Table of Contents
| Acknowledgments | vii |
| Introduction | xxi |
| Chapter 1 | Apache and Jakarta Tomcat | 1 |
| Humble Beginnings: The Apache Project | 2 |
| The Apache Software Foundation | 3 |
| The Jakarta Project | 3 |
| Distributing Tomcat | 5 |
| Comparison with Other Licenses | 6 |
| The Big Picture: J2EE | 7 |
| Tomcat and Web Servers | 11 |
| Summary | 12 |
| Chapter 2 | JSP and Servlets | 13 |
| First Came CGI | 14 |
| Then Servlets Were Born | 14 |
| And on to JSPs... | 18 |
| JSP Tag Libraries | 21 |
| Web Application Architecture | 24 |
| Java Site Architecture | 25 |
| Summary | 27 |
| Chapter 3 | Tomcat Installation | 29 |
| Installing the Java Virtual Machine | 29 |
| Installing Tomcat | 33 |
| The Tomcat Installation Directory | 41 |
| Troubleshooting and Tips | 43 |
| Summary | 44 |
| Chapter 4 | Tomcat Architecture | 45 |
| An Overview of Tomcat Architecture | 45 |
| Summary | 50 |
| Chapter 5 | Basic Tomcat Configuration | 51 |
| Tomcat 5 Configuration Essentials | 52 |
| Tomcat 5 Web-Based Configurator | 53 |
| Files in $CATALINA_HOME/conf | 58 |
| Basic Server Configuration | 60 |
| Summary | 88 |
| Chapter 6 | Web Application Configuration | 91 |
| The Contents of a Web Application | 91 |
| The Deployment Descriptor (web.xml) | 96 |
| Summary | 125 |
| Chapter 7 | Web Application Administration | 127 |
| Sample Web Application | 128 |
| Tomcat Manager Application | 129 |
| Tomcat Manager: Using HTTP Requests | 134 |
| Tomcat Manager: Web Interface | 150 |
| Tomcat Manager: Managing Applications with Ant | 154 |
| Possible Errors | 157 |
| Security Considerations | 158 |
| Tomcat Deployer | 160 |
| Summary | 160 |
| Chapter 8 | Advanced Tomcat Features | 161 |
| Valves--Interception Tomcat-Style | 162 |
| Standard Valves | 162 |
| Access Log Implementation | 163 |
| Single Sign-On Implementation | 166 |
| Restricting Access via a Request Filter | 170 |
| Persistent Sessions | 172 |
| JNDI Resource Configuration | 176 |
| Configuring Lifecycle Listeners | 187 |
| Summary | 191 |
| Chapter 9 | Class Loaders | 193 |
| Class Loader Overview | 194 |
| Security and Class Loaders | 200 |
| Tomcat and Class Loaders | 202 |
| Dynamic Class Reloading | 206 |
| Common Class Loader Pitfalls | 206 |
| Summary | 209 |
| Chapter 10 | HTTP Connectors | 211 |
| HTTP Connectors | 212 |
| Configuring Tomcat for CGI Support | 220 |
| Configuring Tomcat for SSI Support | 222 |
| Running Tomcat Behind a Proxy Server | 223 |
| Performance Tuning | 224 |
| Summary | 226 |
| Chapter 11 | Web Server Connectors | 229 |
| Reasons for Using a Web Server | 229 |
| Connector Architecture | 230 |
| Choosing a Connector | 233 |
| Summary | 235 |
| Chapter 12 | Tomcat and Apache Server | 237 |
| Introducing the JK2 Connector | 238 |
| Understanding Tomcat Workers | 239 |
| Connecting Tomcat with Apache | 241 |
| Configuring SSL | 250 |
| Tomcat Load Balancing with Apache | 255 |
| Testing the Load Balancer | 265 |
| Summary | 270 |
| Chapter 13 | Tomcat and IIS | 271 |
| Role of the ISAPI Filter | 272 |
| Connecting Tomcat with IIS | 272 |
| Troubleshooting Tips | 287 |
| Performance Tuning | 289 |
| Using SSL | 291 |
| Summary | 292 |
| Chapter 14 | JDBC Connectivity | 293 |
| JDBC Basics | 294 |
| JNDI Emulation and Pooling in Tomcat 5 | 299 |
| Preferred Configuration: JNDI Resources | 300 |
| Alternative JDBC Configuration | 311 |
| Alternative Connection Pool Managers | 312 |
| Summary | 320 |
| Chapter 15 | Tomcat Security | 321 |
| Securing the Tomcat Installation | 321 |
| Running Tomcat with a Special Account | 324 |
| Securing the File System | 326 |
| Securing the Java Virtual Machine | 328 |
| Securing Web Applications | 337 |
| Authentication and Realms | 337 |
| Encryption with SSL | 362 |
| Host Restriction | 368 |
| Summary | 368 |
| Chapter 16 | Shared Tomcat Hosting | 369 |
| Virtual Hosting | 370 |
| Virtual Hosting with Tomcat | 375 |
| Introduction to Virtual Hosting with Tomcat | 377 |
| Fine-Tuning Shared Hosting | 386 |
| Summary | 393 |
| Chapter 17 | Server Load Testing | 395 |
| The Importance of Load Testing | 395 |
| Load Testing with JMeter | 396 |
| Interpreting Test Results | 414 |
| Optimization Techniques | 416 |
| Exploring Alternatives to JMeter | 419 |
| Summary | 419 |
| Chapter 18 | JMX Support | 421 |
| The Requirement to Be Manageable | 421 |
| All About JMX | 423 |
| JMX Remote API | 430 |
| An Anthology of MBeans | 430 |
| JMX Manageable Elements in Tomcat 5 | 431 |
| Accessing Tomcat 5's JMX Support via the Manager Proxy | 444 |
| Security Concerns | 454 |
| Summary | 454 |
| Chapter 19 | Tomcat 5 Clustering | 457 |
| Clustering Benefits | 458 |
| Clustering Basics | 460 |
| Tomcat 5 Clustering Model | 461 |
| Working with Tomcat 5 Clustering | 468 |
| An Application-Level Load Balancing Alternative (Balancer) | 490 |
| The Complexity of Clustering | 497 |
| Summary | 498 |
| Chapter 20 | Embedded Tomcat | 501 |
| Importance of Embedded Tomcat in Modern System Design | 502 |
| Overview of Embedded Mode in Tomcat | 505 |
| The Apache Jakarta Commons Modeler | 507 |
| Ant Script Operational Flow | 510 |
| Summary | 522 |
| Appendix A | Log4J | 525 |
| Appendix B | Tomcat and IDEs | 551 |
| Appendix C | Apache Ant | 559 |
| Index | 573 |
Read a Sample Chapter
Professional Apache Tomcat 5
By Vivek Chopra Amit Bakore Jon Eaves Ben Galbraith Sing Li Chanoch Wiggers John Wiley & Sons
ISBN: 0-7645-5902-8
Chapter One
Apache and Jakarta Tomcat If you've written any Java Servlets or JavaServer Pages (JSPs), chances are good that you've downloaded Tomcat. That's because Tomcat is a free, feature-complete Servlet container that developers of Servlets and JSPs can use to test their code. Tomcat is also Sun Microsystems' reference implementation of a Servlet container, which means that Tomcat's first goal is to be 100 percent compliant with the versions of the Servlet and JSP API specifications that it supports. Sun Microsystems (Sun) is the creator of the Java programming language and functions as its steward.
However, Tomcat is more than just a test server. Many individuals and corporations are using Tomcat in production environments because it has proven to be quite stable. Indeed, Tomcat is considered by many to be a worthy addition to the excellent Apache suite of products of which it is a member.
Despite Tomcat's popularity, it suffers from a common shortcoming among open source projects: lack of complete documentation. Some documentation is distributed with Tomcat (mirrored at jakarta.apache.org/tomcat/), and there's even an open source effort to write a Tomcat book (tomcatbook.sourceforge.net/). Even with these resources, however, there is a great need for additional material.
This book has been created to fill in some of the documentation holes, and uses the combined experience of the authors to help Java developers and system administrators make the most of the Tomcat product. Whether you're trying to learn enough to just get started developing Servlets or trying to understand the more arcane aspects of Tomcat configuration, you should find what you're looking for within these pages.
The first two chapters are designed to provide newcomers with some basic background information that will become prerequisite learning for subsequent chapters. If you're a system administrator with no previous Java experience, you are advised to read these first two chapters, and likewise if you're a Java developer who is new to Tomcat. If you're well informed about Tomcat and Java, you'll probably want to jump straight ahead to Chapter 3, "Tomcat Installation," although skimming this chapter and its successor is likely to add to your present understanding.
The following points are discussed in this chapter:
The origins of the Tomcat server
The terms of Tomcat's license and how it compares to other open source licenses
How Tomcat fits into the Java "big picture"
An overview of integrating Tomcat with Apache and other Web servers
Humble Beginnings: The Apache Project
One of the earliest Web servers was developed by Rob McCool at the National Center for Supercomputer Applications (NCSA), University of Illinois, Urbana-Champaign, referred to colloquially as the NCSA project, or NCSA for short. In 1995, the NCSA server was quite popular, but its future was uncertain because McCool left NCSA in 1994. A group of developers got together and compiled all the NCSA bug fixes and enhancements they had found, and patched them into the NCSA code base. The developers released this new version in April 1995, and called it Apache, which was somewhat of an acronym for "A PAtCHy Web Server."
Apache was readily accepted by the Web-serving community from its earliest days, and less than a year after its release, it unseated NCSA to become the most used Web server in the world (measured by the total number of servers running Apache), a distinction that it has held ever since (according to Apache's Web site). Incidentally, during the same period that Apache's use was spreading, NCSA's popularity was plummeting, and by 1999, NCSA was officially discontinued by its maintainers.
For more information on the history of Apache and its developers, see httpd.apache.org/ ABOUT_APACHE.html.
Today, the Apache Web server is available on just about any major operating system (as of this writing, binary downloads of Apache are available for 29 different operating systems, and Apache can be compiled on dozens more). Apache can be found running on some of the largest server farms in the world, as well as on some of the smallest devices (including several hand-held devices). In Unix data centers, Apache is as ubiquitous as air conditioning and UPS systems.
While Apache was originally a somewhat mangy collection of miscellaneous patches, today's versions are state-of-the-art, incorporating rock-solid stability with bleeding edge features. The only real competitor to Apache in terms of market share and feature set is Microsoft's Internet Information Server (IIS), which is bundled free with certain versions of the Windows operating system. As of this writing, Apache's market share is estimated at around 67 percent, with IIS at a distant 21 percent (statistics courtesy of news.netcraft.com/archives/web_server_survey.html, January 2004).
It is also worth noting that Apache has a reputation of being much more secure than Microsoft IIS. When new vulnerabilities are discovered in either server, the Apache developers fix Apache far faster than Microsoft fixes IIS.
The Apache Software Foundation
In 1999, the same folks who wrote the Apache server formed the Apache Software Foundation (ASF). The ASF is a nonprofit organization that was created to facilitate the development of open source software projects. Tomcat is developed under the auspices of the ASF. According to their Web site, the ASF accomplishes this goal by the following:
Providing a foundation for open, collaborative software development projects by supplying hardware, communication, and business infrastructure
Creating an independent legal entity to which companies and individuals can donate resources and be assured that those resources will be used for the public benefit
Providing a means for individual volunteers to be sheltered from legal suits directed at ASF projects
Protecting the Apache brand (as applied to its software products) from being abused by other organizations
In practice, the ASF does indeed sponsor a great many open source projects. While the best-known of these projects is likely the aforementioned Apache Web server, the ASF hosts many other well-respected and widely used projects, including such respected industry standards as the following:
PHP - Perhaps the world's most popular Web scripting language
Xerces - A Java/C++ XML parser with JAXP bindings
Ant - A Java-based build system (and much more)
Axis - A Java-based Web Services engine
The list of ASF-sponsored projects is growing fast. Visit apache.org to see the latest list.
The Jakarta Project
Of most relevance to this book is Apache's Jakarta project, of which the Tomcat server is a subproject. The Jakarta project is an umbrella under which the ASF sponsors the development of many Java subprojects. As of this writing, there is an impressive array of more than 20 such projects. They are divided into the following three categories:
Libraries, tools, and APIs
Frameworks and engines
Server applications
Tomcat fits into the latter of these three.
Tomcat
The Jakarta Tomcat project has its origins in the earliest days of Java's Servlet technology. Servlets are a certain type of Java application that plugs into special Web servers, called Servlet containers (originally called Servlet engines). Sun created the first Servlet container, called the Java Web Server, which demonstrated the technology but wasn't terribly robust. Meanwhile, the ASF folks created the JServ product, which was a Servlet engine that integrated with the Apache Web server.
In 1999, Sun donated their Servlet container code to the ASF, and the two projects were merged to create the Tomcat server. Today, Tomcat serves as Sun's official reference implementation (RI), which means that Tomcat's first priority is to be fully compliant with the Servlet and JavaServer Pages (JSP) specifications published by Sun. JSP pages are simply an alternative, HTML-like way to write Servlets. This is discussed in more detail in Chapter 2, "JSP and Servlets."
An RI also has the side benefit of refining the specification. As an RI team seeks to implement a committee-created specification (for example, the Servlet specification) in the real world, unanticipated problems emerge that must be resolved before the rest of the world can successfully make use of the specifications. As a corollary, if an RI of a specification is successfully created, it demonstrates to the rest of the world that the specification is technically viable.
The RI is in principle completely specification-compliant and therefore can be very valuable, especially for people who are using very advanced parts of the specification. The RI is available at the same time as the public release of the specification, which means that Tomcat is usually the first server to provide the enhanced specification features when a new specification version is completed.
The first version of Tomcat was the 3.x series, and it served as the reference implementation of the Servlet 2.2 and JSP 1.1 specifications. The Tomcat 3.x series was descended from the original code that Sun provided to the ASF in 1999.
In 2001, Tomcat 4.0 (code-named Catalina) was released. Catalina was a complete redesign of the Tomcat architecture, and built on a new code base. The Tomcat 4.x series is the RI of the Servlet 2.3 and JSP 1.2 specifications.
Tomcat 5.0, the latest release of Tomcat, is an implementation of the new Servlet 2.4 and JSP 2.0 API specifications. In addition to supporting the new features of these specifications, Tomcat 5 also introduces many improvements over its predecessor, such as better JMX support and various performance optimizations.
Earlier in this chapter, it was mentioned that Tomcat is Sun's RI of the Servlet and JSP APIs. Yet, it is the ASF that develops Tomcat, not Sun. It turns out that Sun provides resources to the ASF in the form of Sun employees paid to work on Tomcat. Sun has a long history of donating resources to the open source community in this and other ways.
Other Jakarta Subprojects
Wise Java Web application developers who want to save valuable time will familiarize themselves with the other Jakarta projects. These peer projects of Tomcat include the following:
Commons - A collection of commonly needed utilities, such as alternative implementations of the Collection Framework interfaces, an HTTP client for initiating HTTP requests from a Java application, and much more
Jmeter - An HTTP load simulator used for determining just how heavy a load Web servers and applications can withstand
Lucene - A high-quality search engine written by at least one of the folks who brought us the Excite! search engine
Log4J - A popular logging framework with more features than Java 1.4's logging API, and support for all versions of Java since 1.1
ORO and Regexp - Two different implementations of Java-based regular expression engines
POI - An effort to create a Java API for reading/writing the Microsoft Office file formats
Struts - Perhaps the most popular Java framework for creating Web applications
This list is by no means comprehensive, and more projects are added frequently.
Distributing Tomcat
Tomcat is open source software, and, as such, is free and freely distributable. However, if you have much experience in dealing with open source software, you're probably aware that the terms of distribution can vary from project to project.
Most open source software is released with an accompanying license that states what may and may not be done to the software. At least 40 different open source licenses are in use, each of which has slightly different terms.
Providing a primer on all of the various open source licenses is beyond the scope of this chapter, but the license governing Tomcat is discussed here and compared with a few of the more popular open source licenses.
Tomcat is distributed under the Apache License, which can be read from the $CATALINA_HOME/LICENSE file. The key points of this license state the following:
The Apache License must be included with any redistributions of Tomcat's source code or binaries.
Any documentation included with a redistribution must give a nod to the ASF.
Products derived from the Tomcat source code can't use the terms "Tomcat," "The Jakarta Project," "Apache," or "Apache Software Foundation" to endorse or promote their software without prior written permission from the ASF.
Tomcat has no warranty of any kind.
However, through omission, the license contains the following additional implicit permissions:
Tomcat can be used by any entity (commercial or noncommercial) for free without limitation.
Those who make modifications to Tomcat and distribute their modified version do not have to include the source code of their modifications.
Those who make modifications to Tomcat do not have to donate their modifications to the ASF.
Thus, you're free to deploy Tomcat in your company in any way you see fit. It can be your production Web server or your test Servlet container used by your developers. You can also redistribute Tomcat with any commercial application that you may be selling, provided that you include the license and give credit to the ASF. You can even use the Tomcat source code as the foundation for your own commercial product.
Comparison with Other Licenses
Among the previously mentioned and rather large group of other open source licenses, two licenses are particularly popular at the present time: the GNU General Public License (GPL) and the GNU Lesser General Public License (LGPL). Let's take a look at how each of these licenses compares to the Apache License.
GPL
The GNU Project created and actively evangelizes the GPL. The GNU Project is somewhat similar to the ASF, with the exception that the GNU Project would like all of the nonfree (that is, closed source or proprietary) software in the world to become free. The ASF has no such (stated) desire and simply wants to provide free software.
Free software can mean one of two entirely different things: software that doesn't cost anything, and software that can be freely copied, distributed, and modified by anyone (thus, the source code is included or is easily accessible). Such software can be distributed either free or for a fee. A simpler way to explain the difference between these two types of free is to compare "free as in free beer" and "free as in free speech."
Continues...
Excerpted from Professional Apache Tomcat 5 by Vivek Chopra Amit Bakore Jon Eaves Ben Galbraith Sing Li Chanoch Wiggers Excerpted by permission.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.
loading...