You are on page 1of 654

2010 SpringSource, A division of VMware.

All rights reserved


Introduction to Tomcat 6
22
Topics in this Session
What is Tomcat?
History
Tomcat Versions
Development Life Cycle
Release rocess
33
What is Tomcat?
!n open source servlet container

Implements Java Servlet and Java Server Pages specifications

Pure Java HTTP web server environment for Java code to run
"m#edded in many $ava "" application servers

JBoss, Geronimo, ebsp!ere"""


!pache Soft%are &oundation

Top #evel Pro$ect


Community effort

%& core developers from various companies

SpringSource '()ware*, JBoss '+ed!at*"""


,,
Tomcat community
In avera'e ( release)month
(*+++*+++, do%nloads)month

Including mirrors
--
!pache Soft%are &oundation
-on.profit corporation

Based in t!e .S
rovides a #asis for open* colla#orative soft%are development
/any famous pro0ects

/pac!e eb Server '!ttpd*, tomcat, /nt, )aven, #og,J, Struts % 0 2"""


!ll soft%are is released under the !pache License

version 2"&
!ttp122www"apac!e"org
33
History
Started out as a reference implementation #y Sun /icrosystems
1no% 2racle3
Donated to !S& 4 Tomcat 5 1rou'hly (6663
Tomcat 7

4irst rewrite 5 6odename 6atalina


Tomcat 89+ 1:++:3

+educed garbage collection, improved performance and scalabilit7

4aster JSP parsing


88
History
Tomcat 898 1:++73

Second rewrite 5 performance


Tomcat 69+ 1:++63

4arm deplo7ment
Tomcat ;9+ 1:+(+3

4eatures
9 Simplified :mbedding
9 )emor7 #ea; Prevention and <etection
9 Improved securit7 for web applications

Tomcat 8"&"%% !as been released


9 Tomcat 8"&"= s!ould be read7 for production b7 mid>2&%%
9 T!is course focuses on Tomcat 3"& and introduces t!e new concepts from Tomcat 8"&
??
Versions
Tomcat
version
Servlet $S $D< version
8"&"= 3"& 2"2 J<@ %"3A
3"&"= 2"- 2"% J<@ %"-A
-"-"=, -"&"= 2", 2"& J<@ %",A
,"%"=, ,"&"= 2"3 %"2 J<@ %"3A
3"="= 2"2 %"% J<@ %"2A 'B*
CC
Development Life Cycle
Development mainly driven #y

JS+ Specifications
9 Servlet
9 JSP
9 :=pression #anguage

6ompetitor features

6ommitter ideas

.ser ideas
%& %&
Development Life Cycle
/ost committers are sponsored #y their employer to %or= on
Tomcat
Some committers are independent* %or=in' on Tomcat in their o%n
time
Committers are e>pected to put the interests of the pro0ect #efore
the interests of their employers and)or clients

+eferred to as Dwearing t!eir /S4 !atE

:mplo7ers understand and respect t!is


%% %%
Development Life Cycle
Commit.Then.Revie%

<evelopment branc!es

6ommitter applies patc! and t!en t!e ot!er committers review it


Revie%.Then.Commit

+elease branc!es

6ommitter proposes patc! and t!e ot!er committers vote to approve or re$ect it

+eFuire at least t!ree DA%Es and no D>%Es to appl7 t!e patc! to t!e repositor7
%2 %2
Development Life Cycle
Rarely are time lines for features discussed
Lar'er chan'es are discussed on mailin' list until consensus has
#een reached
Very fe% commits directly on a release #ranch

fi=ing a bro;en build

legal 'usuall7 licensing* issues


%3 %3
Release process
!vera'e ( release per month

/cross all versions


Release schedule %hen

Denoug!E !as been done

Important securit7 issues are discovered and fi=ed


%, %,
Release process
What dictates ?sta#le@ release

/ll T6@ tests pass 'G*


9 /round %&&& test cases

6andidate binaries !ave been tested b7 communit7 in various environments and


feedbac; !as been received

3= A% votes during a stabilit7 vote


'G* T6@1 Tec!nolog7 6ompatibilit7 @it
suite of tests t!at c!ec;s implementation of a Java Specification
+eFuest for compliance
%- %-
Summary
What is Tomcat?
History
Tomcat Versions
Development Life Cycle
Release rocess
%3 %3
Auestions?
11
Installing Apache Tomcat
Installing an ASF Distribution of Apache Tomcat
22
Topics in this Session
Downloading Tomcat
Distribution Types
Which Download?
inimum !e"uirements
#D$%#!& Installation
#A'A()*& +s #!&()*&?
Tomcat Installation
Starting up Tomcat
Tomcat as a Ser+ice
,,
Downloading Tomcat
Tomcat
version
Link
-./.0 http1%%tomcat.apache.org%download2-/.cgi
3./.0 http1%%tomcat.apache.org%download23/.cgi
4.4.0 http1%%tomcat.apache.org%download244.cgi
55
Topics in this Session
Downloading Tomcat
Distribution Types
Which Download?
inimum !e"uirements
#D$%#!& Installation
#A'A()*& +s #!&()*&?
Tomcat Installation
Starting up Tomcat
Tomcat as a Ser+ice
44
Different distributions for different platforms
.tar.gz

A+ailable for 6ni0 systems

7eware of faulty tar on old Solaris systems


.zip

A+ailable for any systems where tar is not a+ailable

tar doesn8t wor9 well on Windows :long file paths;

Doesn8t maintain file permissions


.ee

Windows installer < not recommended

Scripts such as startup.bat are currently not included

=ot customi>able
33
Topics in this Session
Downloading Tomcat
Distribution Types
!hich Download"
inimum !e"uirements
#D$%#!& Installation
#A'A()*& +s #!&()*&?
Tomcat Installation
Starting up Tomcat
Tomcat as a Ser+ice
--
!hich Download"
Tomcat # has reduced the downloads

4.4 and older had separate downloads for different components

3./ only has core and deployer downloads


core download package

?ontains e+erything you need

For production systems@ remo+e sample web applications

!emo+e manager%host2manager if not needed


AA
!hich Download"
deployer download package

?ontains A=T scripts and libraries to script remote application deployment and
remote start%stop
$revious versions

&+en installing an older +ersion@ use core download


BB
Topics in this Session
Downloading Tomcat
Distribution Types
Which Download?
%inimum &e'uirements
#D$%#!& Installation
#A'A()*& +s #!&()*&?
Tomcat Installation
Starting up Tomcat
Tomcat as a Ser+ice
1/ 1/
%inimum &e'uirements
Tomcat # re'uires
(D)*(&+ ,.-.

6se the latest #a+a 4%3 from your preferred +endor

1.4 re"uirement comes from Ser+let Spec

?an8t run on 1.5 or older


(D) or (&+

Tomcat wor9s with either

Cre+iously re"uired a #D$ for #SC compilation

=ow uses the &clipse compiler which wor9s with a #D$ or a #!&
&ecommendation/ 0se the (D)

?ontains useful tools that are omitted in the #!&


11 11
Topics in this Session
Downloading Tomcat
Distribution Types
Which Download?
inimum !e"uirements
(D)*(&+ Installation
#A'A()*& +s #!&()*&?
Tomcat Installation
Starting up Tomcat
Tomcat as a Ser+ice
12 12
(D)*(&+ Installation
(D)*(&+ usually comes in two forms

Self e0tracting files < 6ni0

*S pac9ages < 6ni0

Windows Installer 2 Windows


Self etracting files

!ecommended to use

7ecomes portable right after installation


1S packages

?omes in *S specific form such as

rpm@ fin9@ deb@ p9gadd


1, 1,
(D)*(&+ Installation
!indows Installer

?an install both #!& and #D$

?reates registry entries

#D$ installation location can be selected


15 15
Topics in this Session
Downloading Tomcat
Distribution Types
Which Download?
inimum !e"uirements
#D$%#!& Installation
(A2A341%+ vs (&+341%+"
Tomcat Installation
Starting up Tomcat
Tomcat as a Ser+ice
14 14
(A2A341%+ vs (&+341%+"
Tomcat can use both

First chec9s if #A'A()*& is set

If not set@ then chec9s #!&()*&

If neither is found@ e0its


(A2A341%+ re'uired if running with debugging capabilities 56db7
&ecommended/ (A2A341%+

Implies that it points to a #D$ installation

Tools li9e Dstac9@ Dmap@ Dconsole etc


13 13
Topics in this Session
Downloading Tomcat
Distribution Types
Which Download?
inimum !e"uirements
#D$%#!& Installation
#A'A()*& +s #!&()*&?
Tomcat Installation
Starting up Tomcat
Tomcat as a Ser+ice
1- 1-
Tomcat Installation
8ased on .tar.gz or .zip distributions

!ecommended o+er Win installer or 6ni0 pac9ages

While installers and pac9ages are nice@ they create in+isible problems :registry
entries etc;
Installation is simple99

Download apache2tomcat23./.0.>ip

6n>ip it

DoneE
1A 1A
Tomcat Installation
8ased on .tar.gz or .zip distributions

!ecommended o+er Win installer or 6ni0 pac9ages

While installers and pac9ages are nice@ they create in+isible problems :registry
entries etc;
Installation is simple99

Download apache2tomcat23./.0.>ip

6n>ip it

DoneE
Is it really that simple"
1B 1B
apache:tomcat:#.;.*
: bin
: conf
: lib
: logs
: temp
: webapps
: work
Tomcat Installation
<es
$ost:installation directory structure
2/ 2/
Tomcat Installation
$ortable"

FesE the Tomcat installation is portable@ e+en across platforms

&+en after configuration changes@ Dust >ip bac9 up and redistribute

Gi9ewise@ the #D$ distribution can be >ipped and used as a portable copy
H This portable copy would wor9 only on the Isame platformI
8ase directory

Tomcat bases e+erything on the apache2tomcat23./.0 directory

The name of the directory is not important


H m+ apache2tomcat23./.0 my2tomcat will wor9 Dust fine

Two properties set


H catalina.home
H catalina.base
H 7oth point to the base directory
21 21
Topics in this Session
Downloading Tomcat
Distribution Types
Which Download?
inimum !e"uirements
#D$%#!& Installation
#A'A()*& +s #!&()*&?
Tomcat Installation
Starting up Tomcat
Tomcat as a Ser+ice
22 22
Startup Scripts
Starting up Tomcat
JstartK JstopK
bin*
catalina.5sh=bat7
startup.:shLbat; shutdown.:shLbat;
2, 2,
Startup Scripts
Starting up Tomcat
Jin+o9esK
Jin+o9esK
catalina.5sh=bat7
(2% Launch
setclasspath.:shLbat; seten+.:shLbat;
25 25
set ?ATAGI=A(*CTSM2Nm0412m <Nss2439
setenv.5sh=bat7
Set en+ironment +ariables

?ATAGI=A(*CTS
H Appended to #' arguments
H When start and run are in+o9ed

#A'A(*CTS
H Appended to #' arguments
H When start@ run and stop are in+o9ed
seten+.:shLbat; is not part of Tomcat distribution

Should be created manually when needed


Stays the same between upgrades
eport ?ATAGI=A(*CTSMO2Nm0412m <Nss2439P
Windows,setenv.bat
Unix/Linux, setenv.sh
24 24
setclasspath.5sh=bat7
This is a +ery old script
6sed to set classpath
Today itIs used to

'alidate #A'A()*& or #!&()*&

Depending on which is set


23 23
Starting up Tomcat
Demo
>ind out launch command for (2%

?opy catalina.bat script to test.bat

Input a QechoQ command in front of launch


+ecute ? test.bat run
Analyze (2% launch command
2- 2-
Da+a
2Nm0412m 2Nms12Am 2NN1a0CermSi>eM12Am
2DDa+a.util.logging.managerMorg.apache.Duli.?lassGoaderGoganager
2DDa+a.util.logging.config.fileMRtmpRmy2tomcat23./.0RconfRlogging.propertiesS
2DDa+a.endorsed.dirsMS?1RtmpRmy2tomcat23./.0RendorsedS
2classpath SRtmpRmy2tomcat23./.0RbinRbootstrap.DarS
2Dcatalina.baseMS?1RtmpRmy2tomcat23./.0S
2Dcatalina.homeMS?1RtmpRmy2tomcat23./.0S
2DDa+a.io.tmpdirMS?1RtmpRmy2tomcat23./.0RtempS
org.apache.catalina.startup.7ootstrap start
Starting up Tomcat
Tomcat launch command
CATALINA_OPTS
JAVA Application
2A 2A
Topics in this Session
Downloading Tomcat
Distribution Types
Which Download?
inimum !e"uirements
#D$%#!& Installation
#A'A()*& +s #!&()*&?
Tomcat Installation
Starting up Tomcat
Tomcat as a Service
2B 2B
Service !rapper
(ust another program * eecutable
+nables other programs to be installed and run in the background
1ften started automatically at boot time
&un as Windows Services or Unix Daemons
,/ ,/
Tomcat as a Service
Default Tomcat Service !rapper

6ses Apache ?ommons Daemon


1n !indows

bin%ser+ice.bat installLuninstall s+cname

?opy tomcat3w.e0e to s+cnameW.e0e


@onfigure

bin%s+cnameW.e0e
,1 ,1
!indows/ Tomcat as a Service
&ecommended to run as a service in production
(ava Service !rapper

Alternati+e to the default Tomcat Ser+ice wrapper

Setup similar to seten+.bat@ but in a wrapper.conf file

http1%%people.apache.org%Tfhani9%wrapper.html
$ortable"

Fes@ all that is re"uired is the installation of the Ser+ice@ once copied to another
machine

That can be scripted


Debuggable"

Fes@ contains batch file that simulates ser+ice startup


,2 ,2
0ni/ Tomcat as a Daemon
&uns as a background process

?reate your own scripts that wrap


H startup.sh
H shutdown.sh
H catalina.sh

Depending on system@ create scripts for start on boot


$ortable"

Any scripts you create can be copied as well@ they are Dust scripts
Debuggable"

Fes@ it8s Dust a shell script


,, ,,
Labs
,5 ,5
Advanced
,4 ,4
0ni/ Tomcat as a Daemon Advanced scripts
&uns on top of the shell scripts in A@ATALIBA341%+*bin

Supplied linu02etc2initd2tomcat.sh

?opy linu02etc2initd2tomcat.sh to %etc%init.d

!ename linu02etc2initd2tomcat.sh to apache2tomcat.sh

The following three slides illustrate apache2tomcat.sh


,3 ,3
0ni/ Tomcat as a Daemon Advanced scripts
C9*bin*sh
C Apache Tomcat start*stop Daemon
C chkconfig/ DEF- G; D;
C description/ +nable service provided by Apache Tomcat daemon.
CCC 8+HIB IBIT IB>1
C $rovides/ apache:tomcat
C &e'uired:Start/ Alocal3fs
C &e'uired:Stop/ Alocal3fs
C Default:Start/ D E F -
C Default:Stop/ ; , #
C Short:Description/ Start*Stop Apache Tomcat daemon.
C Description/ +nable service provided by Apache Tomcat daemon.
CCC +BD IBIT IB>1
C9*bin*sh
C Apache Tomcat start*stop Daemon
C chkconfig/ DEF- G; D;
C description/ +nable service provided by Apache Tomcat daemon.
CCC 8+HIB IBIT IB>1
C $rovides/ apache:tomcat
C &e'uired:Start/ Alocal3fs
C &e'uired:Stop/ Alocal3fs
C Default:Start/ D E F -
C Default:Stop/ ; , #
C Short:Description/ Start*Stop Apache Tomcat daemon.
C Description/ +nable service provided by Apache Tomcat daemon.
CCC +BD IBIT IB>1
,- ,-
0ni/ Tomcat as a Daemon Advanced scripts
T1%@AT30S+&Itomcat
S@&I$T3BA%+Iapache:tomcat
eport @ATALIBA341%+IJ*usr*local*tomcatJ
eport @ATALIBA38AS+IJ*usr*local*tomcatJ
eport (A2A341%+IJ*usr*local*6avaJ
eport S0IJ*bin*suJ
C D1 B1T +DIT 8+<1BD T4IS LIB+
start57 K
echo :n JStarting AS@&I$T3BA%+ ...JL
AS0 AT1%@AT30S+& A@ATALIBA341%+*bin*startup.sh
C %ake lock for &ed4at * SuS+
if test :w *var*lock*subsys
then
touch *var*lock*subsys*AS@&I$T3BA%+
fi
M
T1%@AT30S+&Itomcat
S@&I$T3BA%+Iapache:tomcat
eport @ATALIBA341%+IJ*usr*local*tomcatJ
eport @ATALIBA38AS+IJ*usr*local*tomcatJ
eport (A2A341%+IJ*usr*local*6avaJ
eport S0IJ*bin*suJ
C D1 B1T +DIT 8+<1BD T4IS LIB+
start57 K
echo :n JStarting AS@&I$T3BA%+ ...JL
AS0 AT1%@AT30S+& A@ATALIBA341%+*bin*startup.sh
C %ake lock for &ed4at * SuS+
if test :w *var*lock*subsys
then
touch *var*lock*subsys*AS@&I$T3BA%+
fi
M
,A ,A
0ni/ Tomcat as a Daemon Advanced scripts
status57 K
if N :e JA@ATALIBA3$IDJ OL then
echo J&unningJL
else
echo JBot runningJL
fi
M
status57 K
if N :e JA@ATALIBA3$IDJ OL then
echo J&unningJL
else
echo JBot runningJL
fi
M
,B ,B
0ni/ Tomcat as a Daemon Advanced scripts
stop57 K
echo :n JStopping AS@&I$T3BA%+ ...JL
shutdown3portIPgrep shutdown A@ATALIBA341%+*conf*server.ml Q
= awk RKprint substr5ADSTSD7MRPL
if N Ashutdown3port 9I J:,J OL then
AS0 AT1%@AT30S+& A@ATALIBA341%+*bin*shutdown.sh
else
T1%@AT3$IDIPps :ef = grep 6ava = grep A@ATALIBA341%+ Q
= awk RKprint ADMRPL
kill :U AT1%@AT3$IDL
rm :rf A@ATALIBA3$IDL
fi
C &emove lock for &ed4at * SuS+
if test :w *var*lock*subsys
then
rm :rf *var*lock*subsys*AS@&I$T3BA%+
fi
M
stop57 K
echo :n JStopping AS@&I$T3BA%+ ...JL
shutdown3portIPgrep shutdown A@ATALIBA341%+*conf*server.ml Q
= awk RKprint substr5ADSTSD7MRPL
if N Ashutdown3port 9I J:,J OL then
AS0 AT1%@AT30S+& A@ATALIBA341%+*bin*shutdown.sh
else
T1%@AT3$IDIPps :ef = grep 6ava = grep A@ATALIBA341%+ Q
= awk RKprint ADMRPL
kill :U AT1%@AT3$IDL
rm :rf A@ATALIBA3$IDL
fi
C &emove lock for &ed4at * SuS+
if test :w *var*lock*subsys
then
rm :rf *var*lock*subsys*AS@&I$T3BA%+
fi
M
5/ 5/
0ni/ Tomcat as a Daemon Advanced scripts
case JA,J in
start7
start
LL
stop7
stop
LL
restart7
stop
start
LL
status7
status
LL
V7
echo AJ0sage/ A; Kstart=stop=restart=statusMJ
eit ,
LL
esac
case JA,J in
start7
start
LL
stop7
stop
LL
restart7
stop
start
LL
status7
status
LL
V7
echo AJ0sage/ A; Kstart=stop=restart=statusMJ
eit ,
LL
esac
51 51
0ni/ Tomcat as a Daemon Advanced scripts
LetRs now eplain the key parts of the apache:tomcat.sh init script

Supplied apache2tomcat.sh

The following three slides illustrate apache2tomcat.shQ


52 52
0ni/ Tomcat as a Daemon Advanced scripts
C9*bin*sh
C chkconfig DEF- G; D;
C description/ Apache Tomcat start*stop Daemon
C9*bin*sh
C chkconfig DEF- G; D;
C description/ Apache Tomcat start*stop Daemon
ch9config section indicates the default run le+els.
This script is enabled at run le+els 2@,@5 and 4. A/
indicates the start priority le+el@ while 2/ is the stop
priority le+el.
ch9config is standard on
!ed )at and +ariants.
5, 5,
0ni/ Tomcat as a Daemon Advanced scripts
CCC 8+HIB IBIT IB>1
C $rovides/ tomcat
C &e'uired:Start/ Alocal3fs
C &e'uired:Stop/ Alocal3fs
C Default:Start/ D E F -
C Default:Stop/ ; , #
C Short:Description/ Start*Stop Apache Tomcat daemon.
C Description/ +nable service provided by Apache Tomcat daemon.
CCC +BD IBIT IB>1
CCC 8+HIB IBIT IB>1
C $rovides/ tomcat
C &e'uired:Start/ Alocal3fs
C &e'uired:Stop/ Alocal3fs
C Default:Start/ D E F -
C Default:Stop/ ; , #
C Short:Description/ Start*Stop Apache Tomcat daemon.
C Description/ +nable service provided by Apache Tomcat daemon.
CCC +BD IBIT IB>1
This section is related to Debian
Init scripts.
The following links contains detailed information about Delbian init
scripts.

http1%%wi9i.debian.org%GS7InitScripts

http1%%refspecs.freestandards.org%GS7(,.1./%GS72?ore2generic%GS72?ore2
generic%iniscrptact.html
55 55
0ni/ Tomcat as a Daemon Advanced scripts
T1%@AT30S+&Itomcat
eport @ATALIBA341%+IJ*usr*local*tomcatJ
eport @ATALIBA38AS+IJ*usr*local*tomcatJ
eport (A2A341%+IJ*usr*local*6avaJ
eport S0IJ*bin*suJ
C D1 B1T +DIT 8+<1BD T4IS LIB+
T1%@AT30S+&Itomcat
eport @ATALIBA341%+IJ*usr*local*tomcatJ
eport @ATALIBA38AS+IJ*usr*local*tomcatJ
eport (A2A341%+IJ*usr*local*6avaJ
eport S0IJ*bin*suJ
C D1 B1T +DIT 8+<1BD T4IS LIB+
This section is where all the
en+ironment +ariables are set up.
54 54
0ni/ Tomcat as a Daemon Advanced scripts
eport @ATALIBA3$IDIA@ATALIBA38AS+*logs*tomcat.pid
start57 K
echo :n JStarting AS@&I$T3BA%+ ...JL
AS0 AT1%@AT30S+& A@ATALIBA341%+*bin*startup.sh
C %ake lock for &ed4at * SuS+
if test :w *var*lock*subsys
then
touch *var*lock*subsys*AS@&I$T3BA%+
fi
M
eport @ATALIBA3$IDIA@ATALIBA38AS+*logs*tomcat.pid
start57 K
echo :n JStarting AS@&I$T3BA%+ ...JL
AS0 AT1%@AT30S+& A@ATALIBA341%+*bin*startup.sh
C %ake lock for &ed4at * SuS+
if test :w *var*lock*subsys
then
touch *var*lock*subsys*AS@&I$T3BA%+
fi
M
start57 is invoked during the boot process

startup.sh located in U?ATAGI=A()*&%bin gets in+o9ed

startup.sh is run using the user specified in the UT*?AT +ariable

Apache Tomcat is started under the tomcat user in this instance


53 53
0ni/ Tomcat as a Daemon Advanced scripts
stop57 K
echo :n JStopping AS@&I$T3BA%+ ...JL
shutdown3portIPgrep shutdown
A@ATALIBA341%+*conf*server.ml Q
= awk RKprint substr5ADSTSD7MRPL
if N Ashutdown3port 9I J:,J OL then
AS0 AT1%@AT30S+& A@ATALIBA341%+*bin*shutdown.sh
else
T1%@AT3$IDIPps :ef = grep 6ava = grep A@ATALIBA341%+ Q
= awk RKprint ADMRPL
kill :U AT1%@AT3$IDL
rm :rf A@ATALIBA3$IDL
fi
C &emove lock for &ed4at * SuS+
if test :w *var*lock*subsys
then
rm :rf *var*lock*subsys*AS@&I$T3BA%+
fi
M
stop57 K
echo :n JStopping AS@&I$T3BA%+ ...JL
shutdown3portIPgrep shutdown
A@ATALIBA341%+*conf*server.ml Q
= awk RKprint substr5ADSTSD7MRPL
if N Ashutdown3port 9I J:,J OL then
AS0 AT1%@AT30S+& A@ATALIBA341%+*bin*shutdown.sh
else
T1%@AT3$IDIPps :ef = grep 6ava = grep A@ATALIBA341%+ Q
= awk RKprint ADMRPL
kill :U AT1%@AT3$IDL
rm :rf A@ATALIBA3$IDL
fi
C &emove lock for &ed4at * SuS+
if test :w *var*lock*subsys
then
rm :rf *var*lock*subsys*AS@&I$T3BA%+
fi
M
1; In+o9ed during the shutdown process.
2; Is the shutdown port
disabled in ser+er.0ml?
,; shutdown port is not
disabled
call shutdown.sh.
5; shutdown port disabled. Determine
Crocess id of tomcat. $ill the tomcat
and remo+e file containing tomcat pid.
5- 5-
0ni/ Tomcat as a Daemon Advanced scripts
case JA,J in
start7
start
LL
stop7
stop
LL
restart7
stop
start
LL
status7
status
LL
V7
echo AJ0sage/ A; Kstart=stop=restart=statusMJ
eit ,
LL
esac
case JA,J in
start7
start
LL
stop7
stop
LL
restart7
stop
start
LL
status7
status
LL
V7
echo AJ0sage/ A; Kstart=stop=restart=statusMJ
eit ,
LL
esac
ser+ice apache2tomcat start
or
%etc%init.d%apache2tomcat start
ser+ice apache2tomcat stop
or
%etc%init.d%apache2tomcat stop
5A 5A
Summary
Downloading Tomcat
Distribution Types
!hich Download is &ight for %e"
%inimum &e'uirements
(D)*(&+ Installation
(A2A341%+ vs (&+341%+"
Tomcat Installation
Starting up Tomcat
Tomcat as a Service
5B 5B
Wuestions"
11
Apache Tomcat Installation Lab
2 CONFIDENTIAL 2 CONFIDENTIAL
Windows Instructions
Installing the JDK
Verifying JDK install
Installing Apache Tomcat
Verifying Tomcat install
Identifying the Java command line
Adding JV and application parameters
Installing the Apache Tomcat instance as a Windows !ervice
3 CONFIDENTIAL 3 CONFIDENTIAL
Linu" Instructions
Installing the JDK
Verifying JDK install
Installing Apache Tomcat
Verifying Tomcat Install
Identifying the Java command line
Adding JV and application parameters
Installing the Apache Tomcat instance as a Linu" Daemon
11
Configuring Tomcat
Tomcat Configuration - Part 1
22
Topics in this Session
Tomcat folder structure
High level overview of configuration files
33
Tomcat Folder Structure
Folder structure overview
apache-tomcat-6.0.x/
- bin
- conf
- lib
- logs
- temp
- webapps
- wor
44
Tomcat Folder Structure ! bin
bin folder

startup/shutdown scripts

bootstrap libraries

ant scripts !ust tas" definitions

e#e files for Tomcat$s %indows service wrapper

tomcat native &'P( wrapper) source code

*f +ou used the ,-ip version


. ma"e +our ,sh scripts runnable e,g,/
chmod 0# bin/1,sh
. fi# line endings in script files
,/apache-tomcat-2,3,#/bin
44
Tomcat Folder Structure ! bin
startup/shutdown scripts

startup,sh5bat invo"es catalina,sh5bat with parameter 6start$

shutdown,sh5bat invo"es catalina,sh5bat with parameter 6stop$

catalina,sh5bat
. *nvo"es setclasspath,bat5sh does ver+ little
. *nvo"es setenv,bat5sh put +our custom settings in here for a clean configuration
service.bat

7sed to install and remove the Tomcat service &windows onl+)


,/apache-tomcat-2,3,#/bin
22
Tomcat Folder Structure ! bin
bootstrap libraries

bootstrap,!ar contains startup classes

tomcat-!uli,!ar Tomcat$s logging framewor"


. 8ased on !ava,util,logging

This is all that is needed for Tomcat to start up


Startup classpath

setclasspath adds tools,!ar &from 9:;)

catalina adds bootstrap,!ar< tomcat-!uli,!ar


,/apache-tomcat-2,3,#/bin
==
Tomcat Folder Structure ! bin
exe files for "indows service wrapper

tomcat2,e#e the wrapper running Tomcat

tomcat2w,e#e monitors and configures the service


Tomcat native source code

tomcat-native,tar,g-

>ource code to compile Tomcat to use 'P( for networ" *?

@or %indows< download alread+ compiled :AA


,/apache-tomcat-2,3,#/bin
BB
Tomcat Folder Structure ! conf
conf director#

Contains all Tomcat$s configuration files

Cood to "now there is nowhere else to loo" for configuration options


Subdirectories to the conf director#

Can be used for deplo+ment of web applications using DEA files


,/apache-tomcat-2,3,#/conf
FF
Tomcat Folder Structure ! conf
conf director# contents

server,#ml

catalina,properties

logging,properties

conte#t,#ml

web,#ml

tomcat-users,#ml

catalina,polic+
,/apache-tomcat-2,3,#/conf
13 13
Tomcat Folder Structure ! lib
lib director#

Contains all libraries Tomcat uses during runtime

Tomcat$s class loader points to/


. GC'T'A*H'I8'>J/lib/GC'T'A*H'I8'>J/lib/1,!ar/
GC'T'A*H'IH?EJ/lib/GC'T'A*H'IH?EJ/lib/1,!ar

The folder can contain 9'( files< and ,class files in their pac"age structure

Jas+ wa+ to put in patched ,class files is to put the ,class file in lib< it will be
loaded before the same file in the 9'(

This director+ is not static< it is referenced from


conf/catalina,properties - common,loaderK,,,
,/apache-tomcat-2,3,#/lib
11 11
Tomcat Folder Structure ! logs
logs director#

Tomcat$s logs information to files in here


$pplication log files

Cood idea for applications to log to the same director+

>ome applications log inside their own webapp


. generall+ a bad practice since logs will disappear if application is removed
,/apache-tomcat-2,3,#/logs
12 12
Tomcat Folder Structure ! temp
temp director#

>+stem propert+ 6!ava,io,tmpdir$ points here

'llows applications to have a space for temporar+ file creation

>+stem propert+ set in catalina,bat5sh

:onLt delete this director+


,/apache-tomcat-2,3,#/temp
13 13
Tomcat Folder Structure ! webapps
webapps director#

default director+ for web application deplo+ments


. ,war files
. directories
Configured in server.xml

MHost app8aseKNwebappsO PQ
,/apache-tomcat-2,3,#/webapps
14 14
Tomcat Folder Structure ! wor
wor director#

Tomcat$s director+ for temporar+ file creation during runtime

>tores generated 9>P classes


. ,!ava files generated !ava source code
. ,class files servlets that represent the 9>P
Sub director# structure

directories organi-ed b+ component names defined in server,#ml

wor"/MJngine nameQ/MHost nameQ/

wor"/Catalina/localhost/
,/apache-tomcat-2,3,#/wor"
14 14
Topics in this Session
Tomcat folder structure
%igh level overview of configuration files
12 12
Configuration Files ! server.xml
server.xml

Tomcat$s main configuration file

6builds$ the Tomcat runtime engine during DEA parsing

Parsed using commons-digester

Hard coded rulesets for each DEA element

%ell formed DEA no :T: nor schema


conf/server,#ml conf/server,#ml
1= 1=
Configuration Files ! server.xml
server.xml

J#tremel+ e#tensible< ever+ component can be swapped out using the


classHame attribute
class&ame attribute omitted means Tomcat will use the default
M>erver portKNB334O
classHameKNm+,own,>erver*mplementationOQ
P
M/>erverQ
conf/server,#ml conf/server,#ml
1B 1B
Configuration Files ! server.xml
server.xml

Eisspelt or misplaced elements will be reported


'gnored
"$(&'&)* &o rules found matching +Server/,#-wn.lement+
M>erver portKNB334O
classHameKNm+,own,>erver*mplementationOQ
ME+?wnJlement tomcatKNguruO/Q
M/>erverQ
conf/server,#ml conf/server,#ml
1F 1F
Configuration Files ! server.xml
server.xml

Eisspelled or invalid attributes will normall+ be reported


M>erver sportKNB334O
classHameKNm+,own,>erver*mplementationOQ
P
M/>erverQ
"$(&'&)* /Set0roperties(ule12Server3 Setting propert# +sport+ to
45006+ did not find a matching propert#.
7'- %TT0 Connector is the exception
conf/server,#ml conf/server,#ml
23 23
Configuration Files ! catalina.properties
catalina.properties

Class loaders setup

server,#ml substitution variables


Rserver shutdown port in conf/catalina,properties
shutdown,portKB334
Rshutdown port specified in conf/server,#ml
M>erver portKNGSshutdown,portTOQ
P
M/>erverQ
conf/catalina,properties conf/catalina,properties
21 21
Configuration Files ! logging.properties
logging.properties

Tomcat$s internal logging setup

Preconfigured for good production level logging

@ormat defined b+ !ava,util,logging

9avadoc of !ava,util,logging/
http///download,oracle,com/!avase/2/docs/technotes/guides/logging/overview,html
conf/logging,properties conf/logging,properties
22 22
Configuration Files ! Change the name of a log file
%andlers for root logger are defined using .handlers propert#.
7# default8 the root logger is defined to go to*
1) The console
2) ' file named catalina,++++-mm-dd,log in the logs director+,
conf/logging,properties conf/logging,properties

,handlers K 1catalina,org,apache,!uli,@ileHandler< !ava,util,logging,ConsoleHandler
1catalina,org,apache,!uli,@ileHandler,level K @*HJ
1catalina,org,apache,!uli,@ileHandler,director+ K GScatalina,baseT/logs
1catalina,org,apache,!uli,@ileHandler,prefi# K catalina,
23 23
Configuration Files ! Change the name of a log file
To change the name of this file to tomcat.####-mm-dd.log find*
conf/logging,properties conf/logging,properties

and change it to*
1catalina,org,apache,!uli,@ileHandler,prefi# K catalina,
1catalina,org,apache,!uli,@ileHandler,prefi# K tomcat,
catalina,2313-12-11,log catalina,2313-12-11,log
catalina,2313-12-11,log tomcat,2313-12-11,log
24 24
Configuration Files ! Changing the log level
9ogging levels can be configured per class or per pacage

same wa+ as !ava,util,logging,


,aximum logging from the :startup; classes*
,aximum logging for startup and runtime*
org,apache,catalina,startup,levelK'AA
org,apache,levelK'AA
>uch a high level of logging in production will lead to poor performance
conf/logging.properties
conf/logging.properties
24 24
Configuration Files ! (emove redundant logging
Tomcat+s catch-all logger logs to two different locations
The .handlers is the +catch-all+ logger8 which logs entries to*

1catalina,org,apache,!uli,@ileHandler &a file)

!ava,util,logging,ConsoleHandler &standard out)


,handlers K 1catalina,org,apache,!uli,@ileHandler< !ava,util,logging,ConsoleHandler
conf/logging.properties
22 22
Configuration Files ! (emove redundant logging
9ogging to the console is often considered as unnecessar#
'n that case8 <ust declare the File%andler
,handlers K 1catalina,org,apache,!uli,@ileHandler
conf/logging.properties
'n+ change to logging,properties is ta"en into account after tomcat restart
2= 2=
Configuration Files ! web.xml
web.xml

Clobal defaults that appl+ to each deplo+ed web application

Eerged with application$s own web,#ml file

:efined b+ the servlet specification


conf/web,#ml conf/web,#ml
2B 2B
Configuration Files ! context.xml
context.xml

Clobal defaults that appl+ to each deplo+ed web application

Tomcat specific< defined b+ the MConte#tQ element


conf/conte#t,#ml conf/conte#t,#ml
2F 2F
Configuration Files ! catalina.polic#
catalina.polic#

7sed when running the 9UE with a >ecurit+ Eanager

Contains predefined permissions for Tomcat to run

Eust be edited to accommodate code for web applications


conf/catalina,polic+ conf/catalina,polic+
33 33
Configuration Files ! tomcat-users.xml
tomcat-users.xml

>imple username/password file for the default securit+ realm


conf/tomcat-users,#ml conf/tomcat-users,#ml
31 31
Summar#
Tomcat folder structure

bin

conf

lib

logs

temp

webapps

wor
%igh level overview of configuration files

server,#ml

web,#ml

catalina,properties< logging,properties< catalina,polic+

tomcat-users,#ml
32 32
=uestions>
11
Configuring Tomcat Lab
Part 1
22
Windows Instructions
Shutting Apache Tomcat with the shutdown port

Verify visually
Using catalina.properties
Changing Apache Tomcat's logging configuration

Remove the old log files

Change the name of a log file

Changing the log level


Maing mistaes in ser!er."ml
33
Linu" Instructions
Shutting Apache Tomcat with the shutdown port

Verify using telnet


Using catalina.properties
Changing Apache Tomcat's logging configuration

Remove the old log files

Change the name of a log file

Changing the log level


Maing mistaes in ser!er."ml
11
Servlet, JSP & Web applications
A brief overview of the specifications that make Tomcat a Servlet/JSP
container
22
Topics in this Session
What is the JCP?
Tomcat and Java specifications
What is a Servlet?
Re!est/Response AP"s
What is a JSP
Packa#in# $ormats
Web application folder la%o!t
&onfi#!ration $iles
web'(ml overview
))
What's JCP?
Java Community Process
Formalized process that deines uture speciications o the Java
platorm
Java Speciication !e"uest #JS!$

Proposed specifications

Servlet * JSR+)1, - Servlet )'.

JSP * JSR 2/, - JSP 2'2 / 01 2'2


//
Topics in this Session
What is the J&P?
Tomcat and Java speciications
What is a Servlet?
Re!est/Response AP"s
What is a JSP
Packa#in# $ormats
Web application folder la%o!t
&onfi#!ration $iles
web'(ml overview
,,
Tomcat and JS!s
Servlet % JSP speciications
Tomcat
version
J&' version
)'. 2'2 2'.'( J34 1'56
2', 2'1 5'.'( J34 1',6
2'/ 2'. ,','(7 ,'.'( J34 1'/6
2') 1'2 /'1'(7 /'.'( J34 1')6
2'2 1'1 )'('( J34 1'26 8?9
55
Topics in this Session
What is the J&P?
Tomcat and Java specifications
What is a Servlet?
Re!est/Response AP"s
What is a JSP
Packa#in# $ormats
Web application folder la%o!t
&onfi#!ration $iles
web'(ml overview
22
What's a Servlet?
Class to implement re"uest%response pro(rammin( model
)ost commonly used or *TTP
+mplemented by ,application developer-
&eployed into a Servlet container

1ike Tomcat
%% main method or a Servlet
public void service #Servlet!e"uest re"uest, Servlet!esponse
response$ thro.s / 0
1
::
Topics in this Session
What is the J&P?
Tomcat and Java specifications
What is a Servlet?
!e"uest%!esponse 2P+s
What is a JSP
Packa#in# $ormats
Web application folder la%o!t
&onfi#!ration $iles
web'(ml overview
;;
!e"uest%!esponse 2P+
*TTP is a client%server protocol

$or each Re!est7 there is a Response


<rowser <rowser
=TTP Servlet
Re!est
=TTP Servlet
Re!est
=TTP Servlet
Response
=TTP Servlet
Response
=TTP
Response
=TTP
Re!est
Web
&omponents
Web
&omponents
Java
beans
Java
beans
1. 1.
Topics in this Session
What is the J&P?
Tomcat and Java specifications
What is a Servlet?
Re!est/Response AP"s
What is a JSP?
Packa#in# $ormats
Web application folder la%o!t
&onfi#!ration $iles
web'(ml overview
11 11
What's a JSP?
Te3t based document

&ontains static data 8te(t9

3irect Java s%nta(

JSP elements and ta# libraries


12 12
>?@ pa#e importABCava'!til'D7E%1ocalesB ?F
>?@ pa#e contentT%peABte(t/htmlG charsetA"SH+::,;+,B ?F
>htmlF >headF>titleF1ocaliIed 3ates>/titleF>/headF
>bod% b#colorABwhiteBF
>CspJ!se<ean idABlocalesB scopeABapplicationB classABE%1ocalesB/F
>form nameABlocale$ormB actionABinde('CspB methodABpostBF
>bF1ocaleJ>/bF >select nameAlocaleF
>?
Strin# selected1ocale A re!est'#etParameter8BlocaleB9G
"terator i A locales'#et1ocaleKames89'iterator89G
while 8i'hasKe(t899 L Strin# locale A 8Strin#9i'ne(t89G
if 8selected1ocale MA n!ll NN selected1ocale'e!als8locale99 L
?F
>option selectedF>?Alocale?F>/optionF
>? O else L ?F
>optionF>?Alocale?F>/optionF
>? O O ?F
>/selectF >inp!t t%peABs!bmitB nameABS!bmitB val!eABPet 3ateBF
>/formF
>CspJincl!de pa#eABdate'CspB/F
>/bod%F >/htmlF
>?@ pa#e importABCava'!til'D7E%1ocalesB ?F
>?@ pa#e contentT%peABte(t/htmlG charsetA"SH+::,;+,B ?F
>htmlF >headF>titleF1ocaliIed 3ates>/titleF>/headF
>bod% b#colorABwhiteBF
>CspJ!se<ean idABlocalesB scopeABapplicationB classABE%1ocalesB/F
>form nameABlocale$ormB actionABinde('CspB methodABpostBF
>bF1ocaleJ>/bF >select nameAlocaleF
>?
Strin# selected1ocale A re!est'#etParameter8BlocaleB9G
"terator i A locales'#et1ocaleKames89'iterator89G
while 8i'hasKe(t899 L Strin# locale A 8Strin#9i'ne(t89G
if 8selected1ocale MA n!ll NN selected1ocale'e!als8locale99 L
?F
>option selectedF>?Alocale?F>/optionF
>? O else L ?F
>optionF>?Alocale?F>/optionF
>? O O ?F
>/selectF >inp!t t%peABs!bmitB nameABS!bmitB val!eABPet 3ateBF
>/formF
>CspJincl!de pa#eABdate'CspB/F
>/bod%F >/htmlF
JSP elements
Static content
Java s%nta(
What's a JSP?
JSP .ith J242 snippets #scriptlet$
1) 1)
What is a JSP?
JSP .ith ta(lib and 53pression 6an(ua(e
>?@ ta#lib !riABhttpJ//Cava's!n'com/Cstl/coreB prefi(ABcB ?F
>htmlF
>headF>titleF0(pression 1an#!a#eJ !sed in JST1>/titleF>/headF
>bod% b#colorABwhiteBF
<!-- A for loop in expression language printing numbers from 1 to 10 -->
>cJfor0ach varABiB be#inAB1B endAB1.B stepAB1BF
>cJo!t val!eABQLiOB /F
>br /F
>/cJfor0achF
<!-- Pure JSP EL -->
>pFRo!r total cost is QLp!rchase 6 ta(O >/pF
<!-- Modilfied JSP EL in JSL -->
>pFRo!r total cost is >cJo!t val!eASQLp!rchase 6 ta(OS/F >/pF
>/bod%F
>/htmlF
>?@ ta#lib !riABhttpJ//Cava's!n'com/Cstl/coreB prefi(ABcB ?F
>htmlF
>headF>titleF0(pression 1an#!a#eJ !sed in JST1>/titleF>/headF
>bod% b#colorABwhiteBF
<!-- A for loop in expression language printing numbers from 1 to 10 -->
>cJfor0ach varABiB be#inAB1B endAB1.B stepAB1BF
>cJo!t val!eABQLiOB /F
>br /F
>/cJfor0achF
<!-- Pure JSP EL -->
>pFRo!r total cost is QLp!rchase 6 ta(O >/pF
<!-- Modilfied JSP EL in JSL -->
>pFRo!r total cost is >cJo!t val!eASQLp!rchase 6 ta(OS/F >/pF
>/bod%F
>/htmlF
Ta# librar%
Accessin#
parameter
s
JST1 for
loop
1/ 1/
What's a JSP?
Compiled durin( runtime

Ts!all% d!rin# first invocation


Compilation steps

Parse 'Csp file into 'Cava

'Cava file implements Cava('servlet'Servlet interface

&ompile 'Cava file into 'class file

'class loaded and mapped to TR"


See or yoursel in Tomcat-s .or7 directory
1, 1,
Servlets are controllers
<rowser <rowser
Servlet
8&ontroller9
Servlet
8&ontroller9
JSP
8Uiew9
JSP
8Uiew9
Java <ean
8Eodel9
Application Server
0nterprise
Servers/ 3ata so!rces
Response
Re!est
1
,
/
2
)
instantiate
)4C 2rchitecture
15 15
)4C8 2rchitecture
Front controller is the entry point
<rowser <rowser
$ront &ontroller
8&ontroller9
$ront &ontroller
8&ontroller9
Application Server
Response
Re!est
&ontroller 1 &ontroller 1
&ontroller 2 &ontroller 2
&ontroller ) &ontroller )
999
These controllers talk
to the service la%er
and ret!rn the control
8Eodel and Uiew9 to
the front controller
JSPs
8Uiew9
JSPs
8Uiew9
Pattern !sed b% most modern web technolo#ies 8Sprin# EU&7 JS$7
PWT7 Str!ts 1 and 2''9
12 12
Topics in this Session
What is the J&P?
Tomcat and Java specifications
What is a Servlet?
Re!est/Response AP"s
What is a JSP?
Pac7a(in( Formats
Web application folder la%o!t
&onfi#!ration $iles
web'(ml overview
1: 1:
Pac7a(in( Formats
J2!
Java 2rchive

V"P archive of reso!rces

'class files

'properties files

An%thin# %o! wish to access thro!#h class loaders

3irector% str!ct!re follows Java Wpacka#e namespaceS conventions


J&' contains :;ar< binary

same commands as tar7 b!t manip!lates V"P files


1; 1;
Pac7a(in( Formats
W2!
Web 2rchive

V"P file containin# a web application

3oes not contain the Wconte(tS folder

The name of the file is the conte(t name


Can be vie.ed usin( :;ar< binary
2. 2.
Topics in this Session
What is the J&P?
Tomcat and Java specifications
What is a Servlet?
Re!est/Response AP"s
What is a JSP?
Packa#in# $ormats
Web application older layout
&onfi#!ration $iles
web'(ml overview
21 21
W2! Folders
webapps/
m%webapp/
abo!t'htm
m%webapp'css
inde('Csp
ima#es/
photo'Cp#
E0TA+"K$/
conte(t'(ml 8Tomcat Specific9
W0<+"K$/
web'(ml
classes/
com/
m%compan%/
db/
3atabaseServlet'class
lib/
sprin#'Car
P!blic reso!rces
Private reso!rces
&onte(t
22 22
Creatin( a W2! ile
//#o into the director% of the web application
cd webapps/m%webapp/
//create the Iip file
Car cvfE ''/m%webapp'war D
//note that the root folder is not part of the archive
2) 2)
Topics in this Session
What is the J&P?
Tomcat and Java specifications
What is a Servlet?
Re!est/Response AP"s
What is a JSP?
Packa#in# $ormats
Web application folder la%o!t
Coni(uration Files
web'(ml overview
2/ 2/
Coni(uration Files
.eb93ml

3efined b% specification

httpJ//Cava's!n'com/(ml/ns/Cavaee/web+appX2X,'(sd

Prior to Tomcat 57 ever% web application had to have a web'(ml incl!ded

1ocation * W0<+"K$/ folder


conte3t93ml

Tomcat specific

&ontains a sin#le >&onte(tF element

1ocation * E0TA+"K$/ folder

Tnpacked to conf/ s!b director%


2, 2,
Topics in this Session
What is the J&P?
Tomcat and Java specifications
What is a Servlet?
Re!est/Response AP"s
What is a JSP?
Packa#in# $ormats
Web application folder la%o!t
&onfi#!ration $iles
.eb93ml overvie.
25 25
W5=>+?F%.eb93ml
<!eb-app>
<i"on>
<displa#-name>
<des"ription>
<distributable>
<"ontext-param>
<filter>
<filter-mapping>
<listener>
<ser$let>
<ser$let-mapping>
<session-"onfig>
<mime-mapping>
<!el"ome-file-list>
<error-page>
<taglib>
<resour"e-en$-ref>
<resour"e-ref>
<se"urit#-"onstraint>
<login-"onfig>
<se"urit#-role>
<en$-entr#>
<e%b-ref>
<e%b-lo"al-ref>
<&!eb-app>
The .eb93ml ta7es this (eneralized orm

Schema defined at
httpJ//Cava's!n'com/(ml/ns/Cavaee/web+appX2X,'(sd
22 22
W5=>+?F%.eb93ml
@.eb>appA

Root element of the web'(ml' All other YE1 elements reside inside it
@iconA

1ocation of the ima#e files that ma% be !sed b% a tool to vis!all% represent the
web app
>iconF
>small+iconF/ima#es/icons/m%app+small'#if>/small+iconF
>lar#e+iconF/ima#es/icons'm%app+lar#e'#if>/lar#e+iconF
>/iconF
2: 2:
W5=>+?F%.eb93ml #continued$
@display>nameA

A name that can be !sed for displa% in a PT" interface


>displa%+nameFE% Web Application>/displa%+nameF
@descriptionA

3escription of the web app


@distributableA

3escribes a web app that is desi#ned to be distrib!table for load balancin# and
failover'

3efa!lt is false7 as web apps re!ire additional s!pport for s!ch architect!re
2; 2;
W5=>+?F%.eb93ml #continued$
@conte3t>paramA

Tsed for settin# application initialiIation parameters


>conte(t+paramF
>param+nameF#reetin#>/param+nameF
>param+val!eFWelcome to m% appM>param+val!eF
>/conte(t+paramF
). ).
W5=>+?F%.eb93ml #continued$
@ilterA

Re!sable components that intercept the re!est and response and appl% some
t%pe of processin# to them

0(amplesJ
Z compress the content of the response
Z Transform YE1 to =TE1
Z 1o##in# of reso!rce !sa#e

$ilters can be mapped to TR1 patterns


)1 )1
W5=>+?F%.eb93ml #continued$
53ample o deinin( a ilterB
>filterF
>iconF/ima#es/icons/filter'Cp#>/iconF
>filter+nameF&ompressor>/filter+nameF
>descriptionFThis filter compresses>/descriptionF
>filter+classFcom'm%compan%'!tils'&ompressor>/filter+classF
>init+paramF
>param+nameFcompressionXt%pe>/param+nameF
>param+val!eF#Iip>/param+val!eF
>/init+paramF
>/filterF
)2 )2
)appin( the Filter a(ainst C!6 patternsB
>filter+mappin#F
>filter+nameF&ompressor>/filter+nameF
>!rl+patternFD>/!rl+patternF
>/filter+mappin#F
Compressor ilter .ill be applied to every C!6

&orrect mappin# wo!ld have been to onl% [te(t\ content


W5=>+?F%.eb93ml #continued$
)) ))
W5=>+?F%.eb93ml #continued$
@listenerA

1isteners respond to events in an application

e'#'7 a Java<ean co!ld send an e+mail when an event re!irin# administration is


recorded7 or a JEY 1istener respondin# to mana#ement events

0(ampleJ
>listenerF
>listener+classF
com'm%compan%'listeners'0mail1istener
>/listener+classF
>/listenerF
)/ )/
W5=>+?F%.eb93ml #continued$
@servletA

Servlet+specific declarations
>servletF
>iconF/ima#es/icons/servlet1'Cp#>/iconF
>servlet+nameF3ownloadServlet>/servlet+nameF
>servlet+classF
com'm%compan%'servlets'3ownloadServlet
>/servlet+classF
>init+paramF
>param+nameFre!ireXtc>/param+nameF
>param+val!eFtr!e>/param+nameF
>/init+paramF
>load+on+start!pF,>/load+on+start!pF
>r!n+asF
>role+nameFadmin>/role+nameF
>/r!n+asF
>/servletF

1oad+on+start!p means servlet m!st be loaded when Tomcat starts 8rather than
wait till it is re!ested9

lower inte#er val!e A load earlier than other Servlets


), ),
W5=>+?F%.eb93ml #continued$
@session>coni(A

Allows sessions to be confi#!red for ever% application


>session+confi#F
>session+timeo!tF/.>/session+timeo!tF
>/session+confi#F
+ the value is D or less, session never e3pires
)5 )5
W5=>+?F%.eb93ml #continued$
@mime>mappin(A

Web app ma% want to force the mime+t%pe


>mime+mappin#F
>e(tensionFcsv>/e(tensionF
>mime+t%peFapplication/(+mse(cel>/mime+t%peF
>/mime+mappin#F
&eines the ,Content>Type- response header

$or static content served b% the application


)2 )2
W5=>+?F%.eb93ml #continued$
@.elcome>ile>listA

&an over+ride the ones defined in the #lobal web'(ml


>welcome+file+listF
>welcome+fileFwhatsnew'Csp>/welcome+fileF
>/welcome+file+listF
httpB%%serverBEDED%my.ebapp% .ill serve
httpB%%serverBEDED%my.ebapp%.hatsne.9;sp
): ):
W5=>+?F%.eb93ml #continued$
@error>pa(eA

&!stomiIed handlin# for =TTP errors and Java e(ceptions


>error+pa#eF
>error+codeF/./>/error+codeF
>locationF/errors/oops'Csp>/locationF
>/error+pa#eF
>error+pa#eF
>e(ception+t%peF
Cava'lan#'K!llPointer0(ception
>/e(ception+t%peF
>locationF/errors/badl%codedpa#e'Csp>/locationF
>/error+pa#eF
); );
W5=>+?F%.eb93ml #continued$
@ta(libA

&reatin# convenient aliases for 'tld files


>Csp+confi#F
>ta#libF
>ta#lib+!riFapplicationta#s'tld>/ta#lib+!riF
>ta#lib+locationF/W0<+"K$/tlds/web+app'tld>/ta#lib+locationF
>/ta#libF
>/Csp+confi#F
/. /.
W5=>+?F%.eb93ml #continued$
@resource>reA

References to e(ternal reso!rces


Z J3<& &onnection pools
Z JK3" reso!rces
Z JavaEail

Eakes it convenient to declare the e(ternal reso!rce once7 and reference it from
different confi#!ration conte(ts
/1 /1
W5=>+?F%.eb93ml #continued$
@security>constraintA

Sec!rit% constraints for web reso!rces7 accordin# to !ser roles7 SS1


transmission etc'
>sec!rit%+constraintF
>web+reso!rce+collectionF
>web+reso!rce+nameFProtected Area>/web+reso!rce+nameF
>M++ 3efine the conte(t+relative TR18s9 to be protected ++F
>!rl+patternF/Csp/sec!rit%/protected/D>/!rl+patternF
>M++ "f %o! list http methods7 onl% those methods are protected ++F
>http+methodFP0T>/http+methodF
>http+methodFPHST>/http+methodF
>/web+reso!rce+collectionF
>a!th+constraintF
>M++ An%one with one of the listed roles ma% access this area ++F
>role+nameFtomcat>/role+nameF
>role+nameFrole1>/role+nameF
>/a!th+constraintF
>/sec!rit%+constraintF
/2 /2
@lo(in>coni(A

3efine the lo#in a!thentication mechanismJ $orm7 <asic7 etc'


>lo#in+confi#F
>a!th+methodF$HRE>/a!th+methodF
>realm+nameFEemor%Realm>/realm+nameF
>form+lo#in+confi#F
>form+lo#in+pa#eFlo#in'Csp>/form+lo#in+pa#eF
>form+error+pa#eF
notA!thenticated'Csp
>/form+error+pa#eF
>/form+lo#in+pa#eF
>/lo#in+confi#F
W5=>+?F%.eb93ml #continued$
/) /)
W5=>+?F%.eb93ml #continued$
@security>roleA

Allows roles to be defined to#ether with optional description


>sec!rit%+roleF
>descriptionF
Administrator of the application
>/descriptionF
>role+nameFadministrator>/role+nameF
>/sec!rit%+roleF
// //
W5=>+?F%.eb93ml #continued$
@env>entryA

Tsed to declare environment entries

JK3" val!e parameters that can be !sed to confi#!re the application

0nv entr% m!st be t%ped to a Java data t%pe7 so it can be !sed within the
application
>env+entr%F
>descriptionFEinim!m allowable val!e>/descriptionF
>env+entr%+nameFEinim!mUal!e>/env+entr%+nameF
>env+entr%+val!eF,>/env+entr%+val!eF
>env+entr%+t%peFCava'lan#'"nte#er>/env+entr%+t%peF
>/env+entr%F

The val!e can then be accessed as8in an% Cava code9J


&onte(t init&t( A new "nitial&onte(t89G
&onte(t env&t( A 8&onte(t9 init&t('look!p8WCavaJcomp/envS9G
"nte#er minUal!e A 8"nte#er9env&t('look!p8WEinim!mUal!eS9G
/, /,
.eb93ml
C2T26+?2F=2S5%con%.eb93ml

Re#!lar application web'(ml

3efines #lobal defa!lts

0ach val!e can be overridden b% the application\s web'(ml


/5 /5
Summary
What is the JCP?
Tomcat and Java speciications
What is a Servlet?
!e"uest%!esponse 2P+s
What is a JSP
Pac7a(in( Formats
Web application older layout
Coni(uration Files
.eb93ml overvie.
/2 /2
Guestions?
11
Servlet, JSP & Web applications Lab
22
Windows Instructions
Inspecting a WAR file

The JAR utility and other zip tools

Examining a WAR file (7-ip! "ar#! $eploying a WAR file


Adding a JSP to a WAR

Expand the WAR

Write the J%&

&a'(aging the WAR


Modifying web!"l

)hanging the *R+ path for a %er,let


#nabling access to t$e "anager application
--
Linu! Instructions
Inspecting a WAR file

The JAR utility and other zip tools

Examining a WAR file (.ile /anager! "ar#! $eploying a WAR file


Adding a JSP to a WAR

Expand the WAR

Write the J%&

&a'(aging the WAR


Modifying web!"l

)hanging the *R+ path for a %er,let


#nabling access to t$e "anager application
11
Configuring Tomcat
Tomcat Configuration - Part 2
22
Topics in this Session
Working with Threads
Connectors
SSL
Hosts
web.xml defaults
JSP defaults
33
Working with threads
Tomcat will create one instance of each servlet

ccessed b! multi"le t#reads

$ac# user re%uest is bound to a dedicated t#read



&nitiali'ation
(Load )esources*
Ser+ice
(cce"t )e%uests*
,estruction
(-nload )esources*
)e%uest (t#read 2*
)e%uest (t#read 3*
)e%uest (t#read 1*
)e%uest (t#read n*
Servlet
..
Thread Pools
Each request is served by a thread

&f a t#read is initiated and destro!ed for eac# re%uest/ t#is "uts needless burden
on t#e o"erating s!stem and J01
A Thread pool alleviates this issue by allowing eisting threads to
be reused

2#en needed/ t#reads are retrie+ed from t#e "ool

fter being used/ eac# t#read is "ut bac3 into t#e "ool
T#e abo+e describes t#e wa! T#read "ooling generall! wor3s wit#
tomcat. ,e"ending on t#e connector !ou4re using/ t#reads can be
managed in a slig#tl! different wa!
55
Thread Pools

)e%uest
)e%uest
)e%uest
Tomcat
Ser+let
T#read Pool
66
Thread Pool! "asic Configuration
#aThreads

1aximum number of acti+e t#reads in t#is "ool

1aximum number of concurrent re%uests in "rogress

,efault is 277
#inSpareThreads

1inimum number of t#reads alwa!s 3e"t ali+e

,efault is 25
$Service %%%&
$Eecutor name'(tomcatThreadPool( namePrefi'(catalina)eec)(
maThreads'(*+,( minSpareThreads'(-(.&
/
$.Service&
$Service %%%&
$Eecutor name'(tomcatThreadPool( namePrefi'(catalina)eec)(
maThreads'(*+,( minSpareThreads'(-(.&
/
$.Service&
conf8ser+er.xml conf8ser+er.xml
99
Thread Pool! Advanced Configuration
#a0dleTime! number of milliseconds before an idle thread is
shutdown

unless t#e number of acti+e t#reads is less or e%ual to minS"areT#reads

default +alue is 67777 ms (1 minute*


$Service %%%&
$1)) ma0dleTime is set to + minutes ))&
$Eecutor name'(tomcatThreadPool( namePrefi'(catalina)eec)(
maThreads'(+,,( minSpareThreads'(*,,(
ma0dleTime'(2,,,,,(.&
/
/
%%%
$.Service&
$Service %%%&
$1)) ma0dleTime is set to + minutes ))&
$Eecutor name'(tomcatThreadPool( namePrefi'(catalina)eec)(
maThreads'(+,,( minSpareThreads'(*,,(
ma0dleTime'(2,,,,,(.&
/
/
%%%
$.Service&
conf8ser+er.xml conf8ser+er.xml
::
Topics in this Session
2or3ing wit# T#reads
Connectors
SSL
Hosts
web.xml defaults
JSP defaults
d+anced
;&</ =&< and P) connectors
>>
3 ways to use Tomcat connectors
Communication between Tomcat and the web server
Communication between tomcat and its client
Client Tomcat
Request
Response
Request
Response
"ac#e
#tt"d
Connector
Client Tomcat
Request
Response
Connector
T#e current module focuses on t#e second case (communication wit#
t#e web ser+er will be seen later in t#is course*
17 17
Connectors! default behavior
Tomcat by default listens on port 4,4,
$Server %%%&
$Service %%%&
/

$Connector port'(4,4,( protocol'(5TTP.*%*(
ConnectionTimeout'(3,,,,( redirectPort'(4--2( .&
/
/
$.Service&
$.Server&
$Server %%%&
$Service %%%&
/

$Connector port'(4,4,( protocol'(5TTP.*%*(
ConnectionTimeout'(3,,,,( redirectPort'(4--2( .&
/
/
$.Service&
$.Server&
conf8ser+er.xml conf8ser+er.xml
d+anced features about connectors suc# as t#e difference between
P)/ =&< and ;&< connectors are s#own in t#e ad+anced section
at t#e end of t#is module
C#ange t#e "ort number #ere if !ou
wis# to use a different +alue
11 11
Topics in this Session
2or3ing wit# T#reads
Connectors
SS6
Hosts
web.xml defaults
JSP defaults
d+anced
;&</ =&< and P) connectors
12 12
SS6! "etween Web "rower and Tomcat
0n this module we will not be using Apache httpd
The browser will send requests encrypted with SS6 directly to
Tomcat
Client Tomcat
https (encrypted) Request
https (encrypted) Response
http (cleartext) Request
http (cleartext) Response
13 13
SS6! keystore
0n order for a browser and Tomcat to communicate via SS67
authentication is needed

Tomcat will "resent t#e browser wit# a certificate as "roof of w#o it


claims to be
What is a keystore8

contains trusted certificates and combinations of "ri+ate 3e!s wit# t#eir


corres"onding certificates

-suall! stored in a file


1. 1.
SS6! truststore
A truststore is a keystore which is used when making decisions
about what to trust%
0f you receive some data from an entity that is already trusted

+erif! t#at t#e entit! is t#e one it claims to be

!ou can assume t#at t#e data reall! came from t#at entit!
0f the user makes a decision to trust an entity

an entr! s#ould onl! be added to a truststore


15 15
9enerating a keystore
A keystore maybe generated on the command)line using keytool
keytool is part of the :;<

&nside t#e ?bin@ folder


.usr.local.tomcat.keytool )genkey )alias tomcat )keyalg =SA )keystore %keystore
Enter keystore password! $Enter changeit&
=e)enter new password! $Enter changeit&
What is your first and last name8
>?nknown@! $:ust press =ET?=A&
What is the name of your organiBational unit8
%%%
What is the two)letter country code for this unit8
>?nknown@! 9"
Enter key password for $tomcat&
C=ET?=A if same as keystore passwordD! $:ust press =ET?=A&
.usr.local.tomcat.keytool )genkey )alias tomcat )keyalg =SA )keystore %keystore
Enter keystore password! $Enter changeit&
=e)enter new password! $Enter changeit&
What is your first and last name8
>?nknown@! $:ust press =ET?=A&
What is the name of your organiBational unit8
%%%
What is the two)letter country code for this unit8
>?nknown@! 9"
Enter key password for $tomcat&
C=ET?=A if same as keystore passwordD! $:ust press =ET?=A&
16 16
SS6! sample configuration
$Server %%%&
$Service %%%&
/
$Connector port'(4--2( SS6Enabled'(true(
scheme'(https( secure'(true(
keystoreEile'(conf.%keystore( keystorePass'(changeit(.&
%%%
$.Service&
$.Server&
$Server %%%&
$Service %%%&
/
$Connector port'(4--2( SS6Enabled'(true(
scheme'(https( secure'(true(
keystoreEile'(conf.%keystore( keystorePass'(changeit(.&
%%%
$.Service&
$.Server&
conf8ser+er.xml conf8ser+er.xml
""lication can be accessed using an url
suc# as #tt"sA88local#ostA:..38m!""
Tomcat is #andling encr!"tion (as o""osed
to "ac#e #tt"d or an! ot#er front-end ser+er*
19 19
SS6! Eaking connection
Tricking deployed application into thinking it is still communicating
via https%

-seful in re+erse "rox! situations w#en SSL is terminated at t#e "rox!/ but t#e
a""lication re%uires SSL

lso useful in a de+elo"ment en+ironment w#ere t#e certificate from a C is not


"ossible
$Connector port'(4--2( protocol'(5TTP.*%*(
SS6Enabled'(false( secure'(true( clientAuth'(false(.&
$Connector port'(4--2( protocol'(5TTP.*%*(
SS6Enabled'(false( secure'(true( clientAuth'(false(.&
""lication can be accessed using an url
suc# as httpA88local#ostA:..38m!""
- Trust store is not used
- web.xml does not #a+e CL&$;T-C$)T
as an aut#entication constraint
Tomcat is ;<T #andling encr!"tion
1: 1:
Topics in this Session
2or3ing wit# T#reads
Connectors
SSL
5osts
web.xml defaults
JSP defaults
d+anced
;&</ =&< and P) connectors
1> 1>
Firtual hosting
#ethod for hosting multiple domains on the same tomcat instance
using a single ip address%
$Server %%%&
$Service %%%&
$Engine name'(Catalina( default5ost'(localhost(&
$5ost name'GbartG %%%& %%% $.5ost&
$5ost name'GlisaG %%%& %%% $.5ost&
$.Engine&
$.Service&
$.Server&
$Server %%%&
$Service %%%&
$Engine name'(Catalina( default5ost'(localhost(&
$5ost name'GbartG %%%& %%% $.5ost&
$5ost name'GlisaG %%%& %%% $.5ost&
$.Engine&
$.Service&
$.Server&
&n t#is exam"le/ bot# #tt"A88bartA:7:7 and #tt"A88lisaA:7:7 refer to t#e
same tomcat instance
conf8ser+er.xml conf8ser+er.xml
27 27
Engine)5ost =elationship
B$ngineC
defaultDwww.bar.com
BHostC
www.foo.com
BHostC
www.bar.com
1
HTTP )e%uest
HostAwww.bar.com
C#ec3 Host
Send to default
2
C#ec3 Host
.
HostAwww.foo.com
3
21 21
Firtual hosting
0n order for the virtual hosts bart and lisa to be resolved7 they need
to be added to the .etc.hosts file on 6inu%
Hn Windows7 corresponding hosts file is inside
C!IW0A;HWSIsystem23IdriversIetcI directory%
/etc/hosts
*3J%,%,%* bart
*3J%,%,%* lisa
*3J%,%,%* bart
*3J%,%,%* lisa
/etc/hosts
C:\WINDOWS\system32\drivers\etc\hosts
*3J%,%,%* bart
*3J%,%,%* lisa
*3J%,%,%* bart
*3J%,%,%* lisa
Linux
2indows
22 22
5osts! $5ost& Element
#anages deployment of all web applications
Supports virtual hosts
Hnly one K.G CrootD contet per host
Each host has a name
$5ost name'KmyhostG
app"ase'KwebappsG
deployHnStartup'KtrueG
auto;eploy'KtrueG
unpackWA=S'KtrueG
.&
$5ost name'KmyhostG
app"ase'KwebappsG
deployHnStartup'KtrueG
auto;eploy'KtrueG
unpackWA=S'KtrueG
.&
<Engine name="Catalina" defaultHost="myhost">
conf8ser+er.xml conf8ser+er.xml
23 23
5osts! $5ost& Element
The 5ost LnameM is used for virtual host matching
$5ost name'Kwww%foo%comG
app"ase'K.opt.applications.webappsG
deployHnStartup'KtrueG
auto;eploy'KtrueG
unpackWA=S'KtrueG
.&
$5ost name'Kwww%foo%comG
app"ase'K.opt.applications.webappsG
deployHnStartup'KtrueG
auto;eploy'KtrueG
unpackWA=S'KtrueG
.&
conf8ser+er.xml conf8ser+er.xml
2. 2.
5osts! Alias
An alias is another name given to a host

#ost can #a+e more t#an one lias

;o wild card matc#ing at t#is "oint


$5ost name'Kwww%foo%comG
app"ase'K.opt.applications.webappsG &
$Alias&foo%com $.Alias&
$Alias&subdomain%foo%com $.Alias&
$.5ost&
$5ost name'Kwww%foo%comG
app"ase'K.opt.applications.webappsG &
$Alias&foo%com $.Alias&
$Alias&subdomain%foo%com $.Alias&
$.5ost&
conf8ser+er.xml conf8ser+er.xml
25 25
Topics in this Session
2or3ing wit# T#reads
Connectors
SSL
Hosts
web%ml defaults
JSP defaults
d+anced
;&</ =&< and P) connectors
26 26
web%ml defaults! Servlets
;efault web%ml located in CATA60AAN"ASE.conf.web%ml

Pro+ides default +alues for all t#e a""lications inside t#e current tomcat instance
;efault mappings can be updated by modifying conf.web%ml
"ehavior can be added at the application level

inside 2$=-&;E8web.xml file

&n most cases it won4t o+erride w#at #as been declared inside
CTL&;F=S$8conf8web.xml

&t will rat#er merge t#e 2 configurations toget#er


29 29
web%ml defaults! Servlets
Tomcat deploys two servlets into every web application

,efaultSer+let

Js"Ser+let
2: 2:
web%ml defaults! ;efault Servlet
$web)app %%%&
/
$servlet&
$servlet)name&default$.servlet)name&
$servlet)class&org%apache%catalina%servlets%;efaultServlet$.servlet)class&
$init)param&
$param)name&debug$.param)name&
$param)value&,$.param)value&
$.init)param&
%%%
$.servlet&
/
$.web)app&
$web)app %%%&
/
$servlet&
$servlet)name&default$.servlet)name&
$servlet)class&org%apache%catalina%servlets%;efaultServlet$.servlet)class&
$init)param&
$param)name&debug$.param)name&
$param)value&,$.param)value&
$.init)param&
%%%
$.servlet&
/
$.web)app&
;efaultServlet O handles static content delivery
Eamples of static content would be html files7 style sheets and
images
conf8web.xml conf8web.xml conf8web.xml conf8web.xml
,ebugging
detail le+el for
messages
logged b! t#is
ser+let
,ebugging
detail le+el for
messages
logged b! t#is
ser+let
2> 2>
web%ml defaults! :spServlet
$web)app %%%&
/
$servlet&
$servlet)name&Psp$.servlet)name&
$servlet)class&org%apache%Pasper%servlet%:spServlet$.servlet)class&
%%%
$init)param&
$param)name&development$.param)name&
$param)value&true$.param)value&
$.init)param&
$init)param&
$param)name&modificationTest0nval$.param)name&
$param)value&-$.param)value&
$.init)param&
$.servlet&
%%%
$.web)app&Q
$web)app %%%&
/
$servlet&
$servlet)name&Psp$.servlet)name&
$servlet)class&org%apache%Pasper%servlet%:spServlet$.servlet)class&
%%%
$init)param&
$param)name&development$.param)name&
$param)value&true$.param)value&
$.init)param&
$init)param&
$param)name&modificationTest0nval$.param)name&
$param)value&-$.param)value&
$.init)param&
$.servlet&
%%%
$.web)app&Q
:spServlet O manages :SP compilation
conf8web.xml conf8web.xml
&f Jas"er used in
de+elo"ment mode/
fre%uenc! at w#ic# JSPs
are c#ec3ed for
modification ma! be
s"ecified +ia t#e
modificationTest&nter+al
"arameter
&f Jas"er used in
de+elo"ment mode/
fre%uenc! at w#ic# JSPs
are c#ec3ed for
modification ma! be
s"ecified +ia t#e
modificationTest&nter+al
"arameter
37 37
web%ml defaults! Session timeout
Session timeout defaults to 2, minutes
$web)app %%%&
/
$1)) '''''''''''''''''''' ;efault Session Configuration ''''''''''''''''' ))&
$1)) Rou can set the default session timeout Cin minutesD for all newly ))&
$1)) created sessions by modifying the value below% ))&
$session)config&
$session)timeout&2,$.session)timeout&
$.session)config&
/
$.web)app&
$web)app %%%&
/
$1)) '''''''''''''''''''' ;efault Session Configuration ''''''''''''''''' ))&
$1)) Rou can set the default session timeout Cin minutesD for all newly ))&
$1)) created sessions by modifying the value below% ))&
$session)config&
$session)timeout&2,$.session)timeout&
$.session)config&
/
$.web)app&
conf8web.xml conf8web.xml
in minutes
31 31
web%ml defaults! #ime mappings
When serving static resources like stylesheets or html

GContent-T!"eG #eader is automaticall! generated based on t#e resource4s


filename extension
$web)app %%%&
/
$mime)mapping&
$etension&css$.etension&
$mime)type&tet.css$.mime)type&
$.mime)mapping&
$mime)mapping&
$etension&doc$.etension&
$mime)type&application.msword$.mime)type&
$.mime)mapping&
/
$.web)app&
$web)app %%%&
/
$mime)mapping&
$etension&css$.etension&
$mime)type&tet.css$.mime)type&
$.mime)mapping&
$mime)mapping&
$etension&doc$.etension&
$mime)type&application.msword$.mime)type&
$.mime)mapping&
/
$.web)app&
conf8web.xml conf8web.xml
32 32
web%ml defaults! Welcome file list
When a request ?=0 refers to a directory7 default servlet looks for a
(welcome file( within that directory%

&f "resent/ it will dis"la! resource -)&.

&f no welcome file is "resent/ default ser+let eit#er ser+es a director! listing or
returns a .7. status/ de"ending on #ow it is configured.
$web)app %%%&
/
$welcome)file)list&
$welcome)file&inde%html$.welcome)file&
$welcome)file&inde%htm$.welcome)file&
$welcome)file&inde%Psp$.welcome)file&
$.welcome)file)list&
$.web)app&
$web)app %%%&
/
$welcome)file)list&
$welcome)file&inde%html$.welcome)file&
$welcome)file&inde%htm$.welcome)file&
$welcome)file&inde%Psp$.welcome)file&
$.welcome)file)list&
$.web)app&
conf8web.xml conf8web.xml
33 33
Topics in this Session
2or3ing wit# T#reads
Connectors
SSL
Hosts
web.xml defaults
:SP defaults
d+anced
;&</ =&< and P) connectors
3. 3.
:SP defaults
A :SP is compiled to a servlet when accessed for the first time
Eirst invocation is slower due to compilation
All the :SP files related to web applications will be compiled in the
work.Catalina.localhost directory
35 35
:SP defaults! Compilation settings
Compilation settings are specified in the conf.web%ml file

discussed in "re+ious section.


check0nterval! The time in seconds7 between checks to see if a :SP
page and its dependents need to be recompiled%

-sed in de+elo"ment mode onl!.


modificationTest0nterval! The interval in seconds a :SP file and its
dependents are checked for modification

+alue of 7 will cause t#e JSP to be c#ec3ed on e+er! access

-sed in de+elo"ment mode onl!.


36 36
:SP defaults! Changing compilation settings
Compilation settings are specified in the conf.web%ml file
6ocate the :spServlet section to change settings
Eample! in a production environment7 (development( can be
disabled
39 39
Summary
Working with Threads
Connectors
SS6
5osts
:SP defaults
web%ml defaults
3: 3:
Suestions8
3> 3>
Topics in this Session
2or3ing wit# T#reads
Connectors
SSL
Hosts
web.xml defaults
JSP defaults
Advanced
A0H7 "0H and AP= connectors
6isteners
.7 .7
Connectors! "locking 0H
;efault connector is ("locking 0H( C"0HD

)e%uires dedicating a t#read to eac# soc3et connection

Less t#reads a+ailable in an #ig# concurrenc! en+ironment

=loc3ing until data is a+ailable


$Server %%%&
$Service %%%&
/
$Connector port'(4,4,( protocol'(5TTP.*%*(
ConnectionTimeout'(3,,,,( redirectPort'(4--2( .&
/
$.Service&
$.Server&
$Server %%%&
$Service %%%&
/
$Connector port'(4,4,( protocol'(5TTP.*%*(
ConnectionTimeout'(3,,,,( redirectPort'(4--2( .&
/
$.Service&
$.Server&
conf8ser+er.xml conf8ser+er.xml
Can also be declared ex"licitl!
protocol=org.apache.coyote.http11.Http11Protocol
.1 .1
Connectors! A0H
We can use KAon "lockingG or A0H connector instead

n &8< o"eration ne+er bloc3s

<"eration ma! transfer fewer b!tes t#an were re%uested ("artial read or write*

Context switc#ing ma3es more t#reads a+ailable/ w#ic# ma3es it ideal for a #ig#
concurrenc! en+ironment
$Server %%%&
$Service %%%&
/
$Connector port'(4,4,(
protocol'(org%apache%coyote%http**%5ttp**AioProtocol(
ConnectionTimeout'(3,,,,( redirectPort'(4--2( .&
/
$.Service&
$.Server&
$Server %%%&
$Service %%%&
/
$Connector port'(4,4,(
protocol'(org%apache%coyote%http**%5ttp**AioProtocol(
ConnectionTimeout'(3,,,,( redirectPort'(4--2( .&
/
$.Service&
$.Server&
conf8ser+er.xml conf8ser+er.xml
.2 .2
Connectors! "0H vs A0H
?se "0H if!

Stabilit! is t#e #ig#est "riorit!


H ;&< is more recent. +ailable as of Tomcat 6.x

1ost content is d!namic

)elati+el! low concurrenc! en+ironment


?se A0H if!

-sing SSL

Lots of static content

Hig# concurrenc! en+ironment


.3 .3
Connectors! AP=
Also a non)blocking connector Clike A0HD
When working with SS67 uses HpenSS6
9ood performance for keep)alive in a high concurrency environment
=equires registration of a dedicated listener

)e%uires dedicating a t#read to eac# soc3et connection


$Server %%%&
$Service %%%&
$6istener
classAame'(org%apache%catalina%core%Apr6ifecycle6istener(
SS6Engine'(on( .&
/
$Connector port'(4,4,(
protocol'(org%apache%coyote%http**%5ttp**AprProtocol(
ConnectionTimeout'(3,,,,( redirectPort'(4--2( .&
/ $.Service&
$.Server&
$Server %%%&
$Service %%%&
$6istener
classAame'(org%apache%catalina%core%Apr6ifecycle6istener(
SS6Engine'(on( .&
/
$Connector port'(4,4,(
protocol'(org%apache%coyote%http**%5ttp**AprProtocol(
ConnectionTimeout'(3,,,,( redirectPort'(4--2( .&
/ $.Service&
$.Server&
conf8ser+er.xml conf8ser+er.xml
.. ..
6ifecycle6istener
$6ifecycle6istener& element

&nternal Tomcat com"onents

Listens to container e+ents suc# as ST)T/ ST<P


Eour default listeners

"rLifec!cleListener I &nitiali'es P) libraries

Jas"erListener I initiali'es Jas"er/ t#e JSP com"iler

Ser+erLifec!cleListener I J1J initiali'ation

Klobal)esourcesLifec!cleListener I J1J for J;,& resources


.5 .5
Apr6ifecycle6istener
AP= O Apache Portable =untime
"ypasses the Pava%net library through :A0
Enables usage of HpenSS6 instead of :SSE
$6istener classAame'K/Apr6ifecycle6istenerG
SS6Engine'KonToffTother commandG
SS6=andomSeed'KbuiltinT.dev.urandomT/G
.&
$6istener classAame'K/Apr6ifecycle6istenerG
SS6Engine'KonToffTother commandG
SS6=andomSeed'KbuiltinT.dev.urandomT/G
.&
conf8ser+er.xml conf8ser+er.xml
.6 .6
:asper6istener
0nitialiBes :asper prior to any webapps are deployed
Put in to avoid class loading conflicts
Ao configurable parameters
$6istener classAame'K/:asper6istenerG.& $6istener classAame'K/:asper6istenerG.&
conf8ser+er.xml conf8ser+er.xml
.9 .9
Server6ifecycle6istener
0nitialiBes :#U code for Tomcat
Creates mbeans for Tomcat obPects
Hne parameter7 but no usage
$6istener classAame'K/Server6ifecycle6istenerG
descriptors'K! separated list of paths to find
mbeans)descriptors%mlG
.&
$6istener classAame'K/Server6ifecycle6istenerG
descriptors'K! separated list of paths to find
mbeans)descriptors%mlG
.&
conf8ser+er.xml conf8ser+er.xml
11
Configuring Tomcat Lab
Part 2
22
Configuring connectors
Adding a standard HTTP connector
Adding a NIO HTTP connector
Using shared thread pool
Configuring SSL
Faing an SSL connection
33
Configuring multiple hosts
Configure the net!or
Creating a "irtual hosts
Adding a host alias
44
Controlling #SP compilation
Testing the default #SP compilation beha"ior
Changing the #SP compilation beha"ior
55
Configuring conte$ts
Creating an e$ternal conte$t
Testing the e$ternal conte$t
11
Web Application Deployment
Deploying Web Applications into Apache Tomcat
22
Topics in this session
Simple application deployment
Tomcat Manager
Declaring contexts for deployment
Advanced deployment
33
What is a Context?
In Tomcat

A context is a deployed web application

A web application is deployed to match a UR path

This is called the context path


Often referred to as the first part of the UR

!app1!index"#sp
!o"e#er$ context paths can be m%lti&le#el

!m$lti!level!context!index"#sp
%%
Using a WAR 'ile
Copy the archi#e file into app(ase

app&ase defa$lts to the 'ATA()A_BASE/webapps directory


(y defa%lt$ tomcat scans the webapps folder

Applications deployed and started a$tomatically


If application in app)*"ar is deployed to "ebapps

access it via * http+!!localhost+,-,-!app)!


..
Deployment +ethods, Using Directory
Copy the application directory to app(ase
(y defa%lt$ tomcat scans the webapps folder

Applications deployed and started a$tomatically


If application in app) directory is deployed to "ebapps

access it via * http+!!localhost+,-,-!app)!


//
WAR #ers%s Directory Deployment
WAR deployment sho%ld be yo%r defa%lt strategy

(t0s easy

(t g$aranties that no file has been lost on the way


!o"e#er$ directory deployment can be rele#ant in some specific
cases

1hen yo$ do not wish to redeploy the whole application2 files can be $pdated
inside the directory itself
3 The application still needs to be reloaded tho$gh
3 Us$ally not a best practice b$t it can be relevant for some applications
Directory deployment commonly %sed for de#elopment
en#ironments

Used by defa$lt with 4clipse 1T5


66
Topics in this session
7imple application deployment
Tomcat +anager
Declaring contexts for deployment
Advanced deployment
,,
Tomcat +anager config%ration
Tomcat +anager is a "eb application

Deployed in Tomcat as any other web application

Tomcat comes with Tomcat Manager installed o$t of the box


Re-%ires to declare a %ser that has the .manager/ role

7pecify role and $ser in conf!tomcat8$sers"xml


9role rolename:;manager8g$i;!<
9$ser $sername:;tomcat; password:;s3cret; roles:;manager;!<
9role rolename:;manager8g$i;!<
9$ser $sername:;tomcat; password:;s3cret; roles:;manager;!<
conf/tomcat-users.xml
Tomcat sho$ld be restarted after any $pdate on tomcat8$sers"xml
5rior to Tomcat /"-"3-2 rolename was =manager> ?instead of
=manager8g$i>@
AA
Using Tomcat +anager
Access console

http+!!localhost+,-,-!manager!html

Upload yo$r web application $sing the web interface


1- 1-
Topics in this session
7imple application deployment
Tomcat Manager
Declaring contexts for deployment
Advanced deployment
11 11
Defining Contexts for Deployment
Contexts sho%ld be declared %sing 0+
Declaration can be done in the follo"ing places,
Dedicated file inside Tomcat config%ration

conf!'atalina!localhost!myApplication"xml
context*xml inside the application

M4TA8()B!context"xml
Directory

Also inside the application


conf1ser#er*xml

Clobal file in Tomcat config$ration


12 12
R%les "hen "or2ing "ith contexts
Context paths m%st be %ni-%e "ithin a !ost

!app1

!app2
Context paths can o#erlap

!app1

!app1!images
Re-%ests are mapped %sing longest matching context path
13 13
context*xml
0+ file "ith a single Context element

May contain nested elements ?Dalve2 Manager2 E@


3ame of 0+ file becomes the context path
doc(ase can be %nder app(ase or external

(f $nder app&ase2 1AR!directory name m$st match path to prevent do$ble


deployment
Inside tomcat config%ration,

conf!9engine<!9host<!
app)*xml becomes

!app1!index"#sp
conf/catalina/localhost/app1.xml
4Context reloadable5.false/ 16
***
41Context6
4Context reloadable5.false/ 16
***
41Context6
1% 1%
context*xml
0+ file "ith a single Context element

May contain nested elements ?Dalve2 Manager2 E@


changes to context*xml a%tomatically trigger an application reload

Does not reF$ire the whole tomcat instance to be restarted


conf/catalina/localhost/app1.xml
4Context reloadable5.false/ 16
***
41Context6
4Context reloadable5.false/ 16
***
41Context6
&y defa$lt2 application sho$ld be located
inside app1"war or app1 directory
1. 1.
context*xml
conf147ngine name614!ost name6
Defa%lt inside tomcat config%ration,

e"g" conf!'atalina!www"foo"com!app1"xml
47ngine name5.catalina/6
4!ost name5."""*foo*com/16
47ngine name5.catalina/6
4!ost name5."""*foo*com/16
conf/catalina/www.foo.com/app1.xml
4Context reloadable5.false/ 16
***
41Context6
4Context reloadable5.false/ 16
***
41Context6
conf/server.xml
1/ 1/
Web ARchi#e 8WAR9 deployment
Application deployed as a WAR located in host:s app(ase directory

4xample+ !webapps!app1"war
Inside the WAR file$ context file located in +7TA&I3'1context*xml

copied to conf!9engine<!9host< and renamed to app1"xml

doc(ase and path attrib$tes sho$ld not be $sed


META-!"/context.xml $insi%e app1.war&
4Context reloadable5.false/ 16
***
41Context6
4Context reloadable5.false/ 16
***
41Context6
copied to
conf!catalina!localhost!app1"xml
at deployment time
16 16
Directory deployment
Directory located in host:s app(ase directory

4xample+ !webapps!app1
Config%re %sing +7TA&I3'1context*xml
Tomcat ;*<*)= and earlier

)ot copied to conf!9engine<!9host<

)ot renamed to 9application8name<"xml


Tomcat ;*<*)> and later

'opied to conf!9engine<!9host<

Renamed to 9application8name<"xml
webapps/app1/META-!"/context.xml
4Context reloadable5.false/ 16
***
41Context6
4Context reloadable5.false/ 16
***
41Context6
Brom tomcat /"-"1A2 copied to
conf!catalina!localhost!app1"xml
at deployment time
1, 1,
Declaring a context inside ser#er*xml
Changes re-%ire Tomcat restart

Declaring contexts in server"xml is not recommended when worGing with


m$ltiple applications hosted on the same tomcat instance

Recommended for sec$rity conscio$s environments where dynamic deployment


is forbidden
Use the 4Context ? 16 element
4Ser#ice ***6
47ngine ***6
4!ost name5.localhost/ a%toDeploy5.false/***6
4@A "ar file 8deployed as an archi#e inside "ebapps9 &&6
4Context doc(ase5.myapp)*"ar/ 16
41!ost6
417ngine6
41Ser#ice6
4Ser#ice ***6
47ngine ***6
4!ost name5.localhost/ a%toDeploy5.false/***6
4@A "ar file 8deployed as an archi#e inside "ebapps9 &&6
4Context doc(ase5.myapp)*"ar/ 16
41!ost6
417ngine6
41Ser#ice6
conf/server.xml
1A 1A
Declaring a context inside ser#er*xml
4Ser#ice ***6
47ngine ***6
4!ost name5.localhost/ a%toDeploy5.false/***6
4@A "ar file 8deployed as an archi#e inside "ebapps9 &&6
4Context doc(ase5.myapp)*"ar/16
4@A directory 8deployed as an exploded directory inside "ebapps9 &&6
4Context doc(ase5.myappB/16


4Context doc(ase5.1home1tomcat1external&"ebapps1myappC/16

4Context doc(ase5.1home1tomcat1external&"ebapps1myapp)*"ar/
path5.1app)/ 16
41!ost6
417ngine6 41Ser#ice6
4Ser#ice ***6
47ngine ***6
4!ost name5.localhost/ a%toDeploy5.false/***6
4@A "ar file 8deployed as an archi#e inside "ebapps9 &&6
4Context doc(ase5.myapp)*"ar/16
4@A directory 8deployed as an exploded directory inside "ebapps9 &&6
4Context doc(ase5.myappB/16


4Context doc(ase5.1home1tomcat1external&"ebapps1myappC/16

4Context doc(ase5.1home1tomcat1external&"ebapps1myapp)*"ar/
path5.1app)/ 16
41!ost6
417ngine6 41Ser#ice6
Deployed archive
4xploded directory
4xternal directory
conf/server.xml
http+!!localhost+,-,-!app1
2- 2-
Reloadable contexts
Application reloaded if any file of W7(&I3'1classes or W7(&I3'1lib
ha#e changed
De#elopment setting

)ot recommended in a prod$ction environment


4Context doc(ase5.myapp)/ reloadable5.false/ 6
41Context6
4Context doc(ase5.myapp)/ reloadable5.false/ 6
41Context6
)ame for this attrib$te is misleading" All applications are
reloadable" This attrib$te instead enables a$to8reload"
21 21
The ROOT context
Defines "hich application sho%ld be installed on
http,11localhost,=<=<1
If a WAR file is %sed$ it sho%ld be called ROOT*"ar
If a directory is %sed$ it sho%ld be called ROOT
If a context file is %sed$ it sho%ld be called ROOT*xml
4Context 16
?
41Context6
4Context 16
?
41Context6
conf/catalina/localhost/'((T.xml
22 22
Topics in this session
7imple application deployment
Tomcat Manager
Declaring contexts for deployment
Ad#anced deployment
23 23
a%toDeploy #s deployOnStart%p
deployOnStart%p5.tr%e/

Deploys applications in the HostIs app&ase directory when Tomcat


starts $p
a%toDeploy5.tr%e/

After deployment2 contin$es to scan app&ase for changes

The whole application will be redeployed every time


7xplicit context declaration is only re-%ired

if both deployJn7tart$p and a$toDeploy are disabled


Defa$lt val$e is =tr$e> for those 2 attrib$tes
2% 2%
Commonly %sed prod%ction config%ration
deployOnStart%p5.tr%e/ a%toDeploy5.false/

7afeg$ards against r$ntime redeployments based on file timestamps

A simple way to $pdate an application is to p$t it in the webapps folder and


restart tomcat
4Ser#er ****6
4Ser#ice ***6
47ngine name5.myengine/6
4!ost name5."""*foo*com/ app(ase5/"ebapps/
deployOnStart%p5/tr%e/ a%toDeploy5/false/16
41!ost6
417ngine6
41Ser#ice6
41Ser#er6
4Ser#er ****6
4Ser#ice ***6
47ngine name5.myengine/6
4!ost name5."""*foo*com/ app(ase5/"ebapps/
deployOnStart%p5/tr%e/ a%toDeploy5/false/16
41!ost6
417ngine6
41Ser#ice6
41Ser#er6
conf/server.xml
2. 2.
Using A3T for simple deployment
A3T is a b%ild tool %sed for deployment
A3T is controlled by a b%ild*xml file
Can be %sed to b%ild a WAR file %sing a target
Deploy file to "ebapps directory %sing a target
Refer to docs1man%al1t%torial&"riting&tas2s*html

(n yo$r A)T install directory

As reference for getting started


Apache A)T can be downloaded from here+
http+!!ant"apache"org!bindownload"cgi
2/ 2/
A3T and Dspc
Dspc can be %sed for the follo"ing reasons,

5recompile K75 pages for fast initial invocation of K75 pages"

'hecG syntax of pages witho$t deploying them"


An A3T target can be "ritten to precompile ESF files
9target name:;#spLprecompile;<
9mGdir dir:;MN#sp"generated"src"dirO;!<
9mGdir dir:;MN#sp"classes"dirO;!<
9#ava classname:;org"apache"#asper"Ksp'; forG:;yes;<
9classpath refid:;tomcat"#sp"classpath;!<
9arg line:;8$riroot MN#sp"src"dirO 8d MN#sp"generated"src"dirO
8p MN#sp"pacGage"nameO 8webapp MN#sp"src"dirO;!<
9!#ava<
9!target<
9target name:;#spLprecompile;<
9mGdir dir:;MN#sp"generated"src"dirO;!<
9mGdir dir:;MN#sp"classes"dirO;!<
9#ava classname:;org"apache"#asper"Ksp'; forG:;yes;<
9classpath refid:;tomcat"#sp"classpath;!<
9arg line:;8$riroot MN#sp"src"dirO 8d MN#sp"generated"src"dirO
8p MN#sp"pacGage"nameO 8webapp MN#sp"src"dirO;!<
9!#ava<
9!target<
A complete precompile script is available here+
http+!!people"apache"org!PfhaniG!precompile"html
26 26
S%mmary
Simple application deployment
Tomcat +anager
Declaring contexts for deployment
Ad#anced deployment

a%toDeploy #s deployOnStartUp

A3T scripting

Frecompiling ESFs

A3T for remote deployment


2, 2,
G%estions?
11
Web Application Deployment Lab
2 CONFIDENTIAL 2 CONFIDENTIAL
Windows Instructions
Web application deployment

WAR, XML file, WAR file using XML file


Changing the Host deployment options

Changing automati !e"lo#ment


Remote deployment using Apache Ant

Ena$le the manage%

Install A"ahe Ant

C%eate $uil!&'ml

De"lo#ing a""liation (ith a "%o"e%ties file

)sing *s" to "%e+om"ile ,-. files


/ CONFIDENTIAL / CONFIDENTIAL
Linux Instructions
Web application deployment

WAR, XML file, WAR file using XML file


Changing the Host deployment options

Changing automati !e"lo#ment


Remote deployment using Apache Ant

Ena$le the manage%

Install A"ahe Ant

C%eate $uil!&'ml

De"lo#ing a""liation (ith a "%o"e%ties file

)sing *s" to "%e+om"ile ,-. files


11
Large Scale Deployments
22
Topics in this Session
CATALINA_HOME and CATALINA_BASE
Working with a Shared Layout
JDK Migration
Tomcat Migration
33
CATALINA_HOME and CATALINA_BASE
CATALINA_HOME

tomcat installation path

Can be shared among multiple tomcat !S"# instances


CATALINA_BASE

$elies on C!T!L%&!'()M"

Contains instance*speci+ic +iles


HOME
!S" , !S" - !S" .
/usr/tomcat0/instance',
/usr/tomcat0/apache*tomcat*1232-3
/usr/tomcat0/instance'- /usr/tomcat0/instance'.
44
Dea!lt layo!t and Shared layo!t
Dea!lt layo!t

C!T!L%&!'()M" 4 C!T!L%&!'!S"

5attern you ha6e +ollowed so +ar in this course

&ot ideal +or large scale applications


Shared layo!t

single copy o+ Tomcat ()M"# shared among multiple instances#

()M"# install holds common libs and con+iguration

%nstances mostly contain +iles that are instance*speci+ic

Makes Tomcat migrations much easier


C!T!L%&!'()M" and C!T!L%&!'!S" are 7ust the names in
the batch/shell script2 They translate into J8M startup arguments
9*Dcatalina2home *Dcatalina2base:
55
Startup Scripts
Start!p scripts
;start< ;stop<
bin/
catalina"#sh$%at&
startup29sh=bat:
shutdown29sh=bat:
;in6okes<
;in6okes<
'(M La!nch
setclasspath29sh=bat: seten629sh=bat:
Setting !p CATALINA_HOME and CATALINA_BASE is !s!ally done in
start!p scripts
66
Setting !p CATALINA_HOME and CATALINA_BASE
Each )BASE* instance points to the CATALINA_HOME install directory

%nside /bin/seten629sh=bat:
$eminder> seten629sh=bat: is not shipped with tomcat2 %t should be
created manually2
CATALINA_HOME+,!sr,local,tomcat-,apache.tomcat./"0"12
CATALINA_BASE+,!sr,local,tomcat-,instance_3
'A(A_HOME+,!sr,local,tomcat-,4d53"/"0_32
instance_1/bin/setenv.(sh|bat)
77
E-tended conig!ration
The ollo6ing 7aria%les can %e speciied8

J!8!'()M"

J!8!')5TS

C!T!L%&!')5TS

C!T!L%&!'()M"

C!T!L%&!'!S"

C!T!L%&!'TM5D%$

C!T!L%&!'5%D
They can also %e deined as en7ironment 7aria%les
All these are read %y catalina"#sh$%at&

%+ no 6alue e0ists? de+aults are assigned


88
The %ig pict!re
Let9s tie e7erything together
,!sr,local,tomcat-,e-ample,
. 4d53"/"0_32
. apache.tomcat./"0"12,
. instance_3
. %in
. con
. logs
. temp
. 6e%apps
. 6or5
CATALINA_HOME+,!sr,local,tomcat-,apache.tomcat./"0"12
CATALINA_BASE+,!sr,local,tomcat-,instance_3
'A(A_HOME+,!sr,local,tomcat-,4d53"/"0_32
CATALINA_:ID+;CATALINA_BASE,logs,tomcat"pid
instance_1/bin/setenv.(sh|bat)
99
Adding more instances
seten7"#sh$%at& gi7es the le-i%ility to c!stomi<e each instance
=or e-ample i instance_1 is added8
CATALINA_HOME+,!sr,local,tomcat-,apache.tomcat./"0"12
CATALINA_BASE+,!sr,local,tomcat-,instance_1
'A(A_HOME+,!sr,local,tomcat-,4d53"/"0_32
CATALINA_:ID+;CATALINA_BASE,logs,tomcat"pid
instance_2/bin/setenv.(sh|bat)
10 10
Topics in this Session
C!T!L%&!'()M" and C!T!L%&!'!S"
>or5ing 6ith a Shared Layo!t
JDK Migration
Tomcat Migration
11 11
Limitations the Dea!lt Layo!t
Dea!lt layo!t8 CATALINA_HOME + CATALINA_BASE
Tedio!s 6hen 6or5ing 6ith n!mero!s instances

Lots o+ copying and pasting

@iles such as ser6er20ml and logging2properties ha6e to be edited +or each instance
Tomcat migrations can %e a656ard

(ow do % know which +iles should be migratedA

More on that later


12 12
Creating a Shared Layo!t
,!sr,local,tomcat-,shared,
. 4d53"/"0_32
. apache.tomcat./"0"12,
r!n"#sh$%at&
. shared,
. instance_s5eleton,
. instance_3,
. instance_1,
. instance_n,
Common practice8 !se a template to create instances

instances# are created by copying instance'skeleton into instance',? instance'- B


instance'n etc2
A regular Tomcat install
Control script
Shared instance data CATA!"#A$%&'()
*sed at the template to create instances
An instance o+ a Tomcat ser,er
The abo6e is 7ust one common e0ample o+ shared layout2 "ach
organiCation should adapt it to its own needs
13 13
Creating a Shared Layo!t
Instances can share conig!ration iles
,!sr,local,tomcat-,shared,
. 4d53"/"0_32
. apache.tomcat./"0"12,
r!n"#sh$%at&
. shared,
. con,
logging"properties
ser7er"-ml
tomcat.!sers"-ml
. logs,
. instance_s5eleton,
. instance_3,
. instance_1,
. instance_n,
C!T!L%&!'()M"
14 14
Creating a Shared Layo!t
instance_3,
. %in,
seten7"#sh$%at&
. con,
catalina"properties
. logs,
. 6e%apps,
. 6or5,
. temp,
Conig!ration iles can %e deined at the instance le7el
seten7"#sh$%at& and catalina"properties are instance speciic
"nstance-speci+ic ./' options
"nstance con+iguration
catalina0out goes here
"nstance applications
"nstance 1or2 director3
"nstance temp director3
15 15
:riority %et6een CATALINA_HOME and CATALINA_BASE
>hen CATALINA_BASE is deined

Tomcat prioritiCes C!T!L%&!'!S" +or the +ollowing directories>


D con+
D logs
D shared
D temp
D webapps
D work
16 16
Setting !p a shared ser7er"-ml ile #3&
ser7er"-ml not re?!ired at the instance le7el

Can be inherited +rom the shared con+iguration


Ho6e7er@ sometimes 4!st a e6 properties change rom one
instance to the other

(ttp port

Shutdown port
catalina"properties can %e !sed or c!stomi<ing properties at the
instance le7el
A shared ser7er"-ml ile is commonly !sed 6hen the same
application is r!nning on m!ltiple instances
17 17
Setting !p a shared ser7er"-ml ile #1&
ASer7er port+B;Csh!tdo6n"portDB sh!tdo6n+BSHETDO>NBF
AConnector port+B;Chttp"portDB protocol+BHTT:,3"3B
ConnectionTimeo!t+B10000B ,F
A,ConnectorF
A,Ser7erF
shared/conf/server.xml
sh!tdo6n"port+200G
http"port+2020
instance_1/conf/catalina.properties
18 18
Conig!ration8 logging"properties
3catalina"org"apache"4!li"=ileHandler"le7el+=INE
3catalina"org"apache"4!li"=ileHandler"directory +
;Ccatalina"%aseD,"",shared,logs
3catalina"org"apache"4!li"=ileHandler"prei- +
;Ccatalina"instanceD"catalina"
By dea!lt@ sho!ld %e conig!red at the shared le7el

run2bat script only reads this +ile at the shared le6el

Still can rely on properties de+ined in catalina2properties at the instance le6el


At H!ntime@ each instance gets its o6n log iles
shared/conf/logging.properties
Custom 6ariable created +or this e0ample2
Can be de+ined at the instance le6el
inside con+/catalina2properties
19 19
'(M options
CATALINA_O:TS+*.Im-G31m .Iss3J15*
'(M options sho!ld %e deined at the instance le7el

%nside seten62sh
instance_1/bin/setenv.sh
20 20
Topics in this Session
C!T!L%&!'()M" and C!T!L%&!'!S"
Working with a Shared Layout
'DK Migration
Tomcat Migration
21 21
'DK Migration8 Dea!lt Layo!t
Hecall the older layo!t mentioned in )dea!lt layo!t* section
Let9s e-amine it again
,!sr,local,tomcat-,e-ample,
. 4d53"/"0_32
. apache.tomcat./"0"12,
. instance_3
. %in
. con
. logs
. temp
. 6e%apps
. 6or5
'A(A_HOME+,!sr,local,tomcat-,4d53"/"0_32
instance_1/bin/setenv.(sh|bat)
22 22
'DK Migration8 Dea!lt Layo!t
No6 let9s migrate to 4d53"/"0_13
Here is the layo!t again
,!sr,local,tomcat-,e-ample,
. 4d53"/"0_32
. 4d53"/"0_13
. apache.tomcat./"0"12,
. instance_3
. %in
. con
. logs
. temp
. 6e%apps
. 6or5
'A(A_HOME+,!sr,local,tomcat-,4d53"/"0_13
instance_1/bin/setenv.(sh|bat)
4ne15 .67 +or 'igration
23 23
'DK Migration
Only change re?!ired is in instance_3,%in,seten7"sh
:oint 'A(A_HOME to the ne6 'DK and 6e9re done
=ollo6 same process or do6ngrading in case something goes 6rong
24 24
Topics in this Session
C!T!L%&!'()M" and C!T!L%&!'!S"
Working with a Shared Layout
JDK Migration
Tomcat Migration
25 25
Tomcat Migration
Most important thing d!ring a prod!ction !pgrade8

(ow to downgrade/roll back i+ something goes wrong


>ith Tomcat@ that9s easy@ 5eep m!ltiple installations
Epgrading 6ill %e disc!ssed or each o the t6o layo!ts
26 26
Tomcat Migration8 Dea!lt Layo!t
CATALINA_HOME + CATALINA_BASE
Best practice8 al6ays 5eep the pre7io!s install in case something goes
6rong
instance.speciic iles that yo! ha7e !pdated sho!ld %e copied man!ally

Con+iguration +iles

!pplication +iles
It9s hard to 5eep trac5
,!sr,local,tomcat-,
. 4d53"/"0_13
. tomcat./"0"12.instance_3
. tomcat./"0"12.instance_1
,!sr,local,tomcat-,
. 4d53"/"0_13
. (tomcat-6.0.28-instance_1)
- (tomcat-6.0.28-instance_2)
. tomcat.L"0"G.instance_3
. tomcat.L"0"G.instance_1
Before
After
27 27
Tomcat Migration8 Shared Layo!t
>ith a shared layo!t@ the migration path is m!ch easier

%nstances do not ha6e to be updated

Eou should still test your application properly to make sure there is no regression
r!n"#sh$%at& is !sed to start,stop all instances

5ro6ides ability to switch 9upgrade/downgrade: J8M/Tomcat 6ersions without changing


any con+iguration

Locate C!T!L%&!'()M" setting in script to upgrade/downgrade


,!sr,local,tomcat-,shared,
. 4d53"/"0_32
. tomcat./"0"12.shared,
. instance_3,
. instance_1,
,!sr,local,tomcat-,shared,
. 4d53"/"0_32
. #tomcat-6.0.28-shared/)
. tomcat.L"0"G.shared,
. instance_3,
. instance_1,
e+ore migration
!+ter migration
28 28
S!mmary
Tomcat pro7ides le-i%ility or large scale deployments

This ability is not automatically pro6ided

CustomiCe your own en6ironment


Ease o 'DK,Tomcat migration

Eou can ha6e se6eral 6ersions installed

Fpgrade/downgrade as necessary
29 29
M!estionsN
11
Large Scale Deployments Lab
2 CONFIDENTIAL 2 CONFIDENTIAL
Lab Instructions
Installing Apache Tomcat
Setting up the default layout
Setting up a shared layout
11
Advanced Tomcat Configurations
22
Topics in this Session
Valve Configurations
Database Connection Pools
Security Realms
Building Tomcat from source distribution
Creating and applying a patch
Class loaders in Tomcat 6
Adanced Topics
!!
Valves
Valves are request/response interceptors

Can modify the incoming re"uest

Can act on the re"uest

Can stop the re"uest all together

Can modify the response


User agent
Tomcat
Servlet
Servlet
Servlet
#ale
re"uest
response
#ales can be placed at the $ngine leel% at the &ost leel and at the
Conte't leel
((
Access Logging
Access Logging can be done using a valve

#ale logs information as soon as the re"uest is done

)ntrospects re"uest and response to generate output

Pattern similar to that of httpd

http*++tomcat,apache,org+tomcat-6,.-doc+config+ale,html
<Server ...
<Service name!"Catalina" #
<$ngine name!%Catalina% ...
<Valve class&ame!'org.apache.catalina.valves.AccessLogValve%
pattern!'(h (l (u (t (r (s (b%
director)!'logs% prefi*!'tomcat+access+% suffi*!'.log%/
...
</$ngine
</Service
</Server
conf/server.xml
Can also be configured
at the /&ost0 or
/Conte't0 leel
11
Access Logging
Sample output
,-,-,-,-,-,-,-. / / 0.1/2ec/3,.,-.4-.5-.6 /,5,,7 "8$T / 9TT:/..." 1,4 /
,-,-,-,-,-,-,-. / / 0.1/2ec/3,.,-.4-.5-.6 /,5,,7 "8$T /tomcat.gif 9TT:/..." 1,4 /
,-,-,-,-,-,-,-. / / 0.1/2ec/3,.,-.4-.5-.6 /,5,,7 "8$T /asf/logo/;ide.gif 9TT:/..." 1,4 /
,-,-,-,-,-,-,-. / / 0.1/2ec/3,.,-.4-.5-.6 /,5,,7 "8$T /tomcat/po;er.gif 9TT:/..." 1,4 /
,-,-,-,-,-,-,-. / / 0.1/2ec/3,.,-.4-.5-3< /,5,,7 "8$T /=$L$AS$/&>T$S.t*t 9TT:/..."
3,, ?@@<
logs/localhost_access_log
66
Access Control
2isallo; access to a ;eb application based on the incoming
connection

Place it in a /Conte't0 to only protect one app


<Valve
class&ame!'org.apache.catalina.valves.=emoteAddrValve%
allo;!'.36A.,A.,A..%
/

2nly allo3 connections from localhost

Regular e'pression so 4,4 needs to be escaped

Accessing from remote host 3ill result in (.! 5 6orbidden Page


conf/server.xml
77
Topics in this Session
#ale Configurations
2atabase Connection :ools
Security Realms
Building Tomcat from source distribution
Creating and applying a patch
Class loaders in Tomcat 6
Adanced Topics
88
2atabase Connection :ools
Bh) use connection poolsC

2pening a ne3 connection for each re"uest is costly

9aintains a cache of connections

)mproes response time


: Since a ne3 connection doesn4t hae to be created eery time
: Connection is fetched from an already created cache
Tomcat has built in support for connection pooling

Based on commons-dbcp pro;ect

Renamed to aoid conflicts 3ith applications that are also using


commons-dbcp
<<
2atabase Connection :ools

DB Serer
Connection
2b;ects
Application Serer+Tomcat
DB Connection
Pool
=DBC
DR)#$R
=aa
Code
1. 1.
Connection pool declaration
2efault configuration
<Server ...
<8lobal&aming=esources
<=esource t)pe!'Dava*.sql.2ataSource% # /
</8lobal&aming=esources
#
</Server
<Server ...
<8lobal&aming=esources
<=esource t)pe!'Dava*.sql.2ataSource%
factor)!'org.apache.tomcat.dbcp.dbcp.Easic2ataSourceFactor)%/
</8lobal&aming=esources
...
</Server
CustomiGed factor)
conf/server.xml
conf/server.xml
11 11
Connection pool declaration
Sample configuration Hm)sqlI
<Server ...
<8lobal&aming=esources
<=esource
t)pe!'Dava*.sql.2ataSource%
name!'m)conpool%
auth!'Container%
driverClass&ame!'com.m)sql.Ddbc.2river%
url!'Ddbc-m)sql-//localhost-11,@/m)sql%
username!'root%
pass;ord!'pass;ord%
ma*Active!'.,,%
validationJuer)!'select .%
test>nEorro;!'true%/
</8lobal&aming=esources
#
</Server
conf/server.xml
12 12
2ataSource looKup
&ame is used for looKups
<=esource
t)pe!'Dava*.sql.2ataSource%
name!'m)conpool% /
// Example code to retrieve connection
Context initctx = new InitialContext();
Context envctx = (Context) initctx.lookup(java:comp/env);
DataSource ds = (DataSource) envctx.lookup(myconpool);
Connection con = ds.getConnection();
Lnside the applicationM use the name for a looKup
conf/server.xml
type>?;aa',s"l,DataSource@ uses by default
org,apache,tomcat,dbcp,dbcp,BasicDataSource6actory
1! 1!
8lobal connection pool
Lf connection pool is global
<Server ...
<8lobal&aming=esources
<=esource t)pe!'Dava*.sql.2ataSource% name!'m)conpool%/
</8lobal&aming=esources
<Service name!"Catalina"
#
<$ngine name!%Catalina% ...
<9ost name!%localhost% ...
</9ost
</$ngine
</Service
</Server
conf/server.xml
1( 1(
8lobal connection pool
<Conte*t
<=esourceLinK global!'m)conpool% name!'m)conpool%/
</Conte*t
Be need to linK it to an application
META-INF/context.xml
11 11
Setting connection limits
ma*Bait N ho; long to ;ait for a connection HmillisI
ActiveM idle N siGe of the pool
<Server ...
<8lobal&aming=esources
<=esource
t)pe!'Dava*.sql.2ataSource%
name!'m)conpool%
ma*Active!'.,,% ma*Ldle!'3,%
Oa*Bait!'.,,,,% # /
</8lobal&aming=esources
#
</Server
conf/server.xml
ma', number of
connections that can
be allocated at the
same time
ma', number of
ms that the pool 3ill
3ait for a con, to be
returned before
thro3ing an e'ception
ma', number of
connections that can
stay idle in the pool
16 16
Validating connections
$ach time a connection is Pborro;edQ itQs validated
Used ;hen 2E times out and closes connections
<Server ...
<8lobal&aming=esources
<=esource
t)pe!'Dava*.sql.2ataSource% name!'m)conpool%
validationJuer)!'select .% test>nEorro;!'true%
#
/
</8lobal&aming=esources
#
</Server
conf/server.xml
17 17
2ebugging connection PleaKsQ
Lf a connection hasnQt been returned in 1, secM reclaim it and log a
debug message
Alternativel)M use a pool siGe of .
<Server ...
<8lobal&aming=esources
<=esource
t)pe!'Dava*.sql.2ataSource% name!'m)conpool%
removeAbandoned!'true% logAbandoned!'true%
removeAbandonedTimeout!'1,%
...
/
</8lobal&aming=esources
#
</Server
conf/server.xml
18 18
2atabase Configuration =eference
Configuration reference

http*++commons,apache,org+dbcp+configuration,html
1< 1<
Topics in this Session
#ale Configurations
Database Connection Pools
Securit) =ealms
Building Tomcat from source distribution
Creating and applying a patch
Class loaders in Tomcat 6
Adanced Topics
2. 2.
Securit) =ealms
A realm is

A collection of user credentials and user+role associations

Proides authentication against credentials

Proides authoriAation for 3eb application security constraints


A realm can be global

Placed inside /$ngine0


A realm can be application specific

Declared inside /Conte't0


21 21
Bhich =ealmC
User2atabase=ealm

Credentials and groups stored in an 'ml configuration file


: not inside a database% as the name could imply

Bot designed for large-scale production use


R2EC=ealm and 2ataSource=ealm

Credentials and groups stored in a Database


R&2L=ealm

Credentials and groups usually stored in an CDAP serer and accessed by a


=BD) proider
RAAS=ealm
22 22
User2atabase =ealms
User2atabase is defined as a resource
Sou can define multiple user database resources and have multiple
*ml files
<=esource
name!'User2atabase%
t)pe!'org.apache.catalina.User2atabase%
factor)!'org.apache.catalina.users.Oemor)User2atabaseFactor)%
pathname!'conf/tomcat/users.*ml%
/
Sample tomcat/users.*ml listing
<tomcat/users
<role rolename!"tomcat"/
<role rolename!"manager%/
<user username!"tomcat" pass;ord!"tomcat" roles!"tomcat"/
<user username!"Dohn" pass;ord!"Dohn.31" roles!"tomcatM manager"/
</tomcat/users
2! 2!
User2atabase =ealms
Create the realm
Sou can store )our pass;ords in digested format
<=ealm
class&ame!'org.apache.catalina.realm.User2atabase=ealm%
resource!'User2atabase%
digest!'O25%
/
Points to the resource
2( 2(
User2atabase =ealms
8enerate pass;ords in 'O25% format

;aa -cp +usr+local+tomcat+lib+catalina,;ar*+usr+local+tomcat+bin+tomcat-;uli,;ar


org,apache,catalina,realm,RealmBase -a 9D1 tomcat
$dit tomcat/users.*ml

Pass3ords no longer stored in clearte't


<tomcat/users
<role rolename!"tomcat"/
<role rolename!"manager%/
<user username!"tomcat"
pass;ord!".b15<d?651?5?b55befa,44.,@6aaed1" roles!"tomcat"/
<user username!"Dohn" pass;ord!"@e,b6,6@.3@a3<d5dfcbd54?151?6b6b"
roles!"tomcatM manager"/
</tomcat/users
conf/tomat-users.xml
Clearte't pass3ord
21 21
2atabase =ealms
R2EC=ealm

Connects to a database to retriee user credentials

Dses a single connection

2ne authentication at a time


2ataSource=ealm

Scales better than =DBCRealm


: Relies on a preconfigured connection pool

EorFs in the same 3ay as =DBCRealm

Supports multithreading
26 26
2atabase =ealms
Can ;orK ;ith customiGed tables/columns
Sample user table
Sample user+roles table
userGname userGpass
;ohn secret<<
bill secret(!
userGname roleGname
;ohn manager
bill manager
bill admin
27 27
R2EC =ealm Configuration
R2EC =ealm using e*ample tables
<=ealm
class&ame!'org.apache.catalina.realm.R2EC=ealm%
driver&ame!'org.gDt.mm.m)sql.2river%
connectionU=L!'Ddbc-m)sql-//localhost/authorit)%
connection&ame!'test%
connection:ass;ord!'test%
userTables!'users%
user&ameCol!'user+name%
userCredCol!'user+pass%
user=oleTable!'user+roles%
role&ameCol!'role+name%
digest!'S9A%
/
28 28
2ataSource =ealm Configuration
2ataSource =ealm using e*ample tables
Global DataSource
<=ealm
class&ame!'org.apache.catalina.realm.2ataSource=ealm%
dataSource&ame!'m)conpool%
local2ataSource!'false%
userTables!'users%
user&ameCol!'user+name%
userCredCol!'user+pass%
user=oleTable!'user+roles%
role&ameCol!'role+name%
digest!'S9A%
/
2< 2<
R&2L =ealms
Rava &aming T 2irector) Lnterface
Used to interface ;ith L2A: servers
T;o ;a)s to authenticate

bind 5 use the credentials to open up a connection

compare 5 ;ust liFe a DB realm% looF up the credentials and do a compare


!. !.
L2A: Eind Authentication
User credentials used in step 3
Tomcat
Dser )nfo
connect re"uest
looFup
CDAP
1 2 !
!1 !1
L2A: Comparison Authentication
S)stem credentials used in step 3
Rust liKe a 2E realm
Tomcat
Dser )nfo
connect re"uest
looFup
CDAP
1 2 !
Compare
Pass3ord
(
retriee
!2 !2
Eind Oode Configuration
User credentials to login
Anon)mous connection for role search
<=ealm
class&ame!'org.apache.catalina.realm.R&2L=ealm%
connectionU=L!'ldap-//localhost-1?<%
user:attern!'uid!U,VMou!peopleMdc!m)compan)Mdc!com%
roleEase!'ou!peopleMdc!m)compan)Mdc!com%
role&ameCol!'cn%
roleSearch!'HuniqueOember!U,VI%
/
!! !!
Comparison Oode Configuration
http-//tomcat.apache.org/tomcat/@.,doc/realm/ho;to.htmlWR&2L=ealm
<=ealm
connection&ame!'cn!OanagerMdc!m)compan)Mdc!com%
connection:ass;ord!'secret%
class&ame!'org.apache.catalina.realm.R&2L=ealm%
connectionU=L!'ldap-//localhost-1?<%
user:attern!'uid!U,VMou!peopleMdc!m)compan)Mdc!com%
roleEase!'ou!peopleMdc!m)compan)Mdc!com%
role&ameCol!'cn%
roleSearch!'HuniqueOember!U,VI%
/
!( !(
Form Eased Authentication
Dser authentication using a form re"uires defining

security constraint

login configuration

Security roles to be referenced


These hae to be defined in 3eb,'ml
!1 !1
;eb.*ml
2efine a Securit) Constraint
<C*ml version!"..," encoding!"LS>/??5</."C
<;eb/app *mlns!"http-//Dava.sun.com/*ml/ns/D3ee" ...
...
<securit)/constraint
<displa)/name$*ample Securit) Constraint</displa)/name
<;eb/resource/collection
<;eb/resource/name:rotected Area</;eb/resource/name
<url/pattern/X</url/pattern
<http/method8$T</http/method
<http/method:>ST</http/method
</;eb/resource/collection
<auth/constraint
<role/namemanager</role/name
</auth/constraint
</securit)/constraint
...
WEB-INF/web.xml
!6 !6
;eb.*ml
2efine the Login Configuration
#
<login/config
<auth/methodF>=O</auth/method
<realm/name$*ample Form/Eased Authentication Area</realm/
name
<form/login/config
<form/login/page/B$E/L&F/login.Dsp</form/login/page
<form/error/page/B$E/L&F/error.Dsp</form/error/page
</form/login/config
</login/config
...
WEB-INF/web.xml
!7 !7
;eb.*ml
2efine references to securit) roles

Roles hae been declared inside tomcat realms as seen earlier


#
<securit)/role
<role/namemanager</role/name
<role/nameshopYeeper</role/name
</securit)/role
</;eb/app
WEB-INF/web.xml
!8 !8
Single Sign >n
Proides ability for a user to be authenticated once 3hen connecting to
seeral applications
Tomcat proides SS2 at the host leel

Targets all applications 3ithin a gien irtual host

2nly the authentication is shared

Session attributes are not shared amongst 3eb applications


!< !<
SS> configuration in server.*ml
Add single sign on valve
<Server ...
<Service ...
<$ngine name!"Catalina" default9ost!"localhost"
...
<9ost name!"localhost" appEase!";ebapps" ...
<Valve class&ame!"org.apache.catalina.authenticator.SingleSign>n" /
...
</9ost
</$ngine
</Service
</Server
conf/server.xml
Defined at the host leel
Applies to all conte'ts for this host
(. (.
Conte*ts and Single Sign >n
Conte*ts in the same host share the same authentication
Shared authentication
(1 (1
Topics in this Session
#ale Configurations
Database Connection Pools
Security Realms
Euilding Tomcat from source distribution
Creating and applying a patch
Class loaders in Tomcat 6
Adanced Topics
(2 (2
Euilding Tomcat
=equirements

=DH 1,1

I=DH 1,6 3ill not compile DBCP pacFageJ

Ant 1,7

Subersion I3hen building from S#BJ


(! (!
Euilding Tomcat
From source distribution

apache-tomcat-6,.,'-src,Aip

apache-tomcat-6,.,'-src,tar,gA
UnpacK it
Create build.properties
Euild tomcat on the command line
W base.path is used to do;nload dependencies
base.path!/m)tc@/libs
W 2o;nload dependencies and build 2EC:
ant do;nload
W Euild Tomcat
ant
W output found in ./output/build
(( ((
Topics in this Session
#ale Configurations
Database Connection Pools
Security Realms
Building Tomcat from source distribution
Creating and appl)ing a patch
Class loaders in Tomcat 6
Adanced Topics
(1 (1
:atching Tomcat
Sometimes itQs necessar) to patch )ou server

BugKs fi'ed% but no release yet aailable

Custom code put into TomcatKs code base


>ne ;a) is to maKe )our change and compile Tomcat

Replace the =AR file that is affected

Earning* it is easy lose tracF of 3hat files 3ere fi'ed


(6 (6
:atching Tomcat
To tracK )our changes
TaKe the .class file
And put it in CATALL&A+9>O$/lib
OaKe sure )ou have the right director) structure
(7 (7
:atching Tomcat
To tracK )our changes
.class files ;ill be loaded before contents of a RA= file
6or tracFing
CATALL&A+9>O$
lib
org
apache
tomcat
util
http
ServletCooKie.class
ServletCooKie.Dava
(8 (8
Topics in this Session
#ale Configurations
Database Connection Pools
Security Realms
Building Tomcat from source distribution
Creating and applying a patch
Class loaders in Tomcat @
Adanced Topics
(< (<
Class loaders
A loaded class in a RVO is unique through

The namespace

The class loader that it 3as loaded from


$*ample

org,apache,tomcat,util,http,SererCooFie

org,apache,catalina,loader,StandardClassCoaderL18.2.cc
Coaded class
Class loader
1. 1.
Class loaders
Eenefits

Coad multiple ersions of the same class

Reload 3eb applications

)solate runtime enironments from each other


Bhat is a class loader

Proper name should hae been Mclass locatorK

As the actual loading happens inside the =#9


11 11
Class loaders
Bhat is itC

Class loaders in =aa locate the ,class to be loaded

The class loader that ?locates@ the class% is the responsible class loader

Class loaders are hierarchical


12 12
Class loaders
bootstrap CL
S)stem CL
Tomcat
Common CL
Tomcat
Server CL
Tomcat
Shared CL
=#9 )nternal
Tomcat CC
catalina,properties
=aa command line
-classpath
1! 1!
Class loaders
Beb app CL Beb app CL
CATAC)BAG&29$+lib
E$B-)B6+lib
E$B-)B6+classes
Tomcat
Common CL
Tomcat
Server CL
Tomcat
Shared CL
1( 1(
Class loaders
catalina.properties
Wclass loader definitions
common.loader!ZUcatalina.homeV/libMZUcatalina.homeV/lib/X.Dar
Wno classes loaded b) the server CL
server.loader!
Wno classes loaded b) the shared CL
shared.loader!
11 11
Summar)
Valve Configurations

Access Cogging

Re"uest debug

Access Control
2atabase Connection :ools

6actories

Configuration
Securit) =ealms

Realm placement 3ithin configuration files

Realm Types and related configuration

Single Sign 2n
16 16
Summar)
Euilding Tomcat from source distribution

Re"uirements for building

Building tomcat from source


Creating and appl)ing a patch

Ehy it4s necessary to sometimes patch tomcat

Heeping tracF of changes

Ehere to place the ?patch@


Class loaders in Tomcat @

Ehat is a class loaderN

Benefits of class loading

Class loader hierarchy


17 17
JuestionsC
18 18
Advanced Topics
1< 1<
Advanced topics
Euilding Tomcat from SV&
$nable log(;
Running 3ith a security manager
=9S BroFers
6. 6.
Euilding Tomcat
From SV&
8et the source first
W checK out the tree )ou ;ant / trunK
svn co http-//svn.apache.org/repos/asf/tomcat/trunK tctrunK
W checK out the tree )ou ;ant / @.,.* branch
svn co http-//svn.apache.org/repos/asf/tomcat/tc@.,.*/trunK tc@.,.*
W checK out the tree )ou ;ant / trunK
svn co http-//svn.apache.org/repos/asf/tomcat/trunK tctrunK
W checK out the tree )ou ;ant / @.,.* branch
svn co http-//svn.apache.org/repos/asf/tomcat/tc@.,.*/trunK tc@.,.*
61 61
Euilding Tomcat
Create build.properties
Specif) base.path
W Set location for saving of do;nloaded libraries
base.path!/libs/tc@.,.*/deps
62 62
Euilding Tomcat
Euild it
W 2o;nload dependencies and build 2EC:
ant do;nload
W Euild Tomcat
ant
W output found in ./output/build
6! 6!
Euilding Tomcat
Create release pacKages
W 2o;nload dependencies and build 2EC:
ant do;nload
W Euild Tomcat
ant
W Euild the e*tras pacKage
ant Nf e*tras.*ml
W Euild the release pacKage
ant Nf dist.*ml release
W output found in ./output/build
6( 6(
Topics in this Session
Building Tomcat from S#B
$nable log4D
Running 3ith a security manager
=9S BroFers
61 61
$nable log4D
First )ou must build the e*tras pacKage
Be did this in previous step
W 2o;nload dependencies and build 2EC:
ant do;nload
W Euild the Tomcat pacKage Hto maKe sure it ;orKsI
ant
W Euild the e*tras pacKage
ant Nf e*tras.*ml
66 66
$nable log4D
Cop) the libraries
O replace tomcat-;uli,;ar
cp ,+output+e'tras+tomcat-;uli,;ar TCG&29$+bin
O Put in the adapter pacFage
cp ,+out+e'tras+tomcat-;uli-adapters,;ar TCG&29$+lib
O Put in the log(; pacFage
cp output+e'tras+logging+commons-logging-1,1,1-src+log(;-1,2,12,;ar TCG&29$+lib
O replace tomcat-;uli,;ar
cp ,+output+e'tras+tomcat-;uli,;ar TCG&29$+bin
O Put in the adapter pacFage
cp ,+out+e'tras+tomcat-;uli-adapters,;ar TCG&29$+lib
O Put in the log(; pacFage
cp output+e'tras+logging+commons-logging-1,1,1-src+log(;-1,2,12,;ar TCG&29$+lib
&e*t stepM configure log4D propert) file
67 67
$nable log4D
TC+9>O$/lib/log4D.properties
$ver)thing goes to a single fileM L&F> level
log4D.rootLogger!L&F>M =
log4D.appender.=!org.apache.log4D.=ollingFileAppender
log4D.appender.=.File!ZUcatalina.homeV/logs/tomcat.log
log4D.appender.=.Oa*FileSiGe!.,OE
log4D.appender.=.Oa*EacKupLnde*!.,
log4D.appender.=.la)out!org.apache.log4D.:atternLa)out
log4D.appender.=.la)out.Conversion:attern!(p (t (c / (m(n
68 68
$nable log4D
Tomcat RULL still creates , length log files

)t is still reading the logging,properties file


BorKarounds

Delete the logging,properties file /2R0

Remoe the settings to it from catalina,batPsh


6< 6<
Topics in this Session
Building Tomcat from S#B
$nable log(;
=unning ;ith a securit) manager
=9S BroFers
7. 7.
Securit) Oanager
Euilt in Rava/RVO features
Lets )ou put ACL on code itself
:rett) complicated

Qou need to Fno3 3hat the code does in order to grant the right permissions
71 71
Securit) Oanager
Tomcat has a predefined polic) file

conf+catalina,policy
This one ;orKs for Tomcat

Permissions set for the Tomcat code base

Does not hae any permissions set for 3eb applications


72 72
Securit) Oanager
Launch ;ith securit) manager

startup,batPsh 5security

catalina,batPsh run 5security


Oodified the Rava cmd line

-D;aa,security,manager

-D;aa,security,policy>>,,RconfRcatalina,policy
7! 7!
Topics in this Session
Building Tomcat from S#B
$nable log(;
Running 3ith a security manager
ROS EroKers
7( 7(
ROS EroKers
ROS N Rava Oessage Service
Oan) usages

)ntegration 3ith remote systems

Decoupling 3orF from the re"uest thread

and 3hateer your imagination maFes it doS


Be ;ill sho; ho; to setup activeOJ in Tomcat
http-//activemq.apache.org/
71 71
ROS Configuration
=equirements

Put =9S libraries in TomcatKs lib directory


Factor) is required
Sample
<=esource
t)pe!'org.apache.activemq.ActiveOJConnectionFactor)%
name!'Dms/ConnectionFactor)%
factor)!'org.apache.activemq.Dndi.R&2L=eferenceFactor)%
broKerU=L!'vm-//localhost%
broKer&ame!'LocalActiveOJEroKer%
/
META-INF/context.xml
76 76
ROS Jueue
Creating a ROS Jueue
=ef- http-//activemq.apache.org/tomcat.html
<=esource
t)pe!'org.apache.activemq.command.ActiveOJJueue%
name!'Dms/m)queue%
factor)!'org.apache.activemq.Dndi.R&2L=eferenceFactor)%
ph)sical&ame!'F>>.EA=%
/
META-INF/context.xml
77 77
ROS Topic
Creating a ROS Topic
=ef- http-//activemq.apache.org/tomcat.html
<=esource
t)pe!'org.apache.activemq.command.ActiveOJTopic%
name!'Dms/m)topic%
factor)!'org.apache.activemq.Dndi.R&2L=eferenceFactor)%
ph)sical&ame!'F>>.EA=%
/
META-INF/context.xml
11
Advanced Tomcat Configurations Lab
Part 1
22
Topics in this Session
Access log valve and patterns
Request dumper valve
RemoteAddrValve
Connection pooling - global and context specific
J!C"atasource Realm
Single Sign #n
11
httpd Web Connectors
Using Apache httpd as a front end to Apache Tomcat
22
Topics in this Session
Introduction
Topologies
Why Apache?
HTTPD Connectors
Configuring Connectors
When to use mod_!" mod_pro#y_ap" mod_pro#y_http
$$
What is Apache?
Apache httpd is a web server

Can %e used &ith applications &ritten in many languages

'a(a" Perl" Python" PHP)))


Can be used as a front-end server for Tomcat

Apache can ser(e static content *html files" images)))+

,ore complicated deployment in that case *not ust a &ar file+


Apache is not the only way to serve static content

A load %alancer can %e used for sending images to Apache


Apache httpd was the first Apache Software Foundation project

Tomcat follo&ed - years later


--
Topics in this Session
.ntroduction
Topoloies
Why Apache?
HTTPD Connectors
Configuring Connectors
When to use mod_!" mod_pro#y_ap" mod_pro#y_http
//
Available Topoloies
!ow can we leverae Apache and Tomcat from an infrastructure
standpoint?

Apache" Tomcat" D0

1oad 0alancer" Apache" Tomcat" D0

1oad 0alancer" Tomcat" D0

1oad 0alancer" Apache2Tomcat" D0


"et#s e$plore these scenarios now
33
Apache% Tomcat and &'
Client
Apache
httpd
Tomcat
4e5uest
4esponse
D0
Apache serves static content
Apache lets Tomcat serve dynamic content
&ynamic content re(uires one more networ) hop

The actual re5uest &ill ta!e up 2 threads


6 1 httpd thread and 1 tomcat thread

,ore system resources are used


77
"oad 'alancer% Apache% Tomcat and &'
Client
Apache
httpd
Tomcat
4e5uest
4esponse
D0
"oad 'alancer directin re(uests to Apache
Apache serves static content
&ynamic content sent to Tomcat

ser(es content through '8P28er(lets


1oad
0alancer
99
"oad 'alancer% Tomcat and &'
Client
1oad
0alancer
Tomcat
4e5uest
4esponse
D0
"oad 'alancer directs re(uest to Tomcat
Tomcat serves

8tatic content through a ser(let

Dynamic content through '8P28er(lets


::
"oad 'alancer% Apache*Tomcat and &'
Client
Apache
httpd
Tomcat
4e5uest
4esponse
D0
"oad 'alancer+

Directs static re5uests to Apache

Directs dynamic content to Tomcat


In this scenario with front end load balancer

Consider using a separate conte#t2hostname

content)mycompany)com for Tomcat2dynamic

static)mycompany)com for http2static


1oad
0alancer
Some "oad balancers can do+

http;22mycomp)com2images2foo)pg
< Apache HTTPD

http;22mycomp)com2sps2foo)sp
< Tomcat

This is %etter for 881 generally


1= 1=
Topics in this Session
.ntroduction
Topologies
Why Apache?
HTTPD Connectors
Configuring Connectors
When to use mod_!" mod_pro#y_ap" mod_pro#y_http
11 11
SS" ,erformance
Stoc) installations of Tomcat perform poorly with SS"

Tomcat uses the a(a implementation of 881 *'88>+

'88> is (ery slo& and utili?es a lot of memory


Apache ,ortable -untime .A,-/ connector

.ntroduced in tomcat (ersion /

Uses same 881 implementation as Apache httpd

4e5uires nati(e code *)so or )dll li%raries+


0SS1 re(uires a )eystore

,anaging these re5uire more &or!

Compared to normal certificate files


2se SS" Session Cache

&hen not using !eep@ali(e


12 12
Static Content ,erformance
Tomcat serves up static content throuh a servlet
There is a performance cost

When returning lots of small static files


If A,- or 3I4 connectors are not used

'a(a uses a lot of memory for large files

A.B and AP4 support Csend_fileD


Apache serves static content faster in eneral

,ay introduce an e#tra layer2hop that can %e fairly costly


All static content can be moved to an Apache front-end instance
Tomcat then serves dynamic content only
1$ 1$
Security
Apache httpd has more fle$ible and more powerful security
confiuration options

)htaccess files

mod_auth?_E

Third party modules


6 >specially proprietary (endors
1- 1-
Topics in this Session
.ntroduction
Topologies
Why Apache?
!TT,& Connectors
Configuring Connectors
When to use mod_!" mod_pro#y_ap" mod_pro#y_http
1/ 1/
Connectin Tomcat with httpd
5 major connectors

mod_pro#y
6 Uses the HTTP protocol
6 Can use the A'P protocol

mod_!
6 Uses a %inary A'P protocol
!ow to use them?
!ow to choose between the two?
13 13
mod6pro$y ,ros
'ein !TT, it can benefit from hardware acceleration7
All !TT, compatible 8rd party products are applicable7
3o translation needed7
3o need for a separate module compilation and maintenance7
9odule comes as part of standard Apache 575: distribution7
Ability to use http or https% even within the same balancer7
17 17
mod6pro$y Cons
3o connection chec)in protocol7

Difference %et&een a hung Tomcat and

single hung '8P *Data%ase call+ cannot %e detected)


'asic load balancer7
19 19
Connectors+ mod6j)
mod6j)

Uses A'P protocol


6 Which is a %inary &rapper around http

Ao encryption a(aila%le
;78 * 57< * 575

1oad %alancing a(aila%le

CP.AF2CPBAF detects (alidity of connection


6 Bffers %etter failo(er time

Wild card matches

Gor&ards 881 information

0ul!ier configuration

De(eloped %y the Tomcat community" not httpd


1: 1:
mod6j) !istory
mod6jserv

Briginal module2A'P < Apache 'ser( Protocol


mod6j)

.mplemented A'P21)2 and A'P1)$) Code %ase &as %uggy and unsta%le
mod6webapp

0rand ne& protocol" code %ase &as a%andoned and ne(er completed
mod6j)5

Am%itious feature list" proect &as a%andoned and ne(er reached maturity
'ac) to mod6j)

Ta!e some of the ideas from 'H2

mod_! &as a simpler code %ase" so continue the &or! there


2= 2=
mod6j) ,ros
Includes C,I3=*C,4I3= to chec) the actual wor)er

to determine if it is up *Ad(anced node failure detection+


Failover is fairly efficient7
Advanced load balancer7
Support for lare A0, pac)et si>es7
21 21
mod6j) Cons
It re(uires a translation between !TT, to A0,7
It isn#t standard internet protocol so 8rd party accelerators won#t
apply7
SS" has to be terminated before A0, is produced7
The mod6j) directives are not consistent with other httpd directives
and uses e$ternal property file7
For system administrators familiar with httpd% the mod6j) approach
can loo) a little odd7
22 22
Connectors+ mod6pro$y
mod6pro$y

8upports %oth HTTP and HTTP8

Gor&ard re5uest %ased on Pro#yPass2Pro#yPass4e(erse directi(e

Compati%le &ith mod_re&rite and mod_header

Cannot detect the difference %et&een a slo& '8P and slo& Tomcat
6 Therefore failo(er may%e slo&
6 ,itigated in the yet@to@%e@released Apache 2)- &ith HTTP >#pect@Continue
support
Apache ;78 * 57<

Ao load %alancing features

Ao regular e#pression or &ild card matches


Apache 575

1oad %alancing

Gle#i%le matching using regular e#pressions


2$ 2$
Topics in this Session
.ntroduction
Topologies
Why Apache?
Httpd Connectors
Confiurin Connectors
When to use mod_!" mod_pro#y_ap" mod_pro#y_http
2- 2-
mod6pro$y and Apache httpd
Client Tomcat
Apache httpd
mod_pro#y
HTTP2HTTP8
HTTP2HTTP8
Can %e encrypted
Client
HTTP2HTTP8
4e5uest24esponse
for static content
*html" pg+
4e5uest24esponse
for dynamic content
*'8P28er(lets+
2/ 2/
&efine jvm-oute
In Tomcat% define jvm-oute
&on?t foret pro$y,ort in the @ConnectorAB
@BC tomcat;7domain7com --A
@1nine nameDEcatalinaF jvm-outeDEtomcat;F GA
@BC tomcat57domain7com --A
@1nine nameDEcatalinaF jvm-outeDEtomcat5F GA
conf/server.xml
conf/server.xml
23 23
Sub 9odules
mod6pro$y is divided into sub modules

All need to %e loaded


#Load the proxy modules
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
conf/httpd.conf
27 27
&isable -eular ,ro$y
Turn off reular pro$y functionality

Pro#y re5uests are turned off %y default

.mportant for security


#Disable regular proxy, were only using reverse proxy
ProxyRequests Off
conf/httpd.conf
29 29
-etain !ost !eader
Allows Tomcat to have access to !ost information
#retain host header
ProxyPreserveHost On
#you can use this pattern in the accesslog valve to log these at
tomcat:
<Valve
className="org.apache.catalina.valves.AccessLogValve"
pattern="%{X-Forwarded-For} %l %u %t "%r" %s %b"
...
conf/server.xml (in Tomcat)
#retain host header
ProxyPreserveHost On
conf/httpd.conf (in Apache httpd)
2: 2:
Forward -e(uests to Tomcat
Forward re(uests to Tomcat?s H<H< port

Gor the 2%ar conte#t

.n our e#ample" Pro#yPass4e(erse is not needed

Ho&e(er it ta!es care of redirects on %ac!end ser(er


6 0efore for&arding http redirect response to client
6 >#ample scenario
6 .f tomcat)domain)com2%ar is redirected to tomcat)domain)com2snic!ers
6 Apache adusts this to tomcat)domain)com2%ar2snic!ers
#forward requests that go to /bar
ProxyPass /bar http://tomcat1.domain.com:8080/bar
#when paths are changing the following is needed
ProxyPassReverse /bar http://tomcat1.domain.com:8080/bar
conf/httpd.conf
$= $=
Tomcat ,ort Settins
Adjust port settins in Tomcat?s server7$ml
@Connector protocolDE!TT,*;7;F
portDEH<H<F
pro$y,ortDEH<F*A
@Connector protocolDE!TT,*;7;F
portDEH<H<F
pro$y,ortDEH<F*A
conf/server.xml
Port num%er for Apache httpd
Port num%er for Tomcat
$1 $1
Settin Timeout
&ependin in the version of Apache you are usin% use ETimeoutF or
E,ro$yTimeoutF

Blder (ersions ha(e a %ug" &here mod_pro#y uses the glo%al timeout (alue
#don't wait for a response for more than 5min
ProxyTimeout 300
#older version of apache, ProxyTimeout is not used
Timeout 300
conf/httpd.conf
A(aila%le in apache 2)=)$1 and later
$2 $2
-eular 1$pression 9atchin
575 reular e$pression matchin

0etter matching functionality" ne& directi(e


#forward all requests that end with .jsp to Tomcat
ProxyPassMatch ^(/.*\.jsp)$ http://tomcat1.domain.com:8080$1
conf/httpd.conf
Assuming the local ser(er has address http;22tomcat)domain)com" the regular
e#pression here &ill cause http;22tomcat)domain)com2e#ample)sp to %e
con(erted to http;22tomcat1)domain)com;9=9=2e#ample)sp
$$ $$
SS" Confiuration
1nable the SS" Ialve

Fi(es Tomcat access to 881 info from httpd


@BC reads custom header from httpd with ssl info--A
@Ialve class3ameDEor7apache7catalina7valves7SS"IalveF*A
@BC reads custom header from httpd with ssl info--A
@Ialve class3ameDEor7apache7catalina7valves7SS"IalveF*A
conf/server.xml
Forward SS" info to Tomcat
Jforward SS" info in headers to Tomcat
-e(uest!eader set SS"6C"I13T6C1-T KLMSS"6C"I13T6C1-TNsK
-e(uest!eader set SS"6CI,!1- KLMSS"6CI,!1-NsK
-e(uest!eader set SS"6S1SSI436I& KLMSS"6S1SSI436I&NsK
-e(uest!eader set SS"6CI,!1-62S1O1PSIQ1 KLMSS"6CI,!1-62S1O1PSIQ1NsK
Jforward SS" info in headers to Tomcat
-e(uest!eader set SS"6C"I13T6C1-T KLMSS"6C"I13T6C1-TNsK
-e(uest!eader set SS"6CI,!1- KLMSS"6CI,!1-NsK
-e(uest!eader set SS"6S1SSI436I& KLMSS"6S1SSI436I&NsK
-e(uest!eader set SS"6CI,!1-62S1O1PSIQ1 KLMSS"6CI,!1-62S1O1PSIQ1NsK
conf/httpd.conf
$- $-
Secure Tomcat -e(uests
"et Tomcat )now that re(uests can be treated

As coming in on a secure connection

if youIre terminating 881 at Apache

or if you &ish to run as if 881 in de(elopment &ithout actually using 881


@BC re(uests are comin in on Apache httpd port RR8 --A
@Connector protocolDE!TT,*;7;F
portDEH<H<F
pro$y,ortDERR8F
secureDEtrueF
schemeDEhttpsF
SS"1nabledDEfalseF
*A
@BC re(uests are comin in on Apache httpd port RR8 --A
@Connector protocolDE!TT,*;7;F
portDEH<H<F
pro$y,ortDERR8F
secureDEtrueF
schemeDEhttpsF
SS"1nabledDEfalseF
*A
conf/server.xml
$/ $/
mod6pro$y6balancer
If you have more than one EtomcatF wor)er

Then load one more module


LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
conf/httpd.conf
1oad %alancing
$3 $3
&efine Cluster and Apply Stic)iness
First define the cluster
Jforward re(uests that o to *bar with load balancin
@,ro$y balancer+**barclusterA
'alancer9ember http+**tomcat;7domain7com+H<H<
'alancer9ember http+**tomcat57domain7com+H<H<
@*,ro$yA
conf/httpd.conf
Apply the stic)iness .route matches jvm-oute in tomcat server7$ml/
Jforward re(uests that o to *bar with load balancin
@,ro$y balancer+**barclusterA
'alancer9ember http+**tomcat;7domain7com+H<H< routeDtomcat;
'alancer9ember http+**tomcat57domain7com+H<H< routeDtomcat5
@*,ro$yA
conf/httpd.conf
$7 $7
Forward -e(uest
Forward the re(uest
0S1SSI43I& is coo)ie enerated by Tomcat to )eep trac) of
sessions
nofailoverDK4nK means bac)end servers do not support session
replication7
#forward requests that go to /bar with load balancing one line below
ProxyPass /bar balancer://barcluster/bar
stickysession=JSESSIONID|jsessionid nofailover=On
conf/httpd.conf
$9 $9
-eular 1$pressions
4nly forward 2-"s with 7jsp at the end
nofailoverD4n

Used &hen you donJt ha(e session replication

A ne& session &ill %e created upon failo(er


2-" and stic)iness

,a!e sure you at least ha(e a 2 that is not part of the e#pression

Pro#yPass,atch" doesnJt !eep stic!y sessions unless you specify the first path
conf/httpd.conf
Jforward all re(uests that end with 7jsp with load balancin C one line below
,ro$y,ass9atch S*.7TU7jsp/V balancer+**barcluster*V;
stic)ysessionD0S1SSI43I&Wjsessionid nofailoverD4n
$: $:
"oad 'alancer 4ptions
"oad 'alancin 4ptions
-= -=
Stic)y Sessions
route is a value appended with a 7routevalue to the session id
Tomcat sets this usin the jvm-oute value
Jforward re(uests that o to *bar with load balancin
@,ro$y balancer+**barclusterA
'alancer9ember http+**tomcat;7domain7com+H<H< routeDtomcat;
'alancer9ember http+**tomcat57domain7com+H<H< routeDtomcat5
@*,ro$yA
conf/httpd.conf
3ow forward re(uests to the load balancer module
#forward all requests that end with .jsp with load balancing one line below
ProxyPassMatch ^(/.*\.jsp)$ balancer://barcluster$1 stickysession=JSESSIONID|
jsessionid nofailover=On
conf/httpd.conf
-1 -1
Connection ,oolin
Apache 575 has connection poolin as well

min"ma# < controls the si?e of the pool"


6 ust li!e mod_! the default is ThreadsPerChild for ma#
6 min is default to =

timeout < ho& long do &e &ait for a free connection

ttl < e#piration time for inacti(e pooled connections


,oolin is for use with Ewor)erF and not Eprefor)F

http;22httpd)apache)org2docs22)22mod2&or!er)html

http;22httpd)apache)org2docs22)22mod2prefor!)html
-2 -2
Connection ,oolin
With a lot of re(uest oin bac) to Tomcat

lea(e out ma# (alue to set it to the default


EttlF means Etime to liveF
Jset up a connection pool% all one line
'alancer9ember http+**tomcat;7domain7com+H<H< minD< ma$D;<<
timeoutD8< ttlDX<
conf/httpd.conf
Connections unused
for 3= seconds
&ill %e closed
Connection timeout
in seconds
-$ -$
Weihted "oad 'alancin .;/
lbmethodDbyre(uests

Default (alue

0ased on CloadfactorD" &hich defaults to 1

Counts re5uests for load %alancing decision


Jtomcat ; ets R times the amount of re(uests
'alancer9ember http+**tomcat;7domain7com+H<H< loadfactorDR
'alancer9ember http+**tomcat57domain7com+H<H< loadfactorD;
conf/httpd.conf
Jtomcat ; and tomcat 5 et e(ual amount of re(uests
'alancer9ember http+**tomcat;7domain7com+H<H< loadfactorD;
'alancer9ember http+**tomcat57domain7com+H<H< loadfactorD;
conf/httpd.conf
-- --
Weihted "oad 'alancin .5/
lbmethodDbytraffic

Counts num%er of %ytes to %e used for decision


conf/httpd.conf
Jtomcat ; and tomcat 5 et e(ual amount of traffic
'alancer9ember http+**tomcat;7domain7com+H<H< loadfactorD; lbmethdDbytraffic
'alancer9ember http+**tc57domain7com+H<H< loadfactorD; lbmethdDbytraffic
conf/httpd.conf
Jtomcat ; ets R times the amount of traffic
'alancer9ember http+**tomcat;7domain7com+H<H< loadfactorDR lbmethdDbytraffic
'alancer9ember http+**tc57domain7com+H<H< loadfactorD; lbmethdDbytraffic
-/ -/
Weihted "oad 'alancin .8/
#forward requests that go to /bar with load balancing one line below
ProxyPass /bar balancer://barcluster/bar
stickysession=JSESSIONID|jsessionid nofailover=On lbmethod=byrequests
conf/httpd.conf
-3 -3
4ptimi>ed -outin
www8
www5
www;
Apache ;
Tomcat ;
Tomcat 5
Tomcat 8
!TT,
Apache 5
!TT,
Apache 8
!TT,
f
a
i
l

o
v
e
r

r
o
u
t
e
4
p
t
i
m
i
>
e
d

r
o
u
t
i
n

-7 -7
4ptimi>ed -outin
4ptimi>ed routin for www5
Tomcat 5 and 8 are hot standby instances

.f tomcat1 crashes" re5uests &ill %e for&arded to tomcat2 and tomcat$


'alancer9ember http+**tomcat;7domain7com+H<H<
'alancer9ember http+**tomcat57domain7com+H<H< statusD!
'alancer9ember http+**tomcat87domain7com+H<H< statusD!
conf/httpd.conf
-9 -9
4ptimi>ed -outin
4ptimi>ed routin for www5
2se of the lbset attribute to set the priority between members
'alancer9ember http+**tc;7domain7com+H<H< lbsetD;
'alancer9ember http+**tc57domain7com+H<H< lbsetD5
'alancer9ember http+**tc87domain7com+H<H< lbsetD8
conf/httpd.conf
Girst failo(er choice
2nd failo(er choice
Highest priority mem%er
-: -:
mod6pro$y status
,ro$y publishes status information

To the mod_status module


JTurn on status
,ro$yStatus 4ffW4nWFull
conf/httpd.conf
/= /=
mod6pro$y status
Sample output from status module
/1 /1
mod6pro$y status
Turn on the status module
http+**localhost*server-status?refreshDY
JTurn on status
@"ocation server-statusA
Set!andler server-status
4rder &eny%Allow
&eny from all
Allow from ;5Z7<7<7;
@*"ocationA
conf/httpd.conf
/2 /2
"ab
Tomcat Connectors - mod6pro$y
/$ /$
mod6j) and Apache httpd
Client Tomcat
Apache httpd
mod_!
HTTP2HTTP8
A'P
>ncryption
not a(aila%le
4e5uest24esponse
for dynamic content
*'8P28er(lets+
4e5uest24esponse
for static content
*html" pg+
Client
HTTP2HTTP8
/- /-
Tomcat Wor)ers
Apache
Tomcat 1
Tomcat 2
Tomcat $
HTTP
mod_!
1ach Tomcat is called Ewor)erF
// //
mod6j) Tomcat Confiuration
Two chanes to server7$ml file

A'P connector

(m4oute in the >ngine element


@B-- &efine an A0, ;78 Connector on port H<<[ --A
@Connector portDKH<<[K protocolDKA0,*;78K redirect,ortDKHRR8K *A
@BC tomcat;7domain7com --A
@1nine nameDEcatalinaF jvm-outeDEtomcat;F GA
conf/server.xml
@B-- &efine an A0, ;78 Connector on port H<<[ --A
@Connector portDKH<<[K protocolDKA0,*;78K redirect,ortDKHRR8K *A
@BC tomcat57domain7com --A
@1nine nameDEcatalinaF jvm-outeDEtomcat5F GA
conf/server.xml
/3 /3
mod6j) Apache Confiuration
httpd7conf C apache directives

Contains '!,ount directi(es


wor)ers7properties

Contains information a%out Tomcat instances *&or!ers+

Contains load %alancing configurations

Contains connection settings


J"oad the 0O module
"oad9odule j)6module modules*mod6j)7so
J"oad the 0O module
"oad9odule j)6module modules*mod6j)7so
conf/httpd.conf
/7 /7
wor)ers7properties
Same format as java7util7,roperties
http+**tomcat7apache7or*connectors-doc*reference*wor)ers7html
Jsimplest wor)er confi
wor)er7listDtomcat;
wor)er7tomcat;7typeDajp;8
wor)er7tomcat;7hostDtomcat;7domain7com
wor)er7tomcat;7portDH<<[
Jsimplest wor)er confi
wor)er7listDtomcat;
wor)er7tomcat;7typeDajp;8
wor)er7tomcat;7hostDtomcat;7domain7com
wor)er7tomcat;7portDH<<[
conf/workers.properties
Contains a list of all &or!ers defined that are to %e used in '!,ount directi(es
This &or!er represents
actual tomcat instance
ipaddress or host name
resol(ed through DA8
TCP of Tomcat instance
,ust match (alue defined in
KConnector portLD9==:D ))2M element
/9 /9
9appin 2-" to wor)er
2-" mappin confiuration
Jforward requests that go to /bar
0)9ount *bar tomcat;
0)9ount *bar*T tomcat;
J Alternative% shorter form
0)9ount *barB*T tomcat;
Jforward requests that go to /bar
0)9ount *bar tomcat;
0)9ount *bar*T tomcat;
J Alternative% shorter form
0)9ount *barB*T tomcat;
conf/httpd.conf
Wildcard matchin
Jforward requests that go to /bar for jsp
0)9ount *bar*T7jsp tomcat;
Jforward requests that go to /bar for jsp
0)9ount *bar*T7jsp tomcat;
conf/httpd.conf
/: /:
uriwor)ermap7properties
mappin rules definition can be e$ternali>ed from httpd7conf
conf/uriworkermap.properties
Jforward requests that go to /bar
0)9ount *bar tomcat;
0)9ount *bar*T tomcat;
J Alternative% shorter form
0)9ount *barB*T tomcat;
Jwildcard matchin
0)9ount *bar*T7jsp tomcat;
Jforward requests that go to /bar
0)9ount *bar tomcat;
0)9ount *bar*T tomcat;
J Alternative% shorter form
0)9ount *barB*T tomcat;
Jwildcard matchin
0)9ount *bar*T7jsp tomcat;
0)9ountFile conf*uriwor)ermap7properties 0)9ountFile conf*uriwor)ermap7properties
conf/httpd.conf
http+**tomcat7apache7or*connectors-doc*reference*uriwor)ermap7html
3= 3=
A0, ,ersistence
A0, connections are persistent

Ae(er meant to close

0etter for performance *connection pooling+

This causes a pro%lem in some en(ironments

mod_! ( 1)2)2= has a ne& option


Jdon?t reuse connections C free up tomcat threads
0)4ptions :&isable-euse
conf/httpd.conf
31 31
-eusin Connections
Jconnect timeout is 8 seconds
wor)er7tomcat;7connect6timeoutD8<<<
Jan e$istin connection should respond with ,43= in 8 seconds
wor)er7tomcat;7prepost6timeoutD8<<<
conf/workers.properties
When reusin connections

8etting a re5uest timeout

,inimum time %et&een t&o data pac!ets

This is default to infinite" could cause a httpd thread to ne(er release" in case
your 'N, has an BB,
'est practices when reusin connections

,a!e sure the connection is ali(e and &ell

8end P.AF2PBAF
Jwe should et at least some data in Ymin
wor)er7tomcat;7reply6timeoutD8<<<<<
conf/workers.properties
32 32
-eusin Connections
When reusin connections

.f using Ohttpd &or!erJ < multithreaded httpd

mod_! can contain a pool of connections


Pmatch this (alue to your threads per child or lo&er in httpd)conf
Pif you donJt specify a (alue" ThreadsPerChild &ill %e used
&or!er)tomcat1)connection_pool_si?eL$=
P&hen a re5uest comes in" mod_! can close inacti(e connections
P(alue in seconds
&or!er)tomcat1)connection_pool_timeoutL3=
conf/workers.properties
3$ 3$
mod6j) "oad 'alancin
mod6j) also supports load balancin

'H module &or!s in 1)$"2)= and 2)2

1oad %alancing a(aila%le in all (ersions


Convertin to load balancin is pretty straiht forward
0O has a concept of a Ebalanced wor)erF

Nirtual &or!er

4epresents one or more actual ap1$ &or!ers


3- 3-
mod6j) 'alanced Wor)er
'alanced wor)er

Contains a list of ap1$ &or!ers

,ethod 4 is %yre5uests
Jsimplest wor)er confi
wor)er7listDlbwor)er
wor)er7lbwor)er7typeDlb
wor)er7lbwor)er7balance6wor)ersDtomcat;% tomcat5
wor)er7lbwor)er7methodD-
conf/workers.properties
3/ 3/
mod6j) 'alanced Wor)er
&efine the two wor)ers
Jsimplest wor)er confi
wor)er7tomcat;7typeDajp;8
wor)er7tomcat;7hostDtomcat;7domain7com
wor)er7tomcat;7portDH<<[
wor)er7tomcat;7lbfactorDR
wor)er7tomcat57typeDajp;8
wor)er7tomcat57hostDtomcat57domain7com
wor)er7tomcat57portDH<<[
wor)er7tomcat57lbfactorD;
conf/workers.properties
33 33
mod6j) "' wor)er
Then just mount to the "' wor)er instead
Jload balanced confi
wor)er7listDlbwor)er
Jsame e$ample as ,ro$y,ass *bar *http+**tomcat;+H<H<*bar
0)9ount *bar lbwor)er
0)9ount *bar*T lbwor)er
J Alternatively
0)9ount *barB*T lbwor)er
conf/workers.properties
conf/httpd.conf
37 37
mod6j) status wor)er
The status wor)er does not communicate with Tomcat
It is responsible for the load balancer manaement
J Add the status wor)er to the wor)er list
wor)er7listDlbwor)er% j)status
J &efine a #j)status# wor)er usin status
wor)er7j)status7typeDstatus
conf/workers.properties
39 39
mod6j) status wor)er
Sample output from status wor)er

http;22tomcat)apache)org2connectors@doc2reference2status)html
3: 3:
mod6j) status e$plained
Aame of &or!er in
&or!er)properties
1oad%alance algorithm
re5uest" traffic" %usiness or random
8pecified (ia (m4oute
in ser(er)#ml
,apping specified in uri&or!ermap)properties
7= 7=
mod6j) status wor)er
Turn on the status module
conf/httpd.conf
J Add the j)status mount point
0)9ount *j)manaer*T j)status
J 1nable the 0O manaer access only from localhost
@"ocation *j)manaerA
0)9ount j)status
4rder deny%allow
&eny from all
Allow from ;5Z7<7<7;
@*"ocationA
71 71
mod6j) Stic)y Sessions
2se the jvm-oute from Tomcat

that gets appended to the session id


The wor)er name is used for the route
72 72
What do I use?
mod6j)

.f you re5uire ad(anced load %alancing and node failure detection)

.f you use an older (ersion of Apache *pre 2)2Q+)


mod6pro$y6http*balancer

.f you use Apache 2)2Q and %asic load %alancing &ill suffice)

.f you use a hard&are load %alancer)


6 Aote that you can ust use a hard&are load %alancer and ha(e no Apache layer at all)

.f you re5uire Ccradle@to@the@gra(eD encryption


7$ 7$
Conclusions
Two main standard connectors+

mod_! < older" more mature" more full@featured" %ut &ith a limited future and no
881 support)

mod_pro#y
6 Ap < for the same failo(er features as mod_! %ut missing large pac!ets and some
%alancing options)
6 Http2%alancer < for http including https

.f you are on one and you ha(e no pro%lem" stic! &ith it)

.f you are pic!ing one


6 881 2 no 881
6 Gast failo(er &ith CP.AF2CPBAF
6 HTTP (s A'P
7- 7-
"ab
Tomcat Connectors - mod6j)
11
Apache Tomcat Connectors Lab
22
Topics in this Session
Configure mod_proxy (ProxyPass)
Configure mod_proxy (load balancer and ProxyPassMatch)
Configure mod_! ("!Mount)
Configure mod_! (load balancing)
11
High Availability Clustering
22
Topics in this Session
Brief overview of clustering
Enabling Tomcats clustering mechanism
Configuration options
Advanced Topics
33
Load Balancing Clustering Overview
User Agent 1
Tocat 1
User Agent !
Tocat "
User Agent "
Apache httpd
session1
session2
session3
session1
session3
session2
Load Balancing clustering
#e have previously seen this configuration
44
Load Balancing Clustering Overview
Load is distributed to a collection of tocat instances

Commonly referred to as a server farm


$e%uests are redirected to the proper tocat instance based on
session affinity
#hat happens when one of the tocat instances crashes&
!!
Load Balancing Clustering and 'ailover
User Agent 1
Tocat 1
User Agent !
Tocat "
User Agent "
Apache httpd
session1
session2 session3
session1
session3
session2
Tomcat 1 has crashed
"essions are lost
##
Load Balancing Clustering and 'ailover
User sessions are lost( On the ne)t re%uest*

$sers are redirected to the other instance

They are considered as ne% users

if they %ere authenticated& they have to authenticate again

All session attributes are lost


' for an e(commerce site& all items in the shopping cart %ill be lost
))
High Availability Clustering Overview
User Agent 1
Tocat 1
User Agent !
Apache httpd
session1 session2 session3
sessions
User Agent "
Tocat "
"essions are replicated
**
High Availability Clustering Overview
+n case one tocat instance crashes, the user session is not lost

+o need to re(authenticate

"hopping cart is still there


However, setting up a load balancing HA infrastructure is fairly
cople)

,ou should not use it unless you really need it


--
About Tocat Clustering
Tocat ipleents a HA cluster strategy -session replication.

.rimary goal/ 0ail 1ver and 2ecovery

3omogeneous nodes

Tomcat provides high availability& but does not provide the fail over mechanism

"uch mechanism can be found in load balancing soft%are4appliances


' Apache httpd is one of them
15 15
Side /ffects of Clustering and replication
+n ost cases, the application itself needs to be updated

All classes put into the session should implement the Serializable interface
Slower perforance, ore to do
+ncreased cople)ity
Harder to troubleshoot
$e%uires ore resources and s0ills
11 11
Side /ffects of Clustering
Side effects of clustering and replication

.erformance considerations

6ncreased net%or7 traffic

6ncreased memory usage

6ncreased C.$ usage


1ou2ve been warned
3ow let2s get to it44
12 12
+n 5eory storage
High Availability Strategy* in 5eory storage

"tore state in memory

2eplicate memory information bet%een nodes


Tomcat also can store the state in a database& or on the file system
using .ersistence8anger9 3o%ever the code base
is not maintained& therefore these strategies are obsolete9
13 13
Application 5anaged HA
High Availability Strategy

Client holds state

:everage coo7ies and hidden fields to transfer re;uired state information


bet%een invocations

,ou can also use <"1+ and <avascript variables to maintain state =A<A>?
Has a strong ipact on the application code itself

2e;uires more time and resources


However the ost scalable option, no ta)ation on servers
14 14
Topics in this Session
@rief overvie% of clustering
/nabling Tocat2s clustering echanis
Configuration options
Advanced Topics
1! 1!
6efault Clustering Configuration
748 The default configuration is very siple 99:
7Cluster
class3ae;<org(apache(catalina(ha(tcp(SipleTcpCluster= >:
Tocat pre9configures the syste for you
?reat for developers and test environents
6o not use in production, since there is a great chance of you
overlapping between environents

8embership achieved by default using multicasting

8ulticast port and address create cluster separation

$sing default port4address values %ill cause a clash %ith an eAisting cluster
conf/server.xml
1# 1#
Topics in this Session
@rief overvie% of clustering
Enabling Tomcats clustering mechanism
Configuration options
Advanced Topics
1) 1)
Configuration #al0 Through
Settings behind default configuration are too large to paste into a
slide
Let2s wal0 through the ain eleents in the default configuration as
we learn about it
http*>>tocat(apache(org>tocat9@(A9doc>cluster9howto(htl
1* 1*
Channel Send Options
6eterines how essages are sent to the other nodes
6ifferent options define different delivery guarantees
Used during session replication to deterine response tie

6n synchronous mode the re;uest doesnBt return until session is replicated in all
cluster nodes

6n asynchronous replication the re;uest is returned before session data has


been replicated
1- 1-
Channel Send Options <B=
ChannelSendOptions

* C is the recommended setting

0avors re;uest response time

Can be combined %ith the guarantee levels

"ession replication doesnt have implementations to react to higher guarantee


levels

"ends messages asynchronously


748 The default configuration is very siple 99:
7Cluster
class3ae;<org(apache(catalina(ha(tcp(SipleTcpCluster=
channelSendOptions;<B= >:
conf/server.xml
25 25
Other Channel Send Options
channelSendOptions

5& 2& #& 15 and 14

Covered in Advanced "ection


21 21
#hich 5anager&
Tocat @ has two session anagers that do replication slightly
differently

Delta8anager C replicates to all nodes that participate in the cluster


' This is the default manager

@ac7up8anager C replicates session data to only one bac7 up node


' The other nodes only carry location info
22 22
#hy 6elta 5anager&
Appropriate for sall clusters

4(! nodes

replicates to all nodes that participate in the cluster


3ot using stic0y load balancing

"tic7y :@ is recommended for large clusters


Code base is older

more mature
23 23
#hy Bac0up 5anager&
Supports uch larger clusters

replicates session data to only one bac7 up node


5ust have stic0y load balancing
@ac7up8anager has been introduced in tomcat #
24 24
6elta 5anager
748 6elta5anager configuration 99:
75anager
class3ae;<org(apache(catalina(ha(session(6elta5anager=
notifyListenersOn$eplication;<true=
e)pireSessionsOnShutdown;<false=
>:
3otify listeners

eAecute session listeners on remote node


/)pire sessions

upon graceful shutdo%n& eApire sessions on all other nodes


conf/server.xml
2! 2!
Bac0up 5anager
apSendOptions 8 delivery ethod
Sae values as channelSendOptions
748 Bac0up5anager configuration 99:
75anager
class3ae;<org(apache(catalina(ha(session(Bac0up5anager=
notifyListenersOn$eplication;<true=
e)pireSessionsOnShutdown;<false=
apSendOptions;<B=
>:
conf/server.xml
2# 2#
Channel /leent
748 Channel configuration 99:
7Channel
class3ae;<org(apache(catalina(tribes(group(?roupChannel= >:
Tocat2s essaging odule
#rapper around all essaging settings
conf/server.xml
2) 2)
5ebership* " ways
6ynaic

uses multicasting to discover other nodes


Static

each node should be eAplicitely defined in server9Aml


2* 2*
6ynaic 5ebership
6ynaic 5ebership

Each server receives multicast


messages each > milliseconds

6f no message received during +E>


time& member is considered dead

8embership is non(coordinated
2- 2-
5ebership /leent <default=
748 6ynaic ebership configuration 99:
75ebership
class3ae;<org(apache(catalina(tribes(ebership(5castService=
address;<""B(A(A(C=
port;<CDD@C=
fre%uency;<DAA=
dropTie;<!AAA=
>:
5ebership eleent

Default settings
conf/server.xml
35 35
5ebership /leent <ulticasting=
Bind ulticasting to an interface
Useful on ulti9hoed hosts
748 6ynaic ebership configuration 99:
75ebership
class3ae;<org(apache(catalina(tribes(ebership(5castService=
address;<""B(A(A(C=
port;<CDD@C=
fre%uency;<DAA=
dropTie;<!AAA=
bind;<1A(1(!(1"B=
>:
conf/server.xml
31 31
Static 5ebership
Useful on networ0s where ulti9casting is disallowed
To achieve this

Add
' org9apache9catalina9tribes9group9interceptors9"tatic8embership6nterceptor

$nderneath
' org9apache9catalina9tribes9group9interceptors9Tcp0ailureDetector 6nterceptor
+nside the Static5ebership+nterceptor you can add the static
ebers
http*>>tocat(apache(org>tocat9@(A9doc>config>cluster9interceptor(htl
32 32
Static 5ebership
Tcp'ailure6etector will do a health chec0 on the static ebers
+t onitors the for crashes

so they %ill have the same level of notification mechanism as

members that are automatically discovered9


748 Static ebership configuration 99:
7+nterceptor
class3ae;Eorg(apache(catalina(tribes(group(interceptors(Static5ebership+nterc
eptorE:
75eber class3ae;Eorg(apache(catalina(tribes(ebership(Static5eberE
port;ED@FBE
secureGort;E91E
host;EtocatA1(ydoain(coE
doain;Estaging9clusterE
uni%ue+d;EHA,1,",!,C,D,@,F,B,IJE>:
7>+nterceptor:
conf/server.xml
33 33
5essaging
5essaging happens over TCG
/ach node has a receiver and a
sender

2eceiver C receives cluster


messages

"ender C sends cluster messages


34 34
Sender
748 essage sender configuration 99:
7Sender
class3ae;<org(apache(catalina(tribes(transport($eplicationTransitter=:
7Transport
class3ae;<org(apache(catalina(tribes(transport(nio(GooledGarallelSender=
0eepAliveCount;<91=
0eepAliveTie;<91= >:
7>Sender:
Soc0et reuse paraeters

F7eepAliveCountG

F7eepAliveTimeG
conf/server.xml
3! 3!
$eceiver
a)Threads 8 thread pool to handle incoing essages
?ood value is n91 or -n91.>", where n are the nuber of nodes
748 essage receiver configuration 99:
7$eceiver
class3ae;<org(apache(catalina(tribes(transport(nio(3io$eceiver=
address;<auto=
port;<CAAA=
autoBind;<1AA=
a)Threads;<C=
>:
conf/server.xml
3# 3#
$eceiver <address=
748 essage receiver configuration 99:
7$eceiver
class3ae;<org(apache(catalina(tribes(transport(nio(3io$eceiver=
address;<auto=
port;<CAAA=
autoBind;<1AA=
a)Threads;<CAAA=
>:
address 8 auto, it auto resolves the +G address of the achine
Can also specify an +G address to bind to, li0e 1A(1(!(1"B
conf/server.xml
3) 3)
$eceiver <port=
$eceiver

port C %hat port to listen on

auto@ind H 5 means that %e %ill pic7 the first available port bet%een port and
=portIauto@ind?
748 essage receiver configuration 99:
7$eceiver
class3ae;<org(apache(catalina(tribes(transport(nio(3io$eceiver=
address;<auto=
port;<CAAA=
autoBind;<1AA=
a)Threads;<CAAA=
>:
conf/server.xml
3* 3*
Advanced Topics
3- 3-
+nterceptors
Siilar to valves in ters of functionality
+nterceptor design pattern
Used to affect the behavior of essages sent and received
45 45
6ispatch +nterceptor
JKC async send support ((H
J6nterceptor
class+ameLorg9apache9catalina9tribes9group9intereceptors98essageDispatch1!6nterceptor 4H
Use to dispatch essage to support send option B
conf/server.xml
41 41
6ispatch +nterceptor
JKC async send support ((H
J6nterceptor
class+ameLorg9apache9catalina9tribes9group9intereceptors98essageDispatch1!6nterceptor
8aAMueue"iNeL#)15**#4 O #48@
4H
OO5 protection 8 %ueue will not grow past
conf/server.xml
42 42
'ailure 6etection
Soeties ulticast pac0ets don2t a0e it
This interceptor avoids false negatives
JKC tcp failure detection ((H
J6nterceptor
class+ameLorg9apache9catalina9tribes9group9intereceptors9Tcp0ailureDetector
4H
conf/server.xml
43 43
Throughput +nterceptor
$eport throughput
Grint stats every 1A0 essages
JKC message stat reports ((H
J6nterceptor
class+ameLorg9apache9catalina9tribes9group9intereceptors9Throughput6nterceptor
intervalL15555
4H
conf/server.xml
44 44
Kalves
7Cluster class3ae;<org(apache(catalina(ha(tcp(SipleTcpCluster= (((:
748 6elta5anager configuration 99:
75anager class3ae;<org(apache(catalina(ha(session(6elta5anager= ((>:
<! Channel configuration -->
7Channel class3ae;<org(apache(catalina(tribes(group(?roupChannel=:
(((
748 replication valve99:
7Kalve class3ae;<org(apache(catalina(ha(tcp($eplicationKalve=
'ilter;<=>:
(((
7>Channel:
7>Cluster:
+nitiate session replication at the end of each re%uest
'ilter can be used to not react to certain U$Ls
conf/server.xml
4! 4!
Kalves
+f using odLM0 and Mv$oute
#hen failing over, we need to change the session id
7Cluster class3ae;<org(apache(catalina(ha(tcp(SipleTcpCluster= (((:
748 6elta5anager configuration 99:
75anager class3ae;<org(apache(catalina(ha(session(6elta5anager= ((>:
<! Channel configuration -->
7Channel class3ae;<org(apache(catalina(tribes(group(?roupChannel=:
(((
748 replication valve99:
7Kalve class3ae;<org(apache(catalina(ha(tcp($eplicationKalve= 'ilter;<=>:
748 Mv route adMust valve99:
7Kalve class3ae;<org(apache(catalina(ha(session(Nv$outeBinderKalve=>:
(((
7>Channel:
7>Cluster:
conf/server.xml
4# 4#
Cluster Listener
Custo essaging listeners for certain types of essages
#or0s with the Nv$outeBinderKalve
JKC Pvm route adPust listener((H
JCluster:istener
class+ameLorg9apache9catalina9ha9session9<vm2oute"ession6D@inder:istener

4H
conf/server.xml
4) 4)
Cluster Listener
Listen for session change re%uest
#hen using the 6elta5anager
JKC delta manager session replication messages ((H
JCluster:istener
class+ameLorg9apache9catalina9ha9session9Cluster"ession:istener
4H
conf/server.xml
4* 4*
Channel Send Options <A=
A 8 fastest way to send
$elies on the TCG stac0 for guarantee
+f it reached the TCG send buffer, it2s considered successful
748 The default configuration is very siple 99:
7Cluster
class3ae;<org(apache(catalina(ha(tcp(SipleTcpCluster=
channelSendOptions;<A= >:
conf/server.xml
4- 4-
Channel Send Options <"=
" 8 receives an ACO fro the destination
As soon as the essage has been assebled destination sends an
ACO to the sender
?uarantees that the essage was received, but not processed
748 The default configuration is very siple 99:
7Cluster
class3ae;<org(apache(catalina(ha(tcp(SipleTcpCluster=
channelSendOptions;<"= >:
conf/server.xml
!5 !5
Channel Send Options <@=
@ 8 receives an ACO fro the destination
#hen the essage has been processed destination sends an ACO
to the sender
?uarantees that the essage was received and processed by the
reote node
748 The default configuration is very siple 99:
7Cluster
class3ae;<org(apache(catalina(ha(tcp(SipleTcpCluster=
channelSendOptions;<@= >:
conf/server.xml
!1 !1
Channel Send Options <1A=
1A -BP". 8 sends essages asynchronously
?uarantee level is ACO
Still favours response tie, but higher guarantee level
748 The default configuration is very siple 99:
7Cluster
class3ae;<org(apache(catalina(ha(tcp(SipleTcpCluster=
channelSendOptions;<1A= >:
conf/server.xml
!2 !2
Channel Send Options <1C=
1C -BP"PC. 8 sends essages asynchronously
?uarantee level is ACO, after essage processed
Still favours response tie, but highest guarantee level
748 The default configuration is very siple 99:
7Cluster
class3ae;<org(apache(catalina(ha(tcp(SipleTcpCluster=
channelSendOptions;<1C= >:
conf/server.xml
!3 !3
Suary
Brief overview of clustering

:oad @alancing Clustering

3igh Availability Clustering


/nabling Tocat2s clustering echanis
Configuration options

Channel "end 1ptions

8angers

8embership =Dynamic and "tatic?

8essaging ="ender and 2eceiver?


!4 !4
Questions&
11
Tomcat Advanced Configuration Lab
Part 2
22
Topics in this Session
Building Tomcat
setting up for a build env
build.properties and build.properties.default
downloading dependencies
building
creating distribution
Enable log4j logging
33
Topics in this Session
Create a patch or custom component
unning with a securit! manager
Configure cluster
Configure webapp for session replication
Test failover
11
Tomcat Troubleshooting
22
Topics in this Session
Tomcat logging
Java Stack Traces
Viewing Requests
Thread Dumps
Using OS Utilities as an aid
JM and J!"ns"le
Other M"nit"ring T""ls
##
Tomcat Logging
Tomcat is really good at logging

$t usuall% d"es n"t trace in&" %"u d" n"t need kn"w

'hen an err"r happens it can( h"wever( generate t"ns "& l"g entries
))
Tomcat Log Levels
What do I need to examine?
Log entries are categorized

D*+U,($-.O('/R-$-,(S*V*R*(./T/0
INFO no error! "ust in#ormation given to you
W$%NIN& you might care a little bit
S'('%' yes! no) you got an error
F$T$L )hatever this is! it can*t be good+
11
Inspecting Tomcat Logs
So )hat do I need to loo, at?
It-s easy to .grep- logs #or these entries
S'('%'/ Servlet0service12 #or servlet "sp thre) exception000
"ava0lang0Null3ointer'xception at
org0apache0"sp0npe4"sp04"spService1npe4"sp0"ava/552
22
Web $pplication Logging
6o) does this relate to )eb applications?
Web applications are autonomous

S" T"mcat can3t l"g applicati"n err"rs

Onl% i& the applicati"n d"esn3t 4trap3 the err"r( t"mcat will catch it and l"g s"me
in&"

."und in catalina5266786#8275l"g
77 $n uncaught application error could loo, li,e this
S'('%'/ Servlet0service12 #or servlet "sp thre) exception
"ava0lang0Null3ointer'xception at
org0apache0"sp0npe4"sp04"spService1npe4"sp0"ava/552
99
Web $pplication Logging
Still )eb applications need to provide their o)n logs

$n "rder t" pr"vide use&ul in&"rmati"n

/nd T"mcat d"esn3t reall% kn"w what3s g"ing "n inside applicati"n c"de :ase
77
Topics in this Session
T"mcat l"gging
8ava Stac, Traces
Viewing Requests
Thread Dumps
Using OS Utilities as an aid
JM and J!"ns"le
Other M"nit"ring T""ls
;;
8ava Stac, Traces
Sho)s the code execution path up until the error happened
77 $n uncaught application error could loo, li,e this
S'('%'/ Servlet0service12 #or servlet "sp thre) exception
"ava0lang0Null3ointer'xception
at org0apache0"sp0npe4"sp04"spService1npe4"sp0"ava/552
at org0apache0"asper0runtime06ttp8sp9ase0service16ttp8sp9ase0"ava/:;2
at "avax0servlet0http06ttpServlet0service16ttpServlet0"ava/<;=2
/
/
at
org0apache0coyote0http>>06ttp>>3rotocol?6ttp>>@onnection6andler0process1
6ttp>>3rotocol0"ava/5<=2
at org0apache0tomcat0util0net08Io'ndpoint?Wor,er0run18Io'ndpoint0"ava/AA:2
at "ava0lang0Thread0run1Thread0"ava/5B52
16 16
8ava Stac, Traces
Traces can be chained! only the root cause is the real error
7< /n uncaught applicati"n err"r c"uld l""k like this
S*V*R*= Servlet5service>? &"r servlet @sp threw eAcepti"n
@ava5lang5Runtime*Acepti"n= @ava5lang5-ullB"inter*Acepti"n
at "rg5apache5@sp5npeC@sp5C@spService>npeC@sp5@ava=1;?
at "rg5apache5@asper5runtime5DttpJsp+ase5service>DttpJsp+ase5@ava=96?
E
@aused by/ "ava0lang0Null3ointer'xception
at org0apache0"sp0npe4"sp04"spService1npe4"sp0"ava/5:2
555 1; m"re
11 11
Topics in this Session
T"mcat l"gging
Java Stack Traces
(ie)ing %eCuests
Thread Dumps
Using OS Utilities as an aid
JM and J!"ns"le
Other M"nit"ring T""ls
12 12
(ie)ing %eCuests
$ccess logs can help

The% rec"rd ever% request and its resp"nse c"de

F"u can print "ut headers( c""kies( request and sessi"n attri:utes

O&ten ver% use&ul t" see h"w tra&&ic is &l"wing


When using httpd in #ront

*Acellent wa% t" c"ns"lidate requests


1# 1#
Seeing tra##ic
%eCuestDumper (alve

Valve that l"gs ever%thing

-"t eas% t" read l"gs generated


G RequestDumper Valve :reaks "ut the "utput int" multiple l"g statements

$n multithreaded c"nteAt "ne can l"se track "& what :el"ngs where
G unless %"u print "ut the thread name( and even then it3s t"ugh

$ssues with parameter dec"ding


When using httpd in #ront

httpd has a m"dCdumpi" m"dule( :uilt "n the same idea

/ll"ws l"gging "& all input and "utput generated :% /pache httpd

http=<<httpd5apache5"rg<d"cs<252<m"d<m"dCdumpi"5html
1) 1)
Seeing tra##ic
Net)or, sni##ers 1client7server2

!an :e use&ul :ut n"thing c"mpares t" getting eAact data

'ireshark( ethereal( tcpdumper( etc

Man% ch"ices( @ust pick "ne5


@lient side visualizer

MS .iddler is an eAcellent t""l &"r 'ind"ws users


11 11
Topics in this Session
T"mcat l"gging
Java Stack Traces
Viewing Requests
Thread Dumps
Using OS Utilities as an aid
JM and J!"ns"le
Other M"nit"ring T""ls
12 12
Thread dumps
Displays the state o# all threads in a virtual machine
3rovides plenty o# in#ormation about activity and any dead loc,s
3rovides a trace )here each thread started to )here its current point
in execution
19 19
Obtaining Thread Dumps
On Enix F ,ill G= Htomcat pidI
On Windo)s @trlJ9rea, inside DOS )indo)

JDH 152C %"u have @stack t" help


Thread dump is printed to stdout

Or wherever std"ut is redirected t"

D"nIt redirect it t" <dev<null


17 17
Thread Dumps )ith "stac,
$lternate )ay to dump

@stack J t""l that c"mes with the JDH


Kore than "ust threads

JDH 152K als" prints "ut mem"r% stats


6eap
de# ne) generation total B;<<L! used 5AB:L M;x;A;:;;;;! ;x;AaA;;;;! ;x;N:d;;;;2
eden space <>O<L! N;P used M;x;A;:;;;;! ;x;A5A;Oa;! ;x;A<N;;;;2
#rom space BN;L! 5BP used M;x;AB5;;;;! ;x;ABdeAO<! ;x;AaA;;;;2
to space BN;L! ;P used M;x;A<N;;;;! ;x;A<N;;;;! ;x;AB5;;;;2
tenured generation total >O>;OAL! used >N5NL M;x;N:d;;;;! ;x;de;;;;;! ;xOA;:;;;;2
the space >O>;OAL! >P used M;x;N:d;;;;! ;x;NBNe;N<! ;x;NBNeO;;! ;x;de;;;;;2
compacting perm gen total >OO<<L! used AA<OL M;xOA;:;;;;! ;xOAc:;;;;! ;xOc;:;;;;2
the space >OO<<L! =NP used M;xOA;:;;;;! ;xOAAd;BO;! ;xOAAd;a;;! ;xOAc:;;;;2
ro space <>BOL! NNP used M;xOc;:;;;;! ;xOc5bdB:<! ;xOc5bda;;! ;xOc<:;;;;2
r) space >OO<<L! 5OP used M;xOc<:;;;;! ;xOcebBcb<! ;xOcebBe;;! ;xOdA:;;;;2
1; 1;
Dead Loc, Detection
Kore than "ust threads

Dead l"ck detecti"n


Found one 8avaGlevel deadloc,/
QQQQQQQQQQQQQQQQQQQQQQQQQQQQQ
RpoolGOGthreadGNR/
)aiting #or o)nable synchronizer ;xA<Oeaeb;! 1a
"ava0util0concurrent0loc,s0%eentrant%eadWriteLoc,?Non#airSync2!
)hich is held by RhttpG<;<>GOR
RhttpG<;<>GOR/
)aiting to loc, monitor ;x;<>A=b>A 1ob"ect ;xA<Oeade;! a
org0apache0catalina0ha0session0Delta%eCuest2!
)hich is held by RpoolGOGthreadGNR
26 26
Thread In#ormation
First line #or each thread
RhttpG<;<OG:R thread name
daemon type o# thread Mdaemon! empty means non daemonS
prioQ>; thread priority M>00>;S
tidQ;x;B>AO;;; @JJ pointer to 8(K OSThread ob"ect
nidQ;xN:c ,ernel thread identi#ier
in Ob"ect0)ait12 )hat the thread is doing
M;xba=##;;;00;xba=##Ae;S address space
21 21
Thread In#ormation
@3E usage very high! caused by a spinning thread! but )hich one?
On linux #or example! one can get @3E usage per thread
nidQ;xN:c ,ernel thread identi#ier
ps GeL Go pid!Pcpu!l)p T grep Gi Ups Ge# Tgrep Gv grep Tgrep "avaT
a), *Vprint ?OW*U T grep Gv * ;0;*

T" list all threads that run inside a @ava pr"cess with a !BU usage higher than
656L=
22 22
Why Ese Thread Dumps?
Threads dumps can help you identi#y

Sh"w which threads are waiting &"r a l"ck

Dead l"cks

Spinning threads( and what c"de it :el"ngs

Mem"r% usage

!ause "& an unresp"nsive JVM


2# 2#
Thread Dumps &uidelines
When ta,ing thread dumps! $LW$XS ta,e t)o or more dumps

This will help %"u see i& threads are changing eAecuti"n path

Single thread dump can cause a l"t "& M&alse p"sitivesN( where %"u think a thread
is stuck :ut it3s n"t

S"metimes threads m"ve( :ut ver% sl"wl%


G $& %"u hadn3t had tw" dumps( %"u3d never kn"w thatO
2) 2)
Topics in this Session
T"mcat l"gging
Java Stack Traces
Viewing Requests
Thread Dumps
Esing OS Etilities as an aid
JM and J!"ns"le
Other M"nit"ring T""ls
21 21
OS utilities
Troubleshooting a Tomcat server

"&ten inv"lves m"re than @ust T"mcat and JVM tr"u:lesh""ting

OS utilities c"me ver% hand%

'e3ve alread% menti"ned MpsN and netw"rk sni&&ers


22 22
File Descriptors
File descriptors

M"st OS have a limit "n .D

/ .D can :e an "pen &ile "r a s"cket

.ile descript"r leaks are als" ver% c"mm"n in we: applicati"ns

@ava5i"5$O*Acepti"n= T"" man% "pen &iles


29 29
lso# and netstat
File descriptors

On UniA J ls"& Jp Ppr"cess idQ

'ill list all "pen .D

This will "&ten put %"u "n the right path "n what is g"ing wr"ng
Sample output #or lso#
$ctive @onnections

netstat is an eAcellent t""l t" view s"ckets and their current state
@OKK$ND 3ID ES'% FD TX3' D'(I@' SIY'7OFF NOD' N$K'
bash O==N tomcat c)d DI% <!> A;BN <N5;:5B 7usr7local
"ava ONANA tomcat c)d DI% <!> A;BN <N5;:5B 7usr7local
more ONNO5 tomcat c)d DI% <!> A;BN <N5;:5B 7usr7local
27 27
OS Etilities Linux
Linux

nm"n

Ver% nice s%stem stats c"llect"r

!BU(Mem"r%(disk(netw"rk and m"re


2; 2;
nmon
#6 #6
OS Etilities Windo)s
Windo)s

*Apand %"ur task manager

$t rep"rts as much as %"u need >thread c"unts( $O activit%( virtual vs residential


mem"r%
#1 #1
Topics in this Session
T"mcat l"gging
Java Stack Traces
Viewing Requests
Thread Dumps
Using OS Utilities as an aid
8KZ and 8@onsole
Other M"nit"ring T""ls
#2 #2
8KZ
9oth Tomcat and the 8(K ma,e in#ormation available through 8KZ
8@onsole

Utilit% that c"mes with the JDH

0ets %"u attach t" a JVM and get in&"rmati"n


## ##
8@onsole
#) #)
So #ar[
We-ve covered many )ays o# troubleshooting your systems

'ith"ut actuall% adding an% s"&tware

There are additi"nal "pti"ns availa:le

Such as pr"&ilers and m"nit"ring applicati"ns


#1 #1
Topics in this Session
T"mcat l"gging
Java Stack Traces
Viewing Requests
Thread Dumps
Using OS Utilities as an aid
JM and J!"ns"le
Other Konitoring Tools
#2 #2
Konitor Tomcat
6yperic 6\

-"w part "& SpringS"urce

.ree and an *nterprise versi"n

Ver% c"mprehensive

!"vers much m"re than @ust T"mcat

www5h%peric5c"m
#9 #9
3si3robe
3si3robe 1#ormerly Lambda 3robe2

'e: applicati"n

Uses JM and eAtracts in&"rmati"n

.ree( and man% nice graphs

http=<<c"de5g""gle5c"m<p<psi8pr":e<
#7 #7
Summary
Tomcat logging
8ava Stac, Traces
(ie)ing %eCuests
Thread Dumps

O:taining thread dumps

Deadl"ck detecti"n and thread in&"rmati"n

'h% use thread dumpsR


Esing OS Etilities

ls"&( netstat and nm"n


8KZ and 8@onsole
Other Konitoring Tools

D%peric

BsiBr":e
#; #;
\uestions?
11
Tomcat Troubleshooting Lab
22
Topics in this Session
Generating thread dumps
finding dead locks
OOME experiments
generating heap summaries
GC logs
netstat -na
11
Tomcat Java Virtual Machine
Internals
Understanding the JVM memory architecture
22
Topics in this Session
Internals of Java Memory
Understanding the Java Memory Layout
Out Of Memory Errors
Monitoring Agents
33
Storing data in memory
Java runs as a single process

It does not share memory with other processes


Each process allocates memory

We call this process heap


Ways to allocate memory in a process

!malloc and free"

## !new and delete"

Java !new and dereference $% &ar'age ollection"


44
Storing data in memory
JVM manages the process heap

In most cases

J(I managed memory would 'e an e)ception* and there are others
No shared memory between processes

At least not availa'le through the Java A+I


JVM creates a Java eap

+art of the process heap

onfigured through ,-m) and ,-ms settings


55
Topics in this Session
Internals of Java Memory
!nderstanding the Java Memory "ayout
Out Of Memory Errors
Monitoring Agents
66
Everything else
Process Heap (java/java.exe
!" #e$ory (%&#
JVM #rocess eap
'ava !(ject Heap
))
JVM #rocess eap $ %ifferent View
E*en "+rvivor
"paces
,irt+al
"pace 1
-o+ng .eneration
,irt+al
"pace 2
!l* .eneration
Per$
.en &rea
P+re
/ative &rea
'ava Heap
'ava /on Heap
0
/ative
Ma)(ew.i/e , (ew.i/e Ma)0eap.i/e , Initial0eap.i/e
11
JVM #rocess eap
Ma&imum si'e is limited

12 'it si/e* roughly 2&3

45 'it* much much larger


If ()* is the ma& for the process

$-m)6788m ,-ms6788m , not very good

Leaves no room for anything else


22
JVM #rocess eap
JVM process heap consists of+

Java O'9ect 0eap

+ermanent .pace

ode &eneration

.oc:et 3uffers

;hread stac:s

<irect Memory .pace

J(I ode

&ar'age ollection

J(I Allocated Memory


Now let,s e&amine the following

Java O'9ect 0eap

+ermanent .pace

&ar'age ollection
%e$e$(er 3e re4erre*
to 5everything else67
18 18
JVM #rocess eap+ Java -b.ect eap
Java Object Heap
Permanent Space
Garbage Collection
11 11
Java -b.ect eap
/lso referred to as Java eap

Often confused with JVM process heap


Stores Java -b.ects

instances of classes

and the data the o'9ects contain


= +rimitives
= >eferences
12 12
*enefits of the Java eap
It pre0allocates large bloc1s of memory
/llocation of small amounts of memory is very fast
No need to fish for a free memory segment in 2/M
No fragmentation
Null#ointerE&ception vs3 )eneral /ccess 4ault

(+E runtime error

&A? crash the process


13 13
-b.ect /llocation
-b.ect allocation statistics in typical programs

78$@7A of newly allocated are e)tremely short lived

78$@7A die 'efore another mega'yte has 'een allocated


Tomcat 5ore 6no webapps7

Lots of long lived o'9ects

.till a small memory foot print


14 14
Java -b.ect eap Notes
08m&9 08ms and $8mn

Only controls the Java O'9ect 0eap

Often misunderstood to control the process heap


5onfusion leads to incorrect tuning

And in some cases* the situation worsens


15 15
:oung )eneration
5onsists of eden and survivor spaces

A good si/e for the B& is 11A of the total heap


/ll new ob.ects are created here

Only moved to Old &eneration if they survive one or more minor &
Si'ed using

$-mn , not preferred !fi)ed value"

$--C(ew>atioDEvalue% $ preferred !dynamic"


Survivor Spaces
= 2* used during the & algorithm !minor collections"
= $--C.urvivor>atioDEvalue% $ default is 64
= .pecifies the ratio of eden to survivor space in the B&
16 16
:oung )eneration Notes
#roblem

Multithreaded apps create new o'9ects at the same time

<uring o'9ect creation* memory is loc:ed

On a multi +U machine !threads run concurrently" there can 'e contention


Solution

Allow each thread to have a private piece of the E<E( space


Thread "ocal /llocation *uffer

$--C#Use;LA3

$--C;LA3.i/eDEsi/e in F3%

$--C#>esi/e;LA3

On 'y default on multi +U machines and newer J<F


/naly'e T"/* usage

$--C#+rint;LA3
J%; <3= and higher 6)5 ergonomics7

<ynamic si/ing algorithm* tuned to each thread


1) 1)
JVM #rocess eap+ #ermanent Space
Java Object Heap
Permanent Space
Garbage Collection
11 11
#ermanent Space
#ermanent )eneration

+ermanent .pace !name for it"

5M' initial* 45M' ma)

.tores classes* methods and other meta data

$--C+erm.i/eDEvalue% !initial"

$--CMa)+erm.i/eDEvalue% !ma)"
5ommon -ut -f Memory for webapp reloads
Separate space for pre0historic reasons

Early days of Java* class & was not common* reduces si/e of the Java 0eap
12 12
#ermanent Space Notes
#ermanent Space Memory Errors

;oo many classes loaded

lasses are not 'eing gar'age collected

Unaffected 'y ,-m) flag


Identified by

9avaGlangGOutOfMemoryErrorC
+erm&en space
In many situations9 increasing ma& perm si'e will help

iGeG no lea:* 'ut 9ust not enough memory

Others will reHuire to fi) the lea:


28 28
JVM #rocess eap+ )arbage 5ollection
Java Object Heap
Permanent Space
Garbage Collection
21 21
)arbage 5ollection
/lso uses memory

;hreads

Memory to store & info


If there isn>t enough memory for )59 then the system will not be
functioning at all
22 22
)arbage 5ollection
If there is e&cessive )5

9avaGlangGOutOfMemoryErrorC & overhead limit e)ceeded


?@A of the time is spent in )5
"ess than (A of the heap is recovered
In this scenario your program is not doing anything else

'ut collecting gar'age

JVM throws this Error* so that you have a chance of diagnosing the issue
To disable
088+0!se)5-verhead"imit
23 23
)arbage 5ollector istory
The idea

automatic memory cleanup

Easier to write code

Easier to de'ug
24 24
#hases of )arbage 5ollection
"oc1 it down

All o'9ects that are to ta:e part in the & must 'e loc:ed
= so that they donIt mutate or change during gar'age collection
Mar1

Iterate through all o'9ects

Mar: the Junreacha'leK o'9ects as gar'age

An o'9ect 'ecomes Junreacha'leK when itLs


= Out of scope
= 0ave no references to it
Sweep

>emove all previously mar:ed o'9ects

>eclaim memory
25 25
Early version of Java
)arbage 5ollector wasn>t well tuned
-nly one algorithm was available
Mar1 and Sweep entire heap

;a:es a very long time

;ime spent depends on the si/e of the heap

;hat is why the J+ermanent .paceK was invented


/lso 1nown as Bstop0the0worldC )5

;he entire JVM is loc:ed down


26 26
Strategies
Stop The World
Incremental

;ime & with new o'9ect creation

If & runs* suspend new allocation


5oncurrentD#arallel

Allocation happens at the same time as &

Very comple) loc:ing regimes

&enerationsM.paces ma:e it easier


5MS stands for

oncurrent

Mar:

.weep
2) 2)
ow It Wor1s
"+rvivor "pace
E*en "pace
9en+re* "pace
:ro$ 9o
6G (ew o'9ect is created in Eden
2G When E<E( is full , minor collection
1G opy surviving o'9ects into 6
st
survivor space
5G (e)t time Eden is full $ opy from Eden to 2
nd
* opy from 6
st
to 2
nd
NG If 2
nd
fills and o'9ects remain in Eden or 6
st
* these get copied to tenured
1
3 4
11
4
4
5
1
5
21 21
%efinitions
Eden Space

+ool from which memory is initially allocated for most o'9ects


Survivor Space

+ool containing o'9ects that have survived & of eden space


Tenured Space

+ool containing o'9ects that have e)isted for some time in the survivor space
22 22
ow It Wor1s
-ne survivor space is always empty

.erves as destination for minor collections


-b.ects get copied to the tenured space

when the 2nd survivor space fills up


Ma.or garbage collections occur when the tenured space fills up

Ma9or collections free up mar:ed o'9ects inC


= ;he Eden space
= ;he two survivor spaces
38 38
-racle 2ecommended
)5 Settings

$--C#UseoncMar:.weep&

$--C#M.IncrementalMode

$--C#M.Incremental+acing

$--CM.Incremental<utyycleMinD8

$--C#M.Incremental<utyycleD68

$--C#Use+ar(ew&

$--C#M.+erm&en.weepingEna'led
To analy'e what is going on

$--C#+rint&<etails

$--C#+rint&;ime.tamps

$--C$;racelassUnloading
31 31
2ecommendations
088+E!se#arallel)5 FG 088+E!se#arNew)5
088+#arallel)5ThreadsHFnumber of cpusG

Use with +arallel& setting


If you have I cpus and < JVM

.et value to 5
If you have I cpus and ( JVM

.et value to 2
If you have I cpus and J JVM

.et value to 2
32 32
Topics in this Session
Internals of Java Memory
Understanding the Java Memory Layout
-ut -f Memory Errors
Monitoring Agents
33 33
-ut -f Memory Errors
If JVM is started using

$--C#0eap<umpOnOutOfMemoryError

0eap dump is created automatically upon OOM error


No performance impact during runtime
%umping a $8m&=<(m heap

reate a N62M3 Ghprof file

JVM is JdeadK during dumping

>estarting JVM during this dump will cause unusa'le Ghprof file

ItLs not recommended to do a heap dump on a JproductionK tomcat instance

ItLs very useful in a Jpre$productionK or JtestK environment


.hat can 'e used to analy/e a heap dumpG It will analy/e dump file
and launch we' server* which ena'les you to launch a we'
'rowser
34 34
--M Notes
Ma.or garbage collections don>t run until tenured is full
What does that meanK

$-m)6825m

urrent heap could 'e ON8M3

N88M3 of JdeadK o'9ects

If VM is idle* could stay li:e that for a very long time

Wasting N88M3 of >AM for an idle JVM


35 35
Topics in this Session
Internals of Java Memory
Understanding the Java Memory Layout
Out Of Memory Errors
Monitoring /gents
36 36
Monitoring /gents
Monitor memory usage
If system is idle9 force a )arbage 5ollection
5an be done automatically and with remote agents
E&ample would be+
http+DDwww3hyperic3com
/ single agent will reside on each machine you want to manage

Each machine can run one or multiple tomcat instances


/gent will communicate with the server

sending gathered data on a regular interval which you define


3) 3)
Summary
Internals of Java Memory
!nderstanding the Java Memory "ayout

Java O'9ect 0eap

+ermanent .pace

&ar'age ollection
-ut -f Memory Errors
Monitoring /gents
31 31
LuestionsK
11
Tomcat Performance Tuning
22
Topics in this Session
Performance Tuning Process
Tuning your connectors
Socket Buffers
MTU
Content delivery and caching
33
Measure current performance
Identify the current bottleneck

Focus on one item at a time


Set Performance Targets

We a!!lications are easy

"nly one consideration # re$uest%res!onse time


Fix the root cause

&asy to get side tracked


The Process
''
Recommendations
When possible, tune preproduction

(ard to !rofile in !roduction


!pplication tuning most important

)s o!!osed to Tomcat configuration tuning

*+, or more of re$uest time is ty!ically s!ent inside the a!!lication


Tomcat tuning is fairly limited

-ivided et.een /0M tuning and Tomcat connectors

1e$uires lo.er level of understanding


22
Topics in this Session
3erformance Tuning 3rocess
Tuning your connectors
Socket Buffers
MTU
Content delivery and caching
44
!pache Tomcat in Production
"ut of the #ox Tomcat

Tomcat is ready for !roduction


$%M settings must be applied

-efault memory settings usually too small for most .e a!!lications


Tuning is limited

So .e can cover most of it


55
!pache Tomcat in Production
Tuning Tomcat connectors

server67ml

8Connector9
To properly tune one must

Understand the TC3 !rotocol

Understand ho. the C3U .orks

Understand load alancers and their algorithms


**
&oad #alancing' !lgorithms
&oad balancing

Connection limits

1eusing connections

Traffic sha!ing
&oad balancing algorithm dri(es Tomcat configuration choices
::
!pache Tomcat' )TTP*S
"ur tuning options

Threads

;ee! alive re$uests

TC3 Backlog <acce!tCount=>

connectionTimeout

Socket uffers
+ifferent connectors

B?" # Blocking /ava connector@ default

)31 # Uses native C code for ?"

A?" # Aon locking /ava connectors>


1+ 1+
+isclaimer
Tuning options are meant for ,orking and high performing
applications
"ptions ,ill not fix bad application beha(ior

Furthermore@ situation can .orsen in that case


11 11
protocol-.org/apache/coyote/http00/)ttp00Protocol1
Which connector2
3se #I" if'

Staility is the highest !riority


B )31 and A?" are more recent

Most content is dynamic

;ee! alive is not a determining factor


12 12
Which connector2
3se !PR if'

SSC is terminated at Tomcat

;ee! alive is im!ortant

Cots of static content

Using Comet feature

1e$uires com!ilation of native lirary


protocol-.org/apache/coyote/http00/)ttp00!prProtocol1
13 13
Which connector2
3se 4I" if'

Com!iling )31 is not an o!tion

;ee! alive is im!ortant

Using SSC

Cots of static content

Using Comet features


protocol-.org/apache/coyote/http00/)ttp004ioProtocol1
1' 1'
Which connector2
If uncertain'

Use B?" connector

Most mature code@ oth in Tomcat and /0M

Will not reak do.n

)uto tune feature to disale kee! alive


B When hitting 52, of ma7Threads in connection count
protocol-.org/apache/coyote/http00/)ttp00Protocol1
12 12
Which 5onnector2
Comparison Chart Java BIO Java NIO APR
Class Http11Protocol Http11NioProtocol Http11AprProtocol
Version 3.x+ .x+ !.!.x+
Pollin" NO #$% #$%
Pollin" %i&e N'A (nlimite) Con*i"+ra,le
H--P Re. Rea) Bloc/in" Non ,loc/in" Bloc/in"
H--P Bo)0 Rea) Bloc/in" %im Bloc/in" Bloc/in"
H--P 1rite Bloc/in" %im Bloc/in"
%%2 J%%$ J%%$ Open%%2
%%2 Han)sha/e Bloc/in" Non ,loc/in" Bloc/in"
3ax Connections max-hrea)s (nlimite) Con*i"+ra,le
14 14
Tuning threads
maxThreads

Ma7imum numer of concurrent re$uests

For B?"@ ma7 numer of o!en%active connections

Ty!ical range 2++D*++

Eood starting value '++


15 15
Tuning threads
maxThreads-.6771

-ecrease if you see heavy C3U usage


B )!!lication might e C3U ound instead of ?" ound
B Find out .hat is causing C3U usage

?ncrease if you donFt see much C3U usage


B )!!lications could e synchroniGed D9 no gain
B Take into account other resources@ such as dataase connections
1* 1*
Tuning keep ali(e
max8eep!li(eRe9uests

1e!resents the numer of re$uests Tomcat .ill handle on a TC3 connection

Ty!ical valuesH 1++D2++

Set to 1 disales kee! alive

connectionTimeout%kee!)liveTimeout controls the timeout in et.een re$uests


1: 1:
Tuning keep ali(e
max8eep!li(eRe9uests

Set to 1 if
B 0ery high concurrency
B Aot using SSC in Tomcat
B Using layer ' load alancer
B Using B?" connector

Set to 91 if
B Using SSC or lo. concurrency
B Cayer 5 load alancer .ith advanced features
B Using )31 or A?" connector

B?" connector automatically disales kee! alive for high connection counts
2+ 2+
Tuning T5P backlog
accept5ount

1e!resents numer of additional connections the "S should acce!t on your


ehalf

Useful .hen Tomcat canFt acce!t connections fast enough

Ty!ical ranges 2+D3++


21 21
Tuning T5P backlog
accept5ount-.0771

?ncrease if
B 0ery high concurrency <numer of connections=>
B Connections getting reIected during !eak traffic
B ;ee! alive should e off

-ecrease if
B ;ee! alive is on
B Connections getting acce!ted ut never serviced
22 22
Tuning timeouts
connectionTimeout

0alues range from 2+++ to 4++++ <in milliseconds=

1e!resents the S"JT?M&"UT value

&ssentially@ ma7 time et.een TC3 !ackets during a locking read or .rite

Critical to a stale system

)lso used for kee! alive timeout


23 23
Tuning timeouts
connectionTimeout-.:7771

?ncrease if
B Working .ith slo. clients <dial u!=>
B Using a layer 5 load alancer .ith connection limit%!ool and kee! alive on

-ecrease if
B Aeed faster timeouts

-efault value of 2+@+++ <2+secs= is too high for a .e server


2' 2'
Topics in this Session
3erformance Tuning 3rocess
Tuning your connectors
Socket #uffers
MTU
Content delivery and caching
22 22
Socket #uffers
;ach T5P connection contains t,o buffers

1eceive uffer K35k

Send uffer K22k


5onfigured in $a(a code

So might not e e7!osed through a!!lication configuration


3sually hit other limits than memory before an error happen

&7am!leH ?"&7ce!tion@ too many o!en files


import <a(a/net/Socket=
Socket skt=
///
int sndsi>e-07?6, sockbufsi>e=
skt/setSend#ufferSi>e@sndsi>eA= *B set send buffer B*
sockbufsi>e - skt/getSend#ufferSi>e@A= *B check send buffer si>e B*
skt/setRecei(e#ufferSi>e@sndsi>eA= *B set recei(e buffer B*
sockbufsi>e - skt/getRecei(e#ufferSi>e@A= *B check recei(e buffer si>e B*
24 24
&inux' si>e of the Socket #uffers
Socket buffers are used ,hen'

-ata is .ritten to the net.ork

-ata is read from the net.ork


"nce data is ,ritten to the socket buffer the application ser(er
thread is a(ailable
;ach response sent back to the client should fit into a socket buffer
Socket buffer should be large enough to fit about C7D of responses
25 25
Socket #uffers &inux
netstat utility

Used to dis!lay current state of the read and .rite socket uffers
5onsistent (alues in the .SendE1 or .Rec(E1 indicate that buffers
are not being emptied

&ither the Lnet.orkM is not acce!ting traffic fast enough <sendD$=

"r the La!!licationM is not acce!ting traffic fast enough <recvD$=


5onfiguration to changes the buffer si>es'
net6core6rmemJma7 N 14555214
net6core6.memJma7 N 14555214
/etc/sysctl.conf
2* 2*
Topics in this Session
3erformance Tuning 3rocess
Tuning your connectors
Socket Buffers
MT3
Content delivery and caching
2: 2:
What is MT32
Maximum Transmission 3nit @MT3A

ma7imum siGe for a single !acket <.ithout eing s!lit=


)igher end systems may benefit from changing MT3
MT3 on the internet is moreorless fixed

due to defective s!ecs for discovery and fire.all rules to aout 12++

.hich .as fine for 1+DaseDT ut is dated on EB ethernet6


Suggested MT3 (alue is about F777

!roaly a good trade off et.een safe and o!timal6


ifconfig eth7 mtu F777
Be careful .hen setting MTU6 ?f your routers and other net.orking
e$ui!ment are not configured to handle larger transmission units@
you may take yourself off the net.ork6
3+ 3+
Topics in this Session
3erformance Tuning 3rocess
Tuning your connectors
Socket Buffers
MTU
5ontent deli(ery and caching
31 31
+ynamic 5ontent +eli(ery
4o caching should be done for dynamic content
Tomcat has to deli(er it blocking mode
Worker thread is not released until all content has been deli(ered
Fast dynamic content can rely on send file

Sim!ly .rite to file@ set re$uest attriute and hand off to TomcatOs !oller threads
32 32
Static 5ontent +eli(ery
Si>e based cache for static content, default 07mb
#I" Tomcat has to deli(er it blocking mode
4I"*!PR

Tomcat can use S&A-JF?C&

1elease .orker thread@ deliver the content using a ackground thread .hen the
client is ready to receive
33 33
G5ontext cacheMaxSi>e-167FH71
cacheTT&-1H77771
caching!llo,ed-1true1I
G*5ontextI
5ontent +eli(ery
5onfigured in G5ontextI element
67M# cache @default 07M#AJ
cache re(alidation e(ery H7 seconds @default K secondsAJ
caching enabled @default trueA
3' 3'
Summary
Performance Tuning Process
Tuning your connectors
Socket #uffers
MT3
5ontent deli(ery and caching
32 32
Euestions2
11
HTTP Protocol
22
Topics in this Session
HTTP : Basics
Concepts
Structure of a HTTP sequence
More HTTP Methods
Differences between HTTP 1.0 and 1.1
HTTP Connections
Authentication mechanisms
HTTP State manaement
Securit! considerations
""
What is HTTP?
HTTP : HyperText Transfer Protocol
Request/response protocol

C#ient sends request messae to Ser$er

Ser$er sends response messae bac% to C#ient


Wikipedia

&H!perte't documents can either be static (prepared and stored in ad$ance) or


d!namic (continua##! chanin in response to user input).*
++
What is HTTP?
HTTP simple client/serer
HTTP
C#ient
HTTP
Ser$er
,equest
,esponse
HTTP simple request/response flow
--
What is HTTP?
HTTP request/response chain

There can be an! number of pro'ies


HTTP
C#ient
(C)
Pro'! 1
HTTP
Ser$er
(S)
Pro'! 2
Request
Response
HTTP request/response flow with multiple servers
Handling request/response messages
..
What is HTTP?
!et"ork protocol

/S0 1a!er 2 protoco# 3 app#ication #e$e#

4sed to de#i$er data5 co##ecti$e#! ca##ed &resources*

Most common#! imp#emented o$er TCP60P


Three actors

4ser Aent (4A) often referred to as a HTTP c#ient5 requests resources

Ser$er responds to 4A requests and de#i$ers resources

Pro'ies5 acts both as ser$er and 4A5 can be reu#ar pro'! or re$erse pro'!
22
#ersions
HTTP/$%&

Cou#d transfer on#! te't fi#es


HTTP/'%$

A##owed the transport of man! t!pes of fi#es and resources


HTTP/'%'

7'pands HTTP61.08s capabi#ities with se$era# features


99
Tomcat and HTTP
Tomcat supports all ersions of HTTP
(dapts to clients )ased on the HTTP header
Tomcat
Ser$er
Tomcat
Ser$er
HTTP
C#ient
0.:
HTTP
C#ient
1.0
HTTP
C#ient
1.1
::
Topics in this Session
HTTP ; <asics
*oncepts
Structure of a HTTP sequence
More HTTP Methods
Differences between HTTP 1.0 and 1.1
HTTP Connections
Authentication mechanisms
HTTP State manaement
Securit! considerations
10 10
*oncepts + *ommon WWW setup
User Agent Proxy
HTTP ,equest
Server Reverse Proxy
HTTP ,esponse
11 11
*oncepts + Stateless Protocol
HTTP is a stateless protocol

State#ess means there is no record of pre$ious interactions

7ach interaction request has to be hand#ed based entire#! on information that


comes with it

7ach request con$erts to a response5 without the HTTP ser$er rememberin the
request #ater
12 12
Topics in this Session
HTTP ; <asics
Concepts
Structure of a HTTP sequence
More HTTP Methods
Differences between HTTP 1.0 and 1.1
HTTP Connections
Authentication mechanisms
HTTP State manaement
Securit! considerations
1" 1"
Structure of a HTTP sequence , T*P connections
HTTP operates oer T*P connections- usually to port .$

Connection doesn=t ha$e to be reused5 ma%in it stateless

/ne can use the same TCP connection to de#i$er requests for more than one
c#ient or for separate transaction that are not tied to each other

Some #oad ba#ancers do this5 maintain persistent connections to the ser$er5 and
reuse each connection to the ser$er for for mu#tip#e c#ient connections
C#ient
Ser$er
,equest
,esponse
The Request-Response sequence happens over the
same connection
1+ 1+
Structure of a HTTP Sequence , Basic HTTP /ethods
01T

>i$e me a resource

Doesn8t inc#ude a request bod!


H1(2

Same as >7T

Ser$er doesn8t return resource bod!5 ?ust information about it


P3ST

4ser Aent8s sends a request with a bod! to the ser$er


1- 1-
Structure of a HTTP Sequence , Request/Response 4ines
HTTP/'%$ 5$$ Success 6*R4786*R478 HTTP/'%$ 5$$ Success 6*R4786*R478
01T /path/to/file/index%html HTTP/'%$ 6*R4786*R478 01T /path/to/file/index%html HTTP/'%$ 6*R4786*R478
HTTP/'%$ 9$9 !ot 7ound 6*R4786*R478 HTTP/'%$ 9$9 !ot 7ound 6*R4786*R478
,equest 1ine
,esponse 1ine 3 success
,esponse 1ine 3 ,esource not found
Status *odes
1. 1.
Structure of a HTTP Sequence , Request /essa:e
01T /path/to/file/index%html HTTP/'%' 6*R478
Host; www.sprinsource.com @C,1AB
4serCAent; MoDi##a6-.0 (EindowsF 4F Eindows GT -.1F enC4SF
r$;1.9.1.12) >ec%o620090201 Airefo'62.0.0.12 @C,1AB
Accept; imae6pn5H6HFqI0.- @C,1AB
AcceptC1anuae; enCus5enFqI0.- @C,1AB
AcceptC7ncodin; Dip5def#ate @C,1AB
AcceptCCharset; 0S/C99-:C15utfC9FqI0.25HFqI0.2 @C,1AB
JeepCA#i$e; "00 @C,1AB
@C,1AB
01T /path/to/file/index%html HTTP/'%' 6*R478
Host; www.sprinsource.com @C,1AB
4serCAent; MoDi##a6-.0 (EindowsF 4F Eindows GT -.1F enC4SF
r$;1.9.1.12) >ec%o620090201 Airefo'62.0.0.12 @C,1AB
Accept; imae6pn5H6HFqI0.- @C,1AB
AcceptC1anuae; enCus5enFqI0.- @C,1AB
AcceptC7ncodin; Dip5def#ate @C,1AB
AcceptCCharset; 0S/C99-:C15utfC9FqI0.25HFqI0.2 @C,1AB
JeepCA#i$e; "00 @C,1AB
@C,1AB
Request 4ine
Headers
!o )ody for a 01T request
12 12
Structure of a HTTP Sequence , Response /essa:e
HTTP61.1 200 /J @C,1AB
Date; Ari5 21 Mar 2009 19;1-;+2 >MT @C,1AB
Ser$er; Apache @C,1AB
ContentC1enth; 119" @C,1AB
ContentCT!pe; te't6p#ainFcharsetI0S/C99-:C1 @C,1AB
@C,1AB
@K'm# $ersionIL1.0L encodinIL0S/C99-:C1LKB
@m!'m# $erIL2.0LB
@headB
@#oca#eBenM4S@6#oca#eB
@formBM7D04M@6formB
;
HTTP61.1 200 /J @C,1AB
Date; Ari5 21 Mar 2009 19;1-;+2 >MT @C,1AB
Ser$er; Apache @C,1AB
ContentC1enth; 119" @C,1AB
ContentCT!pe; te't6p#ainFcharsetI0S/C99-:C1 @C,1AB
@C,1AB
@K'm# $ersionIL1.0L encodinIL0S/C99-:C1LKB
@m!'m# $erIL2.0LB
@headB
@#oca#eBenM4S@6#oca#eB
@formBM7D04M@6formB
;
Body - length/encoding
determined by headers
Headers
19 19
Topics in this Session
HTTP ; <asics
Concepts
Structure of a HTTP sequence
/ore HTTP /ethods
Differences between HTTP 1.0 and 1.1
HTTP Connections
Authentication mechanisms
HTTP State manaement
Securit! considerations
1: 1:
/ore HTTP /ethods
01T < H1(2 < P3ST

Co$ered in the pre$ious session


3ther methods

P4T

D717T7

/PT0/GS

T,AC7

C/GG7CT
20 20
/ore HTTP /ethods
P=T

Most web browsers do not support it

/ften used with ,7ST

/ften used with EebDAN


O EebCbased Distributed Authorin and Nersionin
O EebDAN is a set of e'tensions to HTTP
O 7ssentia##! means C Store a resource on the server
O A##ows a user aent to store a resource on the ser$er
O The resource wi## then be accessib#e throuh the request 4,0 that was supp#ied durin
the P4T
21 21
/ore HTTP /ethods
2141T1

/ften used with ,7ST or EebDAN

7ssentia##! means C Delete a resource on the server


3PT>3!S

Chec% what HTTP methods the ser$er supports


TR(*1

7choes bac% the request recei$ed as the content bod!

This a##ows a 4A to see what intermediar! pro'ies are addin to6remo$in from
the oriina# request
22 22
/ore HTTP /ethods
*3!!1*T

Con$erts the request connection to a transparent TCP60P tunne#

Pro'ies
O Ehen sendin a HTTPS request5 a pro'! can not decr!pt the messae5 !et the
messae has to o throuh the pro'!
O C/GG7CT informs the pro'! to open up a connection to a ser$er5 and then simp#!
forward an! data b!te for b!te
2" 2"
Topics in this Session
HTTP ; <asics
Concepts
Structure of a HTTP sequence
More HTTP Methods
2ifferences )et"een HTTP '%$ and '%'
HTTP Connections
Authentication mechanisms
HTTP State manaement
Securit! considerations
2+ 2+
HTTP '%$ s HTTP '%'
'%$ has shortcomin:s "ith respect to

Cachin

<andwidth /ptimiDation

Messae transmission

0nternet Address Conser$ation

Getwor% Connection Manaement


'%' has many improements

Performance

A#e'ibi#it!

C#ear#! specifies the $arious requirements for c#ients5 pro'ies and ser$ers.
2- 2-
HTTP '%$ s HTTP '%' , *achin:
*achin:

0mpro$es user percei$ed #atenc!

,educes bandwidth consumption

,educe #oad on oriin ser$ers


*ons in '%$

0ncorrect cachin of some responses that shou#d not ha$e been cached

Aai#ure to cache some responses that cou#d ha$e been cached


Pros in '%'

Gew conditiona# headers; 0fCMatch5 0fC4nmodifiedCSince


O Aaster response time
O 7'p#icit and e'tensib#e protoco# mechanisms for cachin

Ser$er wi## not send down the resource if it hasn8t chaned


2. 2.
HTTP '%$ s HTTP '%' , Band"idth 3ptimi?ation
*ons in '%$

Ser$er sendin a #are resource when c#ient needs on#! a part of it

Go wa! to request partia# ob?ects

0f ser$er can=t hand#e #are requests5 it wou#d return error code =after= bandwidth
consumption
Pros in '%'

,ane requests ; Range header

A##ows c#ient to request portions of a resource

Supports rane of b!tes

Gew status codes 100 (continue)5 20. (partia# content) to faci#itate bandwidth
optimiDation
22 22
HTTP '%$ s HTTP '%' , !et"ork *onnection /ana:ement
7aster response time usin: persistent connections

JeepCA#i$e header

Persistent connection C ,euse the same TCP session for mu#tip#e requests
Persistent connections "ere extended "ith the concept of pipelinin:
in HTTP/'%'

Pipe#inin C C#ient can send man! requests o$er a TCP connection before
recei$in an! response
/ost @sin:le user requestsA consist of multiple HTTP requests

7'pedia Home pae P120 HTTP requests

7ach resource requires a separate HTTP request (imaes5 css5 ?a$ascript...)


29 29
HTTP '%$ s HTTP '%' , /essa:e Transmission
7aster response for dynamically :enerated pa:es

TransferC7ncodin; chun%ed header

A##ows the ser$er to start sendin data before the tota# #enth is %nown

4ses #ess memor! on the ser$er5 since no bufferin needs to be done to


ca#cu#ate content #enth
2: 2:
HTTP '%$ s HTTP '%' , >nternet (ddress *onseration
/ultiple domains on the same >P

Host header

Mu#tip#e domains can share an 0P address


>P addresses are often limited
"0 "0
HTTP '%$ s HTTP '%' , 1rror !otification
(ckno"led:e that the request "as receied

100 Continue response #ine


Sends a response "hen the request has )een receied- )ut not yet
processed

Aids with s#ow communication #in%s or when the user aent wishes to recei$e an
ac%now#edment for request recei$ed
"1 "1
Topics in this Session
HTTP ; <asics
Concepts
Structure of a HTTP sequence
More HTTP Methods
Differences between HTTP 1.0 and 1.1
HTTP *onnections
Authentication mechanisms
HTTP State manaement
Securit! considerations
"2 "2
Beep+(lie connections
Related headers

JeepCA#i$e; @time in secondsB (request)

Connection; c#ose (response)


What it does

A##ows mu#tip#e HTTP transactions to ta%e p#ace o$er the same connection

Sa$es CP4 c!c#es in settin up and tearin down a TCP session for each
request

Sometimes referred to as pipeC#inin5 a#thouh it8s not


"" ""
HTTP/'%$: !o Beep+(lie
User Agent
single
HTTP
transaction
Server
TCP Setup (syn)
TCP Setup (syn/ack)
TCP Setup (ack)
TCP Abort(ack)
TCP Abort (rst)
HTTP request
HTTP response
"+ "+
HTTP/'%': Persistent *onnection , Beep+(lie
User Agent
multiple
HTTP
transactions
Server
TCP Setup (syn)
TCP Setup (syn/ack)
TCP Setup (ack)
TCP Abort(ack)
TCP Abort (rst)
HTTP request
HTTP response
HTTP request
HTTP response
Keep-Alive
"- "-
HTTP/'%': Pipelinin:
User Agent
pipelined
HTTP
transactions
Server
TCP Setup (syn)
TCP Setup (syn/ack)
TCP Setup (ack)
TCP Abort(ack)
TCP Abort (rst)
HTTP request (GET)
HTTP response
HTTP request (GET)
HTTP response
". ".
Topics in this Session
HTTP ; <asics
Concepts
Structure of a HTTP sequence
More HTTP Methods
Differences between HTTP 1.0 and 1.1
HTTP Connections
(uthentication mechanisms
HTTP State manaement
Securit! considerations
"2 "2
(uthentication /echanism
Seeral 2ifferent (uthentication Schemes
Part of HTTP specification

<asic

Diest
Serer/(pplication Specific

Aorm based

C#ient certificate
"9 "9
Basic (uthentication
Handled )y the )ro"ser
": ":
Basic (uthentication , Step '
HTTP/'%' 9$' (uthori?ation Required 6*R478
Date; Ari5 21 Mar 2009 19;1-;+2 >MT @C,1AB
Ser$er; Apache @C,1AB
EEECAuthenticate; <asic rea#mILfi#eMauthoriDation&
ContentC1enth; 119" @C,1AB
ContentCT!pe; te't6p#ainFcharsetI0S/C99-:C1 @C,1AB
@C,1AB
@htm#B
@headB
@tit#eBGot authoriDed@6tit#eB
@6headB
@bod!B
...
Response 4ine
Headers
Response Body
4en:th / encodin:
determined )y
headers
+0 +0
Basic (uthentication , Step 5
01T /path/to/file/index%html HTTP/'%' 6*R478
Host; www.sprinsource.com @C,1AB
4serCAent; MoDi##a6-.0 (EindowsF 4F Eindows GT -.1F enC4SF r$;1.9.1.12)
>ec%o620090201 Airefo'62.0.0.12 @C,1AB
Accept; imae6pn5H6HFqI0.- @C,1AB
AcceptC1anuae; enCus5enFqI0.- @C,1AB
AcceptC7ncodin; Dip5def#ate @C,1AB
AcceptCCharset; 0S/C99-:C15utfC9FqI0.25HFqI0.2 @C,1AB
JeepCA#i$e; "00 @C,1AB
(uthori?ation: Basic cC#nDE>FDCGt @C,1AB
@C,1AB
01T /path/to/file/index%html HTTP/'%' 6*R478
Host; www.sprinsource.com @C,1AB
4serCAent; MoDi##a6-.0 (EindowsF 4F Eindows GT -.1F enC4SF r$;1.9.1.12)
>ec%o620090201 Airefo'62.0.0.12 @C,1AB
Accept; imae6pn5H6HFqI0.- @C,1AB
AcceptC1anuae; enCus5enFqI0.- @C,1AB
AcceptC7ncodin; Dip5def#ate @C,1AB
AcceptCCharset; 0S/C99-:C15utfC9FqI0.25HFqI0.2 @C,1AB
JeepCA#i$e; "00 @C,1AB
(uthori?ation: Basic cC#nDE>FDCGt @C,1AB
@C,1AB
01T request: So no request )ody
Request 4ine
Headers
+1 +1
Basic (uthentication + Summary
*redentials passed "ith eery sin:le request
Stateless
7or security reasons- only "hen HTTPS

That wa! the actua# credentia#s are encr!pted usin SS1


+2 +2
2i:est (uthentication
/ana:ed )y the )ro"ser
#ery similar to )asic
Pass"ord not sent in plain text
2i:est :enerated from pass"ord and serer proided data
Serer :enerates di:est from the same data
>f they match- user must kno" pass"ord
Secure "ithout HTTPS
+" +"
7orm )ased authentication
Handled )y the application / Tomcat
++ ++
7orm )ased authentication
*redentials proided once
Stateful

Ser$er6App#ication must maintain Q#oed in8 state


7or security reasons- only "hen HTTPS

That wa! the actua# credentia#s are encr!pted usin SS1


+- +-
*ertificate authentication
*redentials proided "ith SS4 certificate
Si:ner of certificate compared to one in a trust store
(pplication extracts user info from certificate
Stateful

Ser$er6App#ication must maintain Q#oed in8 state


+. +.
(uthentication + 1xample
*onfi:uration on "e)%xml
@#oinCconfiB
@authCmethodBA/,M@6authCmethodB
@rea#mCnameB7'amp#e AormC<ased Authentication
Area@6rea#mCnameB
@formC#oinCconfiB
@formC#oinCpaeB6securit!6protected6#oin.?sp@6formC#oinC
paeB
@formCerrorCpaeB6securit!6protected6error.?sp@6formCerrorC
paeB
@6formC#oinCconfiB
@6#oinCconfiB
;
@#oinCconfiB
@authCmethodBA/,M@6authCmethodB
@rea#mCnameB7'amp#e AormC<ased Authentication
Area@6rea#mCnameB
@formC#oinCconfiB
@formC#oinCpaeB6securit!6protected6#oin.?sp@6formC#oinC
paeB
@formCerrorCpaeB6securit!6protected6error.?sp@6formCerrorC
paeB
@6formC#oinCconfiB
@6#oinCconfiB
;
+2 +2
Topics in this Session
HTTP ; <asics
Concepts
Structure of a HTTP sequence
More HTTP Methods
Differences between HTTP 1.0 and 1.1
HTTP Connections
Authentication mechanisms
HTTP State mana:ement
Securit! considerations
+9 +9
HTTP State /ana:ement
State mana:ement is not part of the HTTP protocol
Why?

Main#! efficienc! and performance

Manain state in a protoco# is not optima#


But T*P is statefulH

Correct5 the HTTP protoco# doesn8t re#! on the TCP state to maintain state
+: +:
HTTP State /ana:ement
State is mana:ed usin: IcookiesJ
*ookies are set/sent usin: headers

SetCCoo%ie 3 b! the ser$er in the response

Coo%ie 3 b! the 4A in the request


3nly the serer can set cookies

A#thouh it doesn8t pre$ent the 4A for ma%in them up


-0 -0
HTTP state mana:ement , Serer settin: cookie
HTTP/'%' 5$$ 3B 6*R478
Date; Ari5 21 Mar 2009 19;1-;+2 >MT @C,1AB
Ser$er; Apache @C,1AB
EEECAuthenticate; <asic rea#mILfi#eMauthoriDation&
ContentC1enth; 119" @C,1AB
ContentCT!pe; te't6p#ainFcharsetI0S/C99-:C1 @C,1AB
Set+*ookie: GS1SS>3!>2K$'.L772$(2'2.&*.L11$'&59$29M'&$CN PathK/ @C,1AB
@C,1AB
@htm#B
@headB
@tit#eBM! secure pae@6tit#eB
@6headB
@bod!B
%%%
Response Body 4en:th / encodin: determined )y headers
Headers
Response 4ine
-1 -1
HTTP state mana:ement , =ser a:ent sendin: cookie
01T /path/to/file/index%html HTTP/'%' 6*R478
Host; www.sprinsource.com @C,1AB
4serCAent; MoDi##a6-.0 (EindowsF 4F Eindows GT -.1F enC4SF r$;1.9.1.12)
>ec%o620090201 Airefo'62.0.0.12 @C,1AB
Accept; imae6pn5H6HFqI0.- @C,1AB
AcceptC1anuae; enCus5enFqI0.- @C,1AB
AcceptC7ncodin; Dip5def#ate @C,1AB
AcceptCCharset; 0S/C99-:C15utfC9FqI0.25HFqI0.2 @C,1AB
JeepCA#i$e; "00 @C,1AB
*ookie: GS1SS>3!>2K$'.L772$(2'2.&*.L11$'&59$29M'&$C @C,1AB
@C,1AB
01T request: So no request )ody
Request 4ine
Headers
-2 -2
HTTP State /ana:ement
*ookie is Oust another header
Sent "ith each request
4ifespan

Session coo%ie 3 de#eted when the 4A shuts down

Ma' ae 3 time in seconds the 4A shou#d %eep the coo%ie around 3 sur$i$es 4A
restarts

Can be de#eted b! usin SetCCoo%ie header with ma' ae of 0


-" -"
HTTP State /ana:ement
Some pitfalls

HTTP is state#ess

How does the ser$er %now if the 4A e'ited or is in between requestsK

0t doesn8tR
3nly "ay to clean up + timeouts

The memor! used on the ser$er to represent the state can on#! be timed out
due to 4A inacti$it!
-+ -+
Security *onsiderations
HTTP is clear text

A## data is $isib#e to an! intermediaries on the net


(nyone can make a request on @yourA )ehalf
When concerned- use HTTPS

And don8t switch bac% and forth between HTTP6HTTPS


-- --
Topics in this Session
HTTP ; <asics
Concepts
Structure of a HTTP sequence
More HTTP Methods
Differences between HTTP 1.0 and 1.1
HTTP Connections
Authentication mechanisms
HTTP State manaement
Security considerations
-. -.
Summary
HTTP Basics
*oncepts
Structure of a HTTP sequence
/ore HTTP /ethods
2ifferences )et"een HTTP '%$ and '%'
HTTP *onnections
(uthentication mechanisms
HTTP State mana:ement
Security considerations
-2 -2
Puestions?
11
HTTP Basics Lab
22
Windows Instructions
Installing Fiddler
Installing LiveHttpHeaders
Viewing requests
Modifying requests
t!er tools
33
Linu" Instructions
Installing LiveHttpHeaders
Installing Wires!ar#
Viewing requests
Modifying requests
t!er tools
44
t!er tools
Firefo"

LiveHTTPHeaders

http://livehttpheaders.mozdev.org/

Modify headers

http://modifyheaders.mozdev.org/
Internet e"plorer

ieHTTPHeaders (free oly for persoal !se"

http://###.$l!%&.se/iehttpheaders/do#load.html

You might also like