Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Apache Tomcat 8 Preview

Daniel Mikusa
February 11, 2014

Apache Tomcat 8 Preview

Apache Tomcat 8 implements new versions of the Servlet, JSP and EL specifications as well as adding support for the new WebSocket specification. Work has also been completed on internal refactoring in a number of areas that will impact a number of Tomcat specific features.

This presentation will provide an overview of the changes and new features introduced by both the updated specifications and the Tomcat specific changes. This session will enable attendees to identify the Tomcat 8 features of greatest interest to them and provide them with the information required to start planning their migration to Tomcat 8.

Daniel Mikusa

February 11, 2014
Tweet

More Decks by Daniel Mikusa

Other Decks in Technology

Transcript

  1. Agenda • Introductions • Java EE 7 • Tomcat specific

    changes • Timescales • Questions
  2. Introductions • Daniel Mikusa • Active on [email protected] • Contributing

    Author on TomcatExpert.com • Senior Technical Support Engineer at Pivotal ◦ Tomcat / tc Server ◦ Spring Framework ◦ CloudFoundry • Stuart Williams • Active on [email protected] • A committer on open source projects at Apache, Eclipse and elsewhere • Software Engineer at Pivotal ◦ Tomcat / tc Server ◦ Architect ◦ Pivotal RT project
  3. Java EE 7 • Tomcat 8 ◦ Servlet 3.1 ◦

    JSP 2.3 ◦ Expression Language 3.0 ◦ Web Sockets 1.0 ◦ Little / no demand for other Java EE 7 components in Tomcat • Web Profile Container - Apache TomEE • J2EE Container - Apache Geronimo
  4. Servlet 3.1 • Final: May 28th 2013 • New Features

    ◦ Non-blocking IO ◦ HTTP Upgrade ◦ Change session id on authentication • Improvements ◦ Protection for uncovered HTTP methods in security constraints ◦ Clarified some ambiguities ◦ Fixed some typos
  5. Change Session Id • To change the session id: ◦

    HttpServletRequest.changeSessionId() • To listen for session id changes with HttpSessionIdListener • Register HttpSessionIdListener with: ◦ ServletContext.addListener(..) ◦ @WebListener public class CustomHttpSessionIdListener implements HttpSessionIdListener { public void sessionIdChanged(HttpSessionEvent event, String oldSessionId) { …. } }
  6. Uncovered HTTP Methods • When defining security constraints, it’s possible

    to list specific HTTP methods covered by the security constraint ◦ <http-method> ◦ <http-method-omission> • A method is “uncovered” when… ◦ One or more methods are listed with <http-method>, any method not listed is “uncovered” ◦ One or more methods are listed with <http-method-omission>, every method list is “uncovered” • If no methods are specifically listed then all methods are protected
  7. Uncovered HTTP Methods: Ex 1 <security-constraint> <web-resource-collection> <web-resource-name>wholesale</web-resource-name> <url-pattern>/acme/wholesale/*</url-pattern> <http-method>GET</http-method>

    </web-resource-collection> <auth-constraint> <role-name>SALESCLERK</role-name> </auth-constraint> </security-constraint> Only GET is covered
  8. Uncovered HTTP Methods: Ex 2 @ServletSecurity((httpMethodConstraints = { @HttpMethodConstraint(value =

    "GET", rolesAllowed = "R1"), @HttpMethodConstraint(value = "POST", rolesAllowed = "R1", transportGuarantee = TransportGuarantee.CONFIDENTIAL) }) public class Example5 extends HttpServlet { …. } Only GET & POST are covered
  9. JSP 2.3 • Final: June 12th 2013 • There is

    no JSP Expert Group • JSP 2.3 is a maintenance release • Changes ◦ Requires Servlet 3.1, EL 3.0 & Java 7 ◦ JSP must render identical response for GET, POST & HEAD; all other methods are undefined
  10. EL 3.0 • Final: Final May 22nd 2013 • Significant

    Changes • New Features ◦ Access to static fields, methods & constructors ◦ Assignment operator ◦ Semi-colon operator (chain multiple commands) ◦ String concatenation operator ◦ New Collections API, including dynamic construction of collections & the stream method and the collection pipeline ◦ Lambda Expressions • Incompatibilities ◦ Default coercion for nulls to non-primitive types, except Strings, return null. Ex: null -> Boolean returns null, but null -> boolean returns false.
  11. WebSocket 1.0 • Final: May 22nd 2013 • Tomcat 7

    has supported WebSockets for a while (different API) • Tomcat 8 implements new API • Tomcat 7 has been upgraded to support new API (as of Tomcat 7.0.43) • Both implement client & server APIs
  12. WebSocket 1.0 • Additional Features ◦ Encoding / decoding (lots

    of debate here) ◦ Annotations • Differences ◦ Tomcat 7’s implementation is blocking within a Frame ◦ WebSocket 1.0 is non-blocking although some writes do block • Non-blocking ◦ Works with the BIO connector but obviously is not really non-blocking ◦ Fundamentally changes the API
  13. Bidirectional messages WebSocket Handshake GET /path HTTP/1.1 Upgrade: websocket Connection:

    Upgrade ... HTTP/1.1 101 Switching Protocols Upgrade: websocket Connection: Upgrade ... Initiate close (close control frame) Respond to close (close control frame)
  14. Tomcat Specific Changes • Resources ◦ Aliases ◦ VirtualDirContext /

    VirtualWebappLoader ◦ External repositories for the WebappClassLoader ◦ Servlet 3.0 resource JARS • Tomcat 7 implements each of these slightly differently ◦ Very fragile ◦ Servlet 3.1 overlays would have been difficult • New resources implementation ◦ Much cleaner implementation ◦ Overlays now simpler to implement (but have been dropped from Servlet 3.1)
  15. Resources • Ordering ◦ Pre Resources ◦ Main Resources (i.e.

    the docBase for a context) ◦ Jar Resources ◦ Post Resources • Types ◦ DirResourceSet - a directory ◦ FileResourceSet - a single file ◦ JarResourceSet - a JAR file • General recommendation is avoid using directly as this is Tomcat specific
  16. Resources <?xml version='1.0' encoding='utf-8'?> <Context> <Resources> <PreResources className="org.apache.catalina.webresources. FileResourceSet" base="/app/files/special.txt"

    webAppMount="/static/special. txt" /> <PostResources className="org.apache.catalina.webresources. DirResourceSet" base="/app/files/static" webAppMount="/static" /> </Resources> </Context>
  17. RewriteValve • Rewrite Valve implements URL rewrite functionality in a

    way that is very similar to mod_rewrite from Apache HTTPD Server • Valve can be added in two locations ◦ added in <Host> block. Configuration is in conf/Catalina/localhost/rewrite.config. ◦ added in Web App’s Context. Configuration is in WEB-INF/rewrite. config. • Configuration Syntax: RewriteCond TestString CondPattern • Examples: ◦ RewriteCond %{REMOTE_HOST} ^host1.* [OR] ◦ RewriteCond %{REMOTE_HOST} ^host2.* [OR] ◦ RewriteCond %{REMOTE_HOST} ^host3.* ◦ RewriteRule ...some special stuff for any of these hosts...
  18. Tomcat Specific Changes (cont.) • Requires Java 7 or later

    • NIO connector is now the default • Additional diagnostic information in the Manager ◦ SSL ciphers ◦ May be back-ported to Tomcat 7 • DBCP2 is now the default (supports JDBC 4.1) ◦ DBCP & Tomcat jdbc-pool still included as well • Unclosed InputStream Tracking ◦ logs InputStreams from WebResources that haven’t been closed ◦ removes need for anti-jar locking and extracting files to work directory
  19. Timescales • Java EE 7 Final has shipped • Tomcat

    8.0 ◦ 8.0.1 (beta) is available ◦ 8.0.3 (beta) is being voted on as of 2/9/2014 ◦ Implementations of Servlet 3.1, JSP 2.3, EL 3.0 & WebSocket 1.0 is complete ◦ Code is not ready for production usage, currently deemed beta quality ◦ This release has been quick. Past experience shows an alpha release will hit six to nine months after initial alpha release (Feb - May 2014). Beta release is already available. This is due to great community usage and feedback.
  20. Learn More. Stay Connected. • Demo Code: github.com/swilliams-pivotal/s2gx-tomcat github.com/dmikusa-pivotal/tomcat-8-features •

    Website: tomcat.apache.org • Download: tomcat.apache.org/download-80.cgi • Documentation: tomcat.apache.org/tomcat-8.0-doc/index.html • Migration Guide: tomcat.apache.org/migration.html • Mailing Lists: tomcat.apache.org/lists.html • Find Session replays on YouTube: spring.io/video