Introduction xxiii Chapter 1: Apache Tomcat 1 Humble Beginnings: The Apache Project 2 The Apache Software Foundation 3 Tomcat 3 Distributing Tomcat: The Apache License 4 Comparison with Other Licenses 5 The Big Picture: Java EE 6 Java APIs 6 The Java EE APIs 7 Java EE Application Servers 8 Agree on Standards, Compete on Implementation 8 Tomcat and Application Servers 9 Tomcat and Web Servers 9 Summary 10 Chapter 2: Web Applications: Servlets, JSPs, and More 13 A Brief History of Web Applications 13 CGI Scripts: The First Mechanism for Dynamic Content 13 Server Side Java: Servlets 14 JavaServer Pages 19 JSP Tag Libraries 22 JSP EL 23 MVC Architecture 24 Using Appropriate Web Technologies 25 Building and Distributing Web Applications 26 Summary 27 COPYRIGHTED MATERIAL Chapter 3: Tomcat Installation 29 Installing the Java Virtual Machine 29 Installing the JVM on Windows 30 Installing the JVM on Linux 32
xii Installing Tomcat 34 Deciding Which Distribution to Install 34 Verifying the Downloaded File 35 Tomcat Windows Installer 36 Installing Tomcat on Windows Using the ZIP File 41 Installing Tomcat on Linux 42 Building Tomcat from Source 44 Do You Need to Build Tomcat from the Source Code? 44 Downloading the Source Release 44 Subversion Repository 45 Building a Source Release 45 The Tomcat Installation Directory 46 Installing APR 47 Troubleshooting and Tips 48 Class Version Error 49 The Port Number Is in Use 49 Running Multiple Instances 49 A Proxy Is Blocking Access 49 Summary 50 Chapter 4: Tomcat Architecture 51 Tomcat Directory Overview 51 bin Directory 52 conf Directory 52 lib Directory 53 logs Directory 53 temp Directory 53 webapps Directory 53 work Directory 54 An Overview of Tomcat Architecture 54 The Server 55 The Service 56 The Remaining Classes in the Tomcat Architecture 59 Connector Architecture 59 Communication Paths 60 Connector Protocols 61 Choosing a Connector 63 Lifecycle 64 Lifecycle Interface 65 LifecycleListener Interface 65 Configuration by Architecture 66 Summary 67
Chapter 5: Basic Tomcat Configuration 69 Tomcat 6 Configuration Essentials 70 Files in $CATALINA_HOME/conf 71 Basic Server Configuration 71 Server Configuration via the Default server.xml 72 Operating Tomcat in Application Server Configuration 75 Web Application Context Definitions 82 The Default context.xml File 82 Authentication and the tomcat-users.xml File 86 The Default Deployment Descriptor web.xml 86 How server.xml, Context Descriptors, and web.xml Work Together 91 Fine-Grained Access Control: catalina.policy 94 catalina.properties: Finer-Grained Control over Access Checks 97 Bootstrapping Configuration 97 A Final Word on Differentiating Between Configuration and Management 98 Tomcat 6 Web-Based GUI Configurator 98 Summary 100 Chapter 6: Advanced Tomcat Features 103 Valves Interception Tomcat-Style 104 Standard Valves 104 Access Log Implementation 105 Scope of Log Files 106 Single Sign-On Implementation 108 Multiple Sign-On Without the Single Sign-On Valve 109 Configuring a Single Sign-On Valve 111 Form Authenticator Valve 112 Restricting Access via a Request Filter 112 Remote Address Filter 112 Remote Host Filter 113 Configuring Request Filter Valves 113 Request Dumper Valve 114 Persistent Sessions 115 The Need for Persistent Sessions 115 Configuring a Persistent Session Manager 115 JNDI Resource Configuration 118 What Is JNDI? 118 Tomcat and JNDI 119 Typical Tomcat JNDI Resources 120 Configuring Resources via JNDI 121 xiii
xiv Configuring a JDBC DataSource 124 Configuring Mail Sessions 126 Configuring Lifecycle Listeners 129 Lifecycle Events Sent by Tomcat Components 129 The <Listener> Element 129 Tomcat 6 Lifecycle Listeners Configuration 130 Summary 133 Chapter 7: Web Application Configuration 135 Understanding the Contents of a Web Application 135 Public Resources 136 The WEB-INF Directory 138 The META-INF Directory 139 Understanding the Deployment Descriptor (web.xml) 140 The Servlet 2.3 Style Deployment Descriptor 141 The Servlet 2.4/2.5 Style Deployment Descriptor 154 Summary 171 Chapter 8: Web Application Administration 173 Sample Web Application 173 Tomcat Manager Application 175 Enabling Access to the Manager Application 176 Manager Application Configuration 178 Tomcat Manager: Web Interface 180 Displaying Tomcat Server Status 180 Managing Web Applications 181 Deploying a Web Application 182 Tomcat Manager: Managing Applications with Ant 182 Known Issue: Failure While Undeploying Web Applications on Windows 188 Tomcat Manager Using HTTP Requests 189 List Deployed Applications 190 Deploying a New Application 190 Installing/Deploying Applications in Tomcat 6 191 Deploying a New Application Remotely 192 Deploying a New Application from a Local Path 192 Reloading an Existing Application 194 Listing Available JNDI Resources 195 Listing OS and JVM Properties 196 Stopping an Existing Application 196 Starting a Stopped Application 197 Undeploying a Web Application 198
Displaying Session Statistics 198 Querying Tomcat Internals Using the JMX Proxy Servlet 199 Setting Tomcat Internals Using the JMX Proxy Servlet 200 Possible Errors 200 Security Considerations 201 Tomcat Deployer 203 Summary 203 Chapter 9: Class Loaders 205 Class Loader Overview 205 Standard Java SE Class Loaders 207 More on Class Loader Behavior 210 Creating a Custom Class Loader 211 Why Is a Custom Class Loader Needed for Tomcat? 211 Security and Class Loaders 212 Class Loader Delegation 212 Core Class Restriction 212 Separate Class Loader Namespaces 213 SecurityManager 213 Tomcat and Class Loaders 214 System Class Loader 215 Endorsed Standards Override Mechanism 215 Common Class Loader 215 Web Application Class Loader 216 Dynamic Class Reloading 217 Common Class Loader Pitfalls 218 Packages Split Among Different Class Loaders 218 Singletons 218 XML Parsers 219 Summary 220 Chapter 10: HTTP Connectors 221 HTTP Connectors 222 Tomcat 6 HTTP/1.1 Connector 223 The Advanced NIO Connector 227 Comet Asynchronous IO Support 228 The Native APR Connector 228 Configuring Tomcat for CGI Support 232 Configuring Tomcat for SSI Support 234 Configuring the Tomcat 6 SSI Servlet 235 Configuring the Tomcat 6 SSI Filter 237 xv
Running Tomcat Behind a Proxy Server 238 Performance Tuning 239 Tunable Configuration Attributes 239 TCP/IP Stack Tuning Tips 240 Front-Ending Tomcat 6 with a Web Server 241 Summary 242 Chapter 11: Tomcat and Apache HTTP Server 243 The AJP Connector Architecture 244 The Native Code Apache Modules 244 The Apache JServ Protocol 245 The AJP Connector 245 Apache Web Server Frontend or Tomcat Standalone 246 Understanding Tomcat Workers 246 Multiple Tomcat Workers 246 Configuring Apache Server to Work with Multiple Tomcat Workers the workers.properties File 247 Connecting Tomcat with Apache 251 Tomcat 6 Configuration 251 Apache Web Server Configuration 252 Using the mod_ jk Module 253 Using the mod_proxy Module 259 Configuring SSL for Apache Web Server 263 Configuring mod_ssl for Apache 264 Testing the SSL-Enabled Apache Setup 269 SSL-Enabled Apache-Tomcat Setup 271 Tomcat Load Balancing with Apache 273 Changing CATALINA_HOME in the Tomcat Startup Files 274 Setting Different AJP Connector Ports 275 Setting Different Server Ports 275 Disabling the Default HTTP/1.1 Connector 276 Setting the jvmroute in the Standalone Engine 276 Commenting Out the Catalina Engine 277 Directives in httpd.conf 277 Workers Configuration in workers.properties 277 Testing the Load Balancer 279 Testing Sticky Sessions 280 Testing Round-Robin Behavior 281 Testing with Different Load Factors 283 Summary 284 xvi
Chapter 12: Tomcat and IIS 285 Role of the ISAPI Plug-in 285 Connecting Tomcat with IIS 286 Verifying Tomcat and IIS Installations 287 Configuring the JK Connector 288 Installing the ISAPI Plug-in 288 Configuring Tomcat Workers 289 Configuring the Request Forwarding Rules 291 Optionally Configure URL Rewrite Rules 292 Updating the Windows Registry for the ISAPI Plug-in 292 IIS 5 Isolation Mode (IIS 6 Only) 295 Creating a Virtual Directory Under IIS 296 Adding the ISAPI Plug-in as an IIS Filter 300 Authorizing the ISAPI Plug-in as a Web Application Extension (IIS 6 Only) 302 Testing the Final Setup 303 Troubleshooting Tips 303 Using SSL 305 Scalable Architectures with IIS and Tomcat 305 Distributing Web and Application Server Deployments 306 Multiple Tomcat Workers 307 Load-Balanced AJP Workers 307 Summary 307 Chapter 13: JDBC Connectivity 309 JDBC Basics 310 Establishing and Terminating Connections to RDBMSs 311 Evolving JDBC Versions 311 JDBC Driver Types 312 Database Connection Pooling 313 A Problem with Connection Pooling 314 Tomcat and the JDBC Evolution 315 JNDI Emulation and Pooling in Tomcat 6 315 Preferred Configuration: JNDI Resources 317 The Resource Tag 317 Hands-On JNDI Resource Configuration 319 Testing the JNDI Resource Configuration 324 Alternative JDBC Configuration 326 Alternative Connection Pool Managers 326 About the c3p0 Pool Manager 326 Deploying the c3p0 Pooling Manager 327 xvii
Obtaining JDBC Connections Without JNDI Lookup 327 Testing Non-JNDI Pool Access with c3p0 329 Obtaining a Connection with JNDI Mapping 330 Testing c3p0 with Tomcat 6 JNDI-Compatible Lookup 331 Deploying Third-Party Pools 332 Summary 332 Chapter 14: Tomcat Security 335 Verifying Tomcat Download Integrity 336 Verifying the MD5 DIGEST 336 Using PGP to Verify the Download 338 Securing the Tomcat Server Installation 340 Removing Default Applications 341 ROOT and tomcat-docs 341 System Applications manager and host-manager 341 Tying Down System Application Access Security 341 Removing JSP and Servlet Examples 342 Changing the SHUTDOWN Command 342 Running Tomcat with a Special Account 342 Creating a Non-Privileged Tomcat User 343 Running Tomcat with the Tomcat User 343 Securing the File System 344 Windows File System 344 Linux File System 346 Securing the Java Virtual Machine 346 Overview of the Security Manager 347 Using the Security Manager with Tomcat 350 Recommended Security Manager Practices 353 Securing Web Applications 355 Authentication and Realms 355 Security Realms 360 Encryption with SSL 377 JSSE 378 Protecting Resources with SSL 381 Securing DefaultServlet 383 Disabling Directory Listing 383 Disabling an Invoker Servlet, SSI, and CGI Gateway 384 Host Restriction 384 Summary 384 xviii
Chapter 15: Shared Tomcat Hosting 387 Virtual Hosting Concepts 387 Virtual Hosting in Apache 388 Example Deployment Scenario 388 IP-Based Virtual Hosting in Apache 389 Name-Based Virtual Hosting in Apache 392 Virtual Hosting in Tomcat 395 Example Deployment Scenario 396 Tomcat as a Standalone Server 398 Tomcat with Apache 405 Configuring Apache 406 The Tomcat Host-Manager Application 409 Virtual Hosting Issues: Stability, Security, and Performance 409 Tuning Virtual Hosting Settings in Tomcat 410 Creating Separate JVMs for Each Virtual Host 410 Setting Memory Limits on the Tomcat JVM 414 Using Java Security Manager Restrictions 416 Summary 417 Chapter 16: Monitoring and Managing Tomcat with JMX 419 The Requirement to Be Manageable 420 All About JMX 422 The JMX Architecture 422 Instrumentation Level 424 Agent Level 425 Distributed Services Level 427 JMX Remote API 428 An Anthology of MBeans 428 Standard MBeans 428 Dynamic MBeans 428 Model MBeans 429 Open MBeans 429 JMX Manageable Elements in Tomcat 6 429 Manageable Tomcat 6 Architectural Components 430 Manageable Nested Components 430 Manageable Runtime Data Objects 430 Manageable Resource Object 436 Accessing Tomcat 6 s JMX Support via the Manager Proxy 441 Working with the JMX Proxy 442 xix
Modifying MBean Attributes 444 Using jconsole GUI to Monitor Tomcat 447 Configuring Tomcat for Remote Monitoring 450 Summary 452 Chapter 17: Clustering 455 Clustering Benefits 456 Scalability and Clustering 456 The Need for High Availability 457 Clustering Basics 457 Master-Backup Topological Pattern 457 Fail-Over Behavioral Pattern 458 Tomcat 6 Clustering Model 459 Load Balancing 460 Session Sharing 461 Working with Tomcat 6 Clustering 465 Session Management in Tomcat 6 465 The Role of Cookies and Modern Browsers 466 Configuring a Tomcat 6 Cluster 466 Common Front End: Load Balancing via Apache mod_ jk 471 Preparation for Using Different Session-Sharing Backends 472 Backend 1: In-Memory Replication Configuration 472 Backend 2: Persistent Session Manager with a Shared File Store 484 Backend 3: Persistent Session Manager with a JDBC Store 487 Testing a Tomcat Cluster with JDBC Persistent Session Manager Backend 490 The Complexity of Clustering 490 Clustering and Performance 490 Clustering and Response Time 491 Solving Performance Problems with Clustering 491 Summary 491 Chapter 18: Embedded Tomcat 493 Importance of Embedded Tomcat in Modern System Design 494 Typical Embedded Application Scenarios 495 Developing with Embedded Tomcat 495 Summary 503 xx
Chapter 19: Logging 505 Changes from Tomcat 5 505 log4j 506 log4j Architecture 506 log4j Installation and Configuration 509 A Tutorial Introduction to log4j 514 More log4j Recipes 515 log4j Performance Tips 527 JULI 527 Java Logging Architecture 527 A Tutorial Introduction to JULI 529 Log Files Analysis 531 Summary 532 Chapter 20: Performance Testing 533 Performance Concepts 533 What to Measure 533 Scalability and Performance 534 Understanding the User s Perspective 535 Measuring Performance 535 JMeter 537 Installing and Running JMeter 537 Making and Understanding Test Plans with JMeter 538 JMeter Features 542 Distributed Load Testing 554 Interpreting Test Results 555 Alternatives to JMeter 558 What to Do After Performance Testing 558 Summary 559 Chapter 21: Performance Tuning 561 Performance Tuning Best Practices 561 Step 1: Set Up a Test Bed 562 Step 2: Test Performance and Identify the Baseline 563 Step 3: Diagnose Performance Bottlenecks 564 Diagnosing Tomcat Performance Issues 564 Tomcat Performance Tuning Tips 566 Tuning the JVM Parameters 567 Precompiling JSPs 569 xxi
Tuning Tomcat Configuration 571 Using Web Servers for Static Content, When Appropriate 582 Summary 584 Appendix A: Tomcat and IDEs 585 Eclipse 585 Debugging a Remote Web Application in Eclipse 586 Deploying and Debugging Local Web Applications Using the Sysdeo Tomcat Plugin 589 Deploying and Debugging Web Applications Using the Web Tools Platform 591 Managing Web Application Deployment Using Apache Ant and Eclipse 593 NetBeans 593 Debugging a Remote Web Application In NetBeans 594 Debugging a Web Application Inside NetBeans 596 Summary 596 Appendix B: Apache Ant 597 Installing Ant 598 Introduction to Ant 598 More Command-Line Options 601 Ant Recipes 602 Building Web Applications with Ant 602 Compiling JSPs 608 Reusable Ant Scripts Using Property Files and Command-Line Parameters 609 Build Logs 610 Build Notifications via E-mail 611 Ant and Source Control Systems 613 Automated Testing 614 Continuous Integration 615 Ant Task Reference 615 Summary 619 Index 621 xxii