calls standard Java APIs that will cause memory leaks       Use Javax.imageio API, java.bean.introspector.flushCaches(), XML parsing, RMI, reading resources from jar files. JDBC drivers registration Some logging framework Storing objects in ThreadLocals and not removing them Starting threads and not stopping them Not clear ResourceBundle cache (from Java 1.6)
  • 7.
  • 8.
    Tomcat 6 NewFeatures (1)   Ensure nothing retains a reference to the web application class loader to prevent OutOfMemoryError. Memory Leak Prevention  By making sure that Tomcat code makes the calls firstly, the memory leaks are prevented.   JreMemoryLeakPreventionListener Memory Leak Detection  When a web application is stopped, undeployed or reloaded, Tomcat scans the code for standard causes of memory leaks, and fixes them.  Implemented in the WebappClassLoader
  • 9.
    Memory Leak Protectionin Tomcat  Development mode     Classes are stored in PermGen using class name Each web application has its own class loader Fix some of the common causes of Memory Leaks from the PermGen space by removing references to objects that don't get Garbage Collected Production mode  It is a good practice to stop Tomcat, clear the work folder and the old web application, deploy the new web application and restart Tomcat.
  • 10.
  • 11.
    Tomcat 6 NewFeatures (2)  CSRF Protection    Cross-Site Request Forgery / One-Click Attack / Session Riding Malicious code runs in HTML emails, social media links or flash files, riding on the open authenticated session, it opens a back door to the application for the attacker to cripple a site or control the users account. Use a nonce / token issued in an authentication protocol to ensure that old communications cannot be reused in replay CSRF attacks.  CsrfPreventionFilter
  • 12.
  • 13.
    Tomcat 6 NewFeatures (3)  Session Fixation Protection    Attacks attempt to exploit the vulnerability of a system which allows one person to fixate (set) another person's session ID Most attacks are web based, and most rely on session ID being accepted from URLs (query string) or POST data Identity Confirmation  This attack can be largely avoided by changing the session ID when users log in.
  • 14.
    Tomcat 6 NewFeatures (4)   A new NIO (New I/O) Connector allows asynchronous communication of low-level I/O data. With usage of APR (Apache Portable Runtime) or NIO APIs as the basis of its connectors, Tomcat is able to provide a number of extensions over the regular blocking IO as provided with support for the Servlet API. I/O New I/O Stream Oriented Buffer Oriented Blocking I/O Non-Blocking I/O Selectors
  • 15.
    I/O vs. NewI/O I/O New I/O
  • 16.
  • 17.
    Tomcat Connector Comparison JavaBlocking Connector Java Non-Blocking Connector APR / Native Connector Class Name Http11Protocol Http11NioProtocol Http11AprProtocol Tomcat Version 3.x onwards 6.x onwards 5.5.x onwards Support Polling NO YES YES Polling Size N/A maxConnections maxConnections Read HTTP Request Blocking Non Blocking Blocking Read HTTP Body Blocking Sim Blocking Blocking Write HTTP Response Blocking Sim Blocking Blocking Wait for next Request Blocking Non Blocking Non Blocking SSL Support Java SSL Java SSL OpenSSL SSL Handshake Blocking Non Blocking Blocking Max Connections maxConnections maxConnections maxConnections
  • 18.
    Tomcat 6 NewFeatures (5)  Comet Support     Comet is a web application model in which a long-held HTTP request allows a web server to push data to a browser, without the browser explicitly requesting it. Ajax Push, Reverse Ajax, Two-way-web, HTTP Streaming, HTTP Server Push Usage of Comet requires using the APR or NIO HTTP connectors. The classic java.io HTTP connector and the AJP connectors do not support Comet.
  • 19.
    Comet Implementation  Streaming (TomcatImplementation)   An application using streaming Comet opens a single persistent connection from the client browser to the server for all Comet events. Long Polling  The browser makes an Ajax-style request to the server, which is kept open until the server has new data to send to the browser.
  • 20.
  • 21.
  • 22.
    Tomcat 6 NewFeatures (6)  The new Executor element represents a thread pool that can be shared between connectors in Tomcat, but also other components when those get configured to support executors.
  • 23.
    Tomcat 6 NewFeatures (7)    A limitation of java.util.logging appears to be the inability to have per-web application logging, as the configuration is per-VM. Replace the default LogManager implementation with a container friendly implementation called JULI (Java Utility Logging Implementation) Use tomcat-juli.jar to allows the implementation of an alternate commonslogging adaptor such as Log4J.
  • 24.
    Tomcat 6 NewFeatures (8)   Tomcat provides factories for Web Services JSR 109 which may be used to resolve web services references. Place the generated catalina-ws.jar as well as jaxrpc.jar and wsdl4j.jar in the Tomcat lib folder.
  • 25.
  • 26.
    Tomcat 6 NewFeatures (9)  Changes to the configuration rules allow users to define multiple URL-pattern elements within a single servlet-mapping element.
  • 27.
    Tomcat 6 NewFeatures (10)  Common Annotations Support          @HandlesTypes @HttpConstraint @HttpMethodConstraint @MultipartConfig @ServletSecurity @WebFilter @WebInitParam @WebListener @WebServlet
  • 28.
    Single Server Problems     Asingle server cannot handle the high number of incoming requests efficiently. A stateful application needs a way of preserving session data if its server fails. A developer requires the capability to make configuration changes or deploy updates to their applications without discontinuing service. A clustered architecture solves these problems using a combination of load balancing, multiple servers to process the balanced load, and some kind of session replication.
  • 29.
    Tomcat 6 NewFeatures (11)  HA (High Availability) – Load Balance     Static content is served directly by Apache HTTP server and any dynamic requests forwarded to the Tomcat servers based on some algorithm. JK 1.2.x native connector Apache HTTP Server 2.x with mod_proxy HA (High Availability) – Fail-over Solution   If the load balancer detects that one of the nodes has gone down it will redirect all the traffic to the second instance and your clients, apart from any on the failed node. Tomcat Session Replication
  • 30.
  • 31.
  • 32.
  • 33.
    Tomcat 7 Basis      NeedJava 1.6 or further version Servlet 3.0, EL 2.2, and JSP 2.2, WebSocket RFC 6455 support Improved security for the Manager and Host Manager applications Offers tomcat-api.jar which contains interfaces that are shared by the Jasper and Catalina Provides improved configurability through newly added container components
  • 34.
    Tomcat 7 NewFeatures (1)   A Web application might need static resources that increases the size of the war file and also leads to duplication of static resources. Allows a new aliases attribute in the context element that can point to the static resources are stored outside the war file.
  • 35.
    Tomcat 7 NewFeatures (2)  WebSocket Support   WebSocket developed as part of the HTML5 initiative — introduced the WebSocket JavaScript interface, which defines a full-duplex single socket connection over which messages can be sent between client and server. The WebSocket standard simplifies much of the complexity around bi-directional web communication and connection management.
  • 36.
  • 37.
  • 38.
    Tomcat 7 NewFeatures (3)   Tomcat can be embedded in an application and it can be configured and started programmatically. A new Tomcat class uses defaults for several configuration elements and provides an easier and simpler way to embed Tomcat.
  • 39.
  • 40.
    Tomcat 7 NewFeatures (4)    AsyncFileHandler employs a producer/consumer relationship with the queue to store log messages. Replace all occurrences of FileHandler with AsyncFileHandler in the "$CATALINA_HOME/conf/logging.properties" file. The application must use java.util.Logging; asynchronous logging does not work with Log4j.
  • 41.
  • 42.
    Reference (1)         Apache Tomcat- Which Version Do I Want? Memory Leak Protection in Tomcat 7 Tomcat Wiki – Memory Leak Protection Cross-site Request Forgery Session Fixation Wikipedia The Top 3 Apache Tomcat 7 features now Available in A Tomcat 6 – New Features, Migration, and Tomcat 7 Java NIO vs. IO
  • 43.
    Reference (2)          Comet (programming)Wikipedia Apache Tomcat Configuration Reference - The Executor (thread pool) A Simple Guide To Tomcat Logging Setting up Clustering on Apache/Tomcat using Jakarta mod_jk Top 7 Features in Tomcat 7: The New and the Improved What’s New in Tomcat 7 Tomcat 7 Changes And New Features HTML5 WebSocket Client WebSocket Wikipedia
  • 44.