SlideShare ist ein Scribd-Unternehmen logo

Tomcat New Evolution

Als PPT, PDF herunterladen
Allan Huang
Allan Huang
Technologie
1 von 44
Tomcat New Evolution Allan Huang @ esobi Inc.
Agenda   Tomcat 6 New Features Tomcat 7 New Features
Tomcat Versions     Tomcat 5.5.36 was released on 2012-10-10 Tomcat 6.0.37 was released on 2013-05-03 Tomcat 7.0.42 was released on 2013-07-05 Tomcat 8.0.0-RC3 is developing currently
Tomcat 6
Tomcat 6 Basis    Need Java 1.5 or further version Servlet 2.5, EL 2.1, JSP 2.1, and JSR 250 (Common Annotation) support Restructured code base     Merge the common, shared, and server repositories into a single folder, "$CATALINA_HOME/lib" Reduced duplicate code Removed obsolete items Reduced distribution size
Memory Leak Causes  Web application calls standard Java APIs that will cause memory leaks       Use Javax.imageio API, java.bean.introspector.flushCaches(), XML parsing, RMI, reading resources from jar files. JDBC drivers registration Some logging framework Storing objects in ThreadLocals and not removing them Starting threads and not stopping them Not clear ResourceBundle cache (from Java 1.6)
Tomcat Class Loaders
Tomcat 6 New Features (1)   Ensure nothing retains a reference to the web application class loader to prevent OutOfMemoryError. Memory Leak Prevention  By making sure that Tomcat code makes the calls firstly, the memory leaks are prevented.   JreMemoryLeakPreventionListener Memory Leak Detection  When a web application is stopped, undeployed or reloaded, Tomcat scans the code for standard causes of memory leaks, and fixes them.  Implemented in the WebappClassLoader
Memory Leak Protection in Tomcat  Development mode     Classes are stored in PermGen using class name Each web application has its own class loader Fix some of the common causes of Memory Leaks from the PermGen space by removing references to objects that don't get Garbage Collected Production mode  It is a good practice to stop Tomcat, clear the work folder and the old web application, deploy the new web application and restart Tomcat.
Cross-Site Request Forgery
Tomcat 6 New Features (2)  CSRF Protection    Cross-Site Request Forgery / One-Click Attack / Session Riding Malicious code runs in HTML emails, social media links or flash files, riding on the open authenticated session, it opens a back door to the application for the attacker to cripple a site or control the users account. Use a nonce / token issued in an authentication protocol to ensure that old communications cannot be reused in replay CSRF attacks.  CsrfPreventionFilter
Session Fixation
Tomcat 6 New Features (3)  Session Fixation Protection    Attacks attempt to exploit the vulnerability of a system which allows one person to fixate (set) another person's session ID Most attacks are web based, and most rely on session ID being accepted from URLs (query string) or POST data Identity Confirmation  This attack can be largely avoided by changing the session ID when users log in.
Tomcat 6 New Features (4)   A new NIO (New I/O) Connector allows asynchronous communication of low-level I/O data. With usage of APR (Apache Portable Runtime) or NIO APIs as the basis of its connectors, Tomcat is able to provide a number of extensions over the regular blocking IO as provided with support for the Servlet API. I/O New I/O Stream Oriented Buffer Oriented Blocking I/O Non-Blocking I/O Selectors
I/O vs. New I/O I/O New I/O
NIO Connector
Tomcat Connector Comparison Java Blocking Connector Java Non-Blocking Connector APR / Native Connector Class Name Http11Protocol Http11NioProtocol Http11AprProtocol Tomcat Version 3.x onwards 6.x onwards 5.5.x onwards Support Polling NO YES YES Polling Size N/A maxConnections maxConnections Read HTTP Request Blocking Non Blocking Blocking Read HTTP Body Blocking Sim Blocking Blocking Write HTTP Response Blocking Sim Blocking Blocking Wait for next Request Blocking Non Blocking Non Blocking SSL Support Java SSL Java SSL OpenSSL SSL Handshake Blocking Non Blocking Blocking Max Connections maxConnections maxConnections maxConnections
Tomcat 6 New Features (5)  Comet Support     Comet is a web application model in which a long-held HTTP request allows a web server to push data to a browser, without the browser explicitly requesting it. Ajax Push, Reverse Ajax, Two-way-web, HTTP Streaming, HTTP Server Push Usage of Comet requires using the APR or NIO HTTP connectors. The classic java.io HTTP connector and the AJP connectors do not support Comet.
Comet Implementation  Streaming (Tomcat Implementation)   An application using streaming Comet opens a single persistent connection from the client browser to the server for all Comet events. Long Polling  The browser makes an Ajax-style request to the server, which is kept open until the server has new data to send to the browser.
Comet Application Model
Comet Example Client-Side Server-Side
Tomcat 6 New Features (6)  The new Executor element represents a thread pool that can be shared between connectors in Tomcat, but also other components when those get configured to support executors.
Tomcat 6 New Features (7)    A limitation of java.util.logging appears to be the inability to have per-web application logging, as the configuration is per-VM. Replace the default LogManager implementation with a container friendly implementation called JULI (Java Utility Logging Implementation) Use tomcat-juli.jar to allows the implementation of an alternate commonslogging adaptor such as Log4J.
Tomcat 6 New Features (8)   Tomcat provides factories for Web Services JSR 109 which may be used to resolve web services references. Place the generated catalina-ws.jar as well as jaxrpc.jar and wsdl4j.jar in the Tomcat lib folder.
Web Service Architecture
Tomcat 6 New Features (9)  Changes to the configuration rules allow users to define multiple URL-pattern elements within a single servlet-mapping element.
Tomcat 6 New Features (10)  Common Annotations Support          @HandlesTypes @HttpConstraint @HttpMethodConstraint @MultipartConfig @ServletSecurity @WebFilter @WebInitParam @WebListener @WebServlet
Single Server Problems     A single server cannot handle the high number of incoming requests efficiently. A stateful application needs a way of preserving session data if its server fails. A developer requires the capability to make configuration changes or deploy updates to their applications without discontinuing service. A clustered architecture solves these problems using a combination of load balancing, multiple servers to process the balanced load, and some kind of session replication.
Tomcat 6 New Features (11)  HA (High Availability) – Load Balance     Static content is served directly by Apache HTTP server and any dynamic requests forwarded to the Tomcat servers based on some algorithm. JK 1.2.x native connector Apache HTTP Server 2.x with mod_proxy HA (High Availability) – Fail-over Solution   If the load balancer detects that one of the nodes has gone down it will redirect all the traffic to the second instance and your clients, apart from any on the failed node. Tomcat Session Replication
Tomcat Clustering
Apache + Tomcat + MySQL
Tomcat 7
Tomcat 7 Basis      Need Java 1.6 or further version Servlet 3.0, EL 2.2, and JSP 2.2, WebSocket RFC 6455 support Improved security for the Manager and Host Manager applications Offers tomcat-api.jar which contains interfaces that are shared by the Jasper and Catalina Provides improved configurability through newly added container components
Tomcat 7 New Features (1)   A Web application might need static resources that increases the size of the war file and also leads to duplication of static resources. Allows a new aliases attribute in the context element that can point to the static resources are stored outside the war file.
Tomcat 7 New Features (2)  WebSocket Support   WebSocket developed as part of the HTML5 initiative — introduced the WebSocket JavaScript interface, which defines a full-duplex single socket connection over which messages can be sent between client and server. The WebSocket standard simplifies much of the complexity around bi-directional web communication and connection management.
WebSocket Structure
WebSocket Example Client-Side Server-Side
Tomcat 7 New Features (3)   Tomcat can be embedded in an application and it can be configured and started programmatically. A new Tomcat class uses defaults for several configuration elements and provides an easier and simpler way to embed Tomcat.
Embedded Tomcat Example
Tomcat 7 New Features (4)    AsyncFileHandler employs a producer/consumer relationship with the queue to store log messages. Replace all occurrences of FileHandler with AsyncFileHandler in the "$CATALINA_HOME/conf/logging.properties" file. The application must use java.util.Logging; asynchronous logging does not work with Log4j.
AsynFileHandler Class Diagram
Reference (1)         Apache Tomcat - Which Version Do I Want? Memory Leak Protection in Tomcat 7 Tomcat Wiki – Memory Leak Protection Cross-site Request Forgery Session Fixation Wikipedia The Top 3 Apache Tomcat 7 features now Available in A Tomcat 6 – New Features, Migration, and Tomcat 7 Java NIO vs. IO
Reference (2)          Comet (programming) Wikipedia Apache Tomcat Configuration Reference - The Executor (thread pool) A Simple Guide To Tomcat Logging Setting up Clustering on Apache/Tomcat using Jakarta mod_jk Top 7 Features in Tomcat 7: The New and the Improved What’s New in Tomcat 7 Tomcat 7 Changes And New Features HTML5 WebSocket Client WebSocket Wikipedia
Q&A

Empfohlen

Apache Tomcat 7 by Filip Hanik
Apache Tomcat 7 by Filip HanikApache Tomcat 7 by Filip Hanik
Apache Tomcat 7 by Filip Hanik
Edgar Espina
 
Hacking Tomcat
Hacking TomcatHacking Tomcat
Hacking Tomcat
guestc27cd9
 
Introduction to Apache Tomcat 7 Presentation
Introduction to Apache Tomcat 7 PresentationIntroduction to Apache Tomcat 7 Presentation
Introduction to Apache Tomcat 7 Presentation
Tomcat Expert
 
Tomcat Clustering
Tomcat ClusteringTomcat Clustering
Tomcat Clustering
gouthamrv
 
Tomcat Optimisation & Performance Tuning
Tomcat Optimisation & Performance TuningTomcat Optimisation & Performance Tuning
Tomcat Optimisation & Performance Tuning
lovingprince58
 
Auxiliary : Tomcat
Auxiliary : TomcatAuxiliary : Tomcat
Auxiliary : Tomcat
webhostingguy
 
Tomcat next
Tomcat nextTomcat next
Tomcat next
Jean-Frederic Clere
 
Servlet 3.1
Servlet 3.1Servlet 3.1
Servlet 3.1
Arun Gupta
 

Empfohlen

Apache Tomcat 7 by Filip Hanik
Apache Tomcat 7 by Filip HanikApache Tomcat 7 by Filip Hanik
Apache Tomcat 7 by Filip Hanik
Edgar Espina
 
Hacking Tomcat
Hacking TomcatHacking Tomcat
Hacking Tomcat
guestc27cd9
 
Introduction to Apache Tomcat 7 Presentation
Introduction to Apache Tomcat 7 PresentationIntroduction to Apache Tomcat 7 Presentation
Introduction to Apache Tomcat 7 Presentation
Tomcat Expert
 
Tomcat Clustering
Tomcat ClusteringTomcat Clustering
Tomcat Clustering
gouthamrv
 
Tomcat Optimisation & Performance Tuning
Tomcat Optimisation & Performance TuningTomcat Optimisation & Performance Tuning
Tomcat Optimisation & Performance Tuning
lovingprince58
 
Auxiliary : Tomcat
Auxiliary : TomcatAuxiliary : Tomcat
Auxiliary : Tomcat
webhostingguy
 
Tomcat next
Tomcat nextTomcat next
Tomcat next
Jean-Frederic Clere
 
Servlet 3.1
Servlet 3.1Servlet 3.1
Servlet 3.1
Arun Gupta
 
Tomcat and apache httpd training
Tomcat and apache httpd trainingTomcat and apache httpd training
Tomcat and apache httpd training
Franck SIMON
 
Tomcat server
Tomcat server Tomcat server
Tomcat server
Utkarsh Agarwal
 
25 Apache Performance Tips
25 Apache Performance Tips25 Apache Performance Tips
25 Apache Performance Tips
Monitis_Inc
 
Tomcat Configuration (1)
Tomcat Configuration (1)Tomcat Configuration (1)
Tomcat Configuration (1)
nazeer pasha
 
Apache Tomcat 8 Application Server
Apache Tomcat 8 Application ServerApache Tomcat 8 Application Server
Apache Tomcat 8 Application Server
mohamedmoharam
 
Tomcat
TomcatTomcat
Tomcat
Venkat Pinagadi
 
Apache TomEE - Tomcat with a kick
Apache TomEE - Tomcat with a kickApache TomEE - Tomcat with a kick
Apache TomEE - Tomcat with a kick
Vishwanath Krishnamurthi
 
Tomcat Server
Tomcat ServerTomcat Server
Tomcat Server
Anirban Majumdar
 
Jetty Vs Tomcat
Jetty Vs TomcatJetty Vs Tomcat
Jetty Vs Tomcat
Tomoaki Sawada
 
Apache Performance Tuning: Scaling Out
Apache Performance Tuning: Scaling OutApache Performance Tuning: Scaling Out
Apache Performance Tuning: Scaling Out
Sander Temme
 
Apache tomcat
Apache tomcatApache tomcat
Apache tomcat
Shashwat Shriparv
 
Introduction of Tomcat
Introduction of TomcatIntroduction of Tomcat
Introduction of Tomcat
Debashis Nath
 
Web container and Apache Tomcat
Web container and Apache TomcatWeb container and Apache Tomcat
Web container and Apache Tomcat
Auwal Amshi
 
How to monitor and manage Apache Tomcat
How to monitor and manage Apache TomcatHow to monitor and manage Apache Tomcat
How to monitor and manage Apache Tomcat
Egnyte
 
Apache Tomcat + Java EE = Apache TomEE
Apache Tomcat + Java EE = Apache TomEEApache Tomcat + Java EE = Apache TomEE
Apache Tomcat + Java EE = Apache TomEE
Jacek Laskowski
 
Changes in WebLogic 12.1.3 Every Administrator Must Know
Changes in WebLogic 12.1.3 Every Administrator Must KnowChanges in WebLogic 12.1.3 Every Administrator Must Know
Changes in WebLogic 12.1.3 Every Administrator Must Know
Bruno Borges
 
Introduction to-osgi
Introduction to-osgiIntroduction to-osgi
Introduction to-osgi
Ioannis Canellos
 
Advanced WebLogic Monitoring: JMX and WLSDM Automation
Advanced WebLogic Monitoring: JMX and WLSDM AutomationAdvanced WebLogic Monitoring: JMX and WLSDM Automation
Advanced WebLogic Monitoring: JMX and WLSDM Automation
M. Fevzi Korkutata
 
Shopzilla On Concurrency
Shopzilla On ConcurrencyShopzilla On Concurrency
Shopzilla On Concurrency
Rodney Barlow
 
Exploring Java Heap Dumps (Oracle Code One 2018)
Exploring Java Heap Dumps (Oracle Code One 2018)Exploring Java Heap Dumps (Oracle Code One 2018)
Exploring Java Heap Dumps (Oracle Code One 2018)
Ryan Cuprak
 
Case study - Application Re architecture (ODC)
Case study - Application Re architecture (ODC)Case study - Application Re architecture (ODC)
Case study - Application Re architecture (ODC)
Faichi Solutions
 
Websockets on the JVM: Atmosphere to the rescue!
Websockets on the JVM: Atmosphere to the rescue!Websockets on the JVM: Atmosphere to the rescue!
Websockets on the JVM: Atmosphere to the rescue!
jfarcand
 

Weitere ähnliche Inhalte

Was ist angesagt?

Apache Tomcat 8 Application Server
Apache Tomcat 8 Application ServerApache Tomcat 8 Application Server
Apache Tomcat 8 Application Server
mohamedmoharam
 
Apache Tomcat + Java EE = Apache TomEE
Apache Tomcat + Java EE = Apache TomEEApache Tomcat + Java EE = Apache TomEE
Apache Tomcat + Java EE = Apache TomEE
Jacek Laskowski
 

Was ist angesagt? (20)

Tomcat and apache httpd training
Tomcat and apache httpd trainingTomcat and apache httpd training
Tomcat and apache httpd training
 
Tomcat server
Tomcat server Tomcat server
Tomcat server
 
25 Apache Performance Tips
25 Apache Performance Tips25 Apache Performance Tips
25 Apache Performance Tips
 
Tomcat Configuration (1)
Tomcat Configuration (1)Tomcat Configuration (1)
Tomcat Configuration (1)
 
Apache Tomcat 8 Application Server
Apache Tomcat 8 Application ServerApache Tomcat 8 Application Server
Apache Tomcat 8 Application Server
 
Tomcat
TomcatTomcat
Tomcat
 
Apache TomEE - Tomcat with a kick
Apache TomEE - Tomcat with a kickApache TomEE - Tomcat with a kick
Apache TomEE - Tomcat with a kick
 
Tomcat Server
Tomcat ServerTomcat Server
Tomcat Server
 
Jetty Vs Tomcat
Jetty Vs TomcatJetty Vs Tomcat
Jetty Vs Tomcat
 
Apache Performance Tuning: Scaling Out
Apache Performance Tuning: Scaling OutApache Performance Tuning: Scaling Out
Apache Performance Tuning: Scaling Out
 
Apache tomcat
Apache tomcatApache tomcat
Apache tomcat
 
Introduction of Tomcat
Introduction of TomcatIntroduction of Tomcat
Introduction of Tomcat
 
Web container and Apache Tomcat
Web container and Apache TomcatWeb container and Apache Tomcat
Web container and Apache Tomcat
 
How to monitor and manage Apache Tomcat
How to monitor and manage Apache TomcatHow to monitor and manage Apache Tomcat
How to monitor and manage Apache Tomcat
 
Apache Tomcat + Java EE = Apache TomEE
Apache Tomcat + Java EE = Apache TomEEApache Tomcat + Java EE = Apache TomEE
Apache Tomcat + Java EE = Apache TomEE
 
Changes in WebLogic 12.1.3 Every Administrator Must Know
Changes in WebLogic 12.1.3 Every Administrator Must KnowChanges in WebLogic 12.1.3 Every Administrator Must Know
Changes in WebLogic 12.1.3 Every Administrator Must Know
 
Introduction to-osgi
Introduction to-osgiIntroduction to-osgi
Introduction to-osgi
 
Advanced WebLogic Monitoring: JMX and WLSDM Automation
Advanced WebLogic Monitoring: JMX and WLSDM AutomationAdvanced WebLogic Monitoring: JMX and WLSDM Automation
Advanced WebLogic Monitoring: JMX and WLSDM Automation
 
Shopzilla On Concurrency
Shopzilla On ConcurrencyShopzilla On Concurrency
Shopzilla On Concurrency
 
Exploring Java Heap Dumps (Oracle Code One 2018)
Exploring Java Heap Dumps (Oracle Code One 2018)Exploring Java Heap Dumps (Oracle Code One 2018)
Exploring Java Heap Dumps (Oracle Code One 2018)
 

Andere mochten auch

Andere mochten auch (14)

Case study - Application Re architecture (ODC)
Case study - Application Re architecture (ODC)Case study - Application Re architecture (ODC)
Case study - Application Re architecture (ODC)
 
Websockets on the JVM: Atmosphere to the rescue!
Websockets on the JVM: Atmosphere to the rescue!Websockets on the JVM: Atmosphere to the rescue!
Websockets on the JVM: Atmosphere to the rescue!
 
Having fun with Raspberry and Apache projects
Having fun with Raspberry and Apache projectsHaving fun with Raspberry and Apache projects
Having fun with Raspberry and Apache projects
 
NIO and NIO2
NIO and NIO2NIO and NIO2
NIO and NIO2
 
Fastest Servlets in the West
Fastest Servlets in the WestFastest Servlets in the West
Fastest Servlets in the West
 
Ali-tomcat
Ali-tomcatAli-tomcat
Ali-tomcat
 
Tomcat openssl
Tomcat opensslTomcat openssl
Tomcat openssl
 
Async servlets
Async servletsAsync servlets
Async servlets
 
Tomcat next
Tomcat nextTomcat next
Tomcat next
 
Why Play Framework is fast
Why Play Framework is fastWhy Play Framework is fast
Why Play Framework is fast
 
Microservices Platforms - Which is Best?
Microservices Platforms - Which is Best?Microservices Platforms - Which is Best?
Microservices Platforms - Which is Best?
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017
 
Tomcatx performance-tuning
Tomcatx performance-tuningTomcatx performance-tuning
Tomcatx performance-tuning
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 

Ähnlich wie Tomcat New Evolution

20101220架構討論
20101220架構討論20101220架構討論
20101220架構討論
Kyle Lin
 
Programming Server side with Sevlet
Programming Server side with Sevlet Programming Server side with Sevlet
Programming Server side with Sevlet
backdoor
 
Web Server/App Server Connectivity
Web Server/App Server ConnectivityWeb Server/App Server Connectivity
Web Server/App Server Connectivity
webhostingguy
 
WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java DevelopersWebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
Viktor Gamov
 

Ähnlich wie Tomcat New Evolution (20)

Tomcat 6: Evolving our server
Tomcat 6: Evolving our serverTomcat 6: Evolving our server
Tomcat 6: Evolving our server
 
JavaEE6 my way
JavaEE6 my wayJavaEE6 my way
JavaEE6 my way
 
Ajp notes-chapter-06
Ajp notes-chapter-06Ajp notes-chapter-06
Ajp notes-chapter-06
 
HTTP Session Replication with Oracle Coherence, GlassFish, WebLogic
HTTP Session Replication with Oracle Coherence, GlassFish, WebLogicHTTP Session Replication with Oracle Coherence, GlassFish, WebLogic
HTTP Session Replication with Oracle Coherence, GlassFish, WebLogic
 
SpringOne Tour: Spring Boot 3 and Beyond
SpringOne Tour: Spring Boot 3 and BeyondSpringOne Tour: Spring Boot 3 and Beyond
SpringOne Tour: Spring Boot 3 and Beyond
 
Shopzilla On Concurrency
Shopzilla On ConcurrencyShopzilla On Concurrency
Shopzilla On Concurrency
 
20101220架構討論
20101220架構討論20101220架構討論
20101220架構討論
 
SERVER SIDE PROGRAMMING
SERVER SIDE PROGRAMMINGSERVER SIDE PROGRAMMING
SERVER SIDE PROGRAMMING
 
Apache tomcat
Apache tomcatApache tomcat
Apache tomcat
 
Programming Server side with Sevlet
Programming Server side with Sevlet Programming Server side with Sevlet
Programming Server side with Sevlet
 
Java servlet technology
Java servlet technologyJava servlet technology
Java servlet technology
 
UNIT-3 Servlet
UNIT-3 ServletUNIT-3 Servlet
UNIT-3 Servlet
 
S02 hybrid app_and_gae_restful_architecture_v2.0
S02 hybrid app_and_gae_restful_architecture_v2.0S02 hybrid app_and_gae_restful_architecture_v2.0
S02 hybrid app_and_gae_restful_architecture_v2.0
 
bjhbj
bjhbjbjhbj
bjhbj
 
Web Server/App Server Connectivity
Web Server/App Server ConnectivityWeb Server/App Server Connectivity
Web Server/App Server Connectivity
 
Wl application architecture3
Wl application architecture3Wl application architecture3
Wl application architecture3
 
The Top 10 Things Oracle UCM Users Need To Know About WebLogic
The Top 10 Things Oracle UCM Users Need To Know About WebLogicThe Top 10 Things Oracle UCM Users Need To Know About WebLogic
The Top 10 Things Oracle UCM Users Need To Know About WebLogic
 
WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java DevelopersWebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
 
Unit5 servlets
Unit5 servletsUnit5 servlets
Unit5 servlets
 
java Servlet technology
java Servlet technologyjava Servlet technology
java Servlet technology
 

Mehr von Allan Huang

Java JSON Parser Comparison
Java JSON Parser ComparisonJava JSON Parser Comparison
Java JSON Parser Comparison
Allan Huang
 
Netty 4-based RPC System Development
Netty 4-based RPC System DevelopmentNetty 4-based RPC System Development
Netty 4-based RPC System Development
Allan Huang
 
eSobi Website Multilayered Architecture
eSobi Website Multilayered ArchitectureeSobi Website Multilayered Architecture
eSobi Website Multilayered Architecture
Allan Huang
 
Java New Evolution
Java New EvolutionJava New Evolution
Java New Evolution
Allan Huang
 
JQuery New Evolution
JQuery New EvolutionJQuery New Evolution
JQuery New Evolution
Allan Huang
 
Responsive Web Design
Responsive Web DesignResponsive Web Design
Responsive Web Design
Allan Huang
 
Boilerpipe Integration And Improvement
Boilerpipe Integration And ImprovementBoilerpipe Integration And Improvement
Boilerpipe Integration And Improvement
Allan Huang
 
Build Cross-Platform Mobile Application with PhoneGap
Build Cross-Platform Mobile Application with PhoneGapBuild Cross-Platform Mobile Application with PhoneGap
Build Cross-Platform Mobile Application with PhoneGap
Allan Huang
 
HTML5 Multithreading
HTML5 MultithreadingHTML5 Multithreading
HTML5 Multithreading
Allan Huang
 
HTML5 Offline Web Application
HTML5 Offline Web ApplicationHTML5 Offline Web Application
HTML5 Offline Web Application
Allan Huang
 
HTML5 Data Storage
HTML5 Data StorageHTML5 Data Storage
HTML5 Data Storage
Allan Huang
 
Weighted feed recommand
Weighted feed recommandWeighted feed recommand
Weighted feed recommand
Allan Huang
 
eSobi Site Initiation
eSobi Site InitiationeSobi Site Initiation
eSobi Site Initiation
Allan Huang
 
Architecture of eSobi club based on J2EE
Architecture of eSobi club based on J2EEArchitecture of eSobi club based on J2EE
Architecture of eSobi club based on J2EE
Allan Huang
 

Mehr von Allan Huang (20)

Concurrency in Java
Concurrency in JavaConcurrency in Java
Concurrency in Java
 
Build, logging, and unit test tools
Build, logging, and unit test toolsBuild, logging, and unit test tools
Build, logging, and unit test tools
 
Drools
DroolsDrools
Drools
 
Java JSON Parser Comparison
Java JSON Parser ComparisonJava JSON Parser Comparison
Java JSON Parser Comparison
 
Netty 4-based RPC System Development
Netty 4-based RPC System DevelopmentNetty 4-based RPC System Development
Netty 4-based RPC System Development
 
eSobi Website Multilayered Architecture
eSobi Website Multilayered ArchitectureeSobi Website Multilayered Architecture
eSobi Website Multilayered Architecture
 
Java New Evolution
Java New EvolutionJava New Evolution
Java New Evolution
 
JQuery New Evolution
JQuery New EvolutionJQuery New Evolution
JQuery New Evolution
 
Responsive Web Design
Responsive Web DesignResponsive Web Design
Responsive Web Design
 
Boilerpipe Integration And Improvement
Boilerpipe Integration And ImprovementBoilerpipe Integration And Improvement
Boilerpipe Integration And Improvement
 
YQL Case Study
YQL Case StudyYQL Case Study
YQL Case Study
 
Build Cross-Platform Mobile Application with PhoneGap
Build Cross-Platform Mobile Application with PhoneGapBuild Cross-Platform Mobile Application with PhoneGap
Build Cross-Platform Mobile Application with PhoneGap
 
HTML5 Multithreading
HTML5 MultithreadingHTML5 Multithreading
HTML5 Multithreading
 
HTML5 Offline Web Application
HTML5 Offline Web ApplicationHTML5 Offline Web Application
HTML5 Offline Web Application
 
HTML5 Data Storage
HTML5 Data StorageHTML5 Data Storage
HTML5 Data Storage
 
Java Script Patterns
Java Script PatternsJava Script Patterns
Java Script Patterns
 
Weighted feed recommand
Weighted feed recommandWeighted feed recommand
Weighted feed recommand
 
Web Crawler
Web CrawlerWeb Crawler
Web Crawler
 
eSobi Site Initiation
eSobi Site InitiationeSobi Site Initiation
eSobi Site Initiation
 
Architecture of eSobi club based on J2EE
Architecture of eSobi club based on J2EEArchitecture of eSobi club based on J2EE
Architecture of eSobi club based on J2EE
 

Kürzlich hochgeladen

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Kürzlich hochgeladen (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 

Tomcat New Evolution

  • 1. Tomcat New Evolution Allan Huang @ esobi Inc.
  • 2. Agenda   Tomcat 6 New Features Tomcat 7 New Features
  • 3. Tomcat Versions     Tomcat 5.5.36 was released on 2012-10-10 Tomcat 6.0.37 was released on 2013-05-03 Tomcat 7.0.42 was released on 2013-07-05 Tomcat 8.0.0-RC3 is developing currently
  • 5. Tomcat 6 Basis    Need Java 1.5 or further version Servlet 2.5, EL 2.1, JSP 2.1, and JSR 250 (Common Annotation) support Restructured code base     Merge the common, shared, and server repositories into a single folder, "$CATALINA_HOME/lib" Reduced duplicate code Removed obsolete items Reduced distribution size
  • 6. Memory Leak Causes  Web application calls standard Java APIs that will cause memory leaks       Use Javax.imageio API, java.bean.introspector.flushCaches(), XML parsing, RMI, reading resources from jar files. JDBC drivers registration Some logging framework Storing objects in ThreadLocals and not removing them Starting threads and not stopping them Not clear ResourceBundle cache (from Java 1.6)
  • 8. Tomcat 6 New Features (1)   Ensure nothing retains a reference to the web application class loader to prevent OutOfMemoryError. Memory Leak Prevention  By making sure that Tomcat code makes the calls firstly, the memory leaks are prevented.   JreMemoryLeakPreventionListener Memory Leak Detection  When a web application is stopped, undeployed or reloaded, Tomcat scans the code for standard causes of memory leaks, and fixes them.  Implemented in the WebappClassLoader
  • 9. Memory Leak Protection in Tomcat  Development mode     Classes are stored in PermGen using class name Each web application has its own class loader Fix some of the common causes of Memory Leaks from the PermGen space by removing references to objects that don't get Garbage Collected Production mode  It is a good practice to stop Tomcat, clear the work folder and the old web application, deploy the new web application and restart Tomcat.
  • 11. Tomcat 6 New Features (2)  CSRF Protection    Cross-Site Request Forgery / One-Click Attack / Session Riding Malicious code runs in HTML emails, social media links or flash files, riding on the open authenticated session, it opens a back door to the application for the attacker to cripple a site or control the users account. Use a nonce / token issued in an authentication protocol to ensure that old communications cannot be reused in replay CSRF attacks.  CsrfPreventionFilter
  • 13. Tomcat 6 New Features (3)  Session Fixation Protection    Attacks attempt to exploit the vulnerability of a system which allows one person to fixate (set) another person's session ID Most attacks are web based, and most rely on session ID being accepted from URLs (query string) or POST data Identity Confirmation  This attack can be largely avoided by changing the session ID when users log in.
  • 14. Tomcat 6 New Features (4)   A new NIO (New I/O) Connector allows asynchronous communication of low-level I/O data. With usage of APR (Apache Portable Runtime) or NIO APIs as the basis of its connectors, Tomcat is able to provide a number of extensions over the regular blocking IO as provided with support for the Servlet API. I/O New I/O Stream Oriented Buffer Oriented Blocking I/O Non-Blocking I/O Selectors
  • 15. I/O vs. New I/O I/O New I/O
  • 17. Tomcat Connector Comparison Java Blocking Connector Java Non-Blocking Connector APR / Native Connector Class Name Http11Protocol Http11NioProtocol Http11AprProtocol Tomcat Version 3.x onwards 6.x onwards 5.5.x onwards Support Polling NO YES YES Polling Size N/A maxConnections maxConnections Read HTTP Request Blocking Non Blocking Blocking Read HTTP Body Blocking Sim Blocking Blocking Write HTTP Response Blocking Sim Blocking Blocking Wait for next Request Blocking Non Blocking Non Blocking SSL Support Java SSL Java SSL OpenSSL SSL Handshake Blocking Non Blocking Blocking Max Connections maxConnections maxConnections maxConnections
  • 18. Tomcat 6 New Features (5)  Comet Support     Comet is a web application model in which a long-held HTTP request allows a web server to push data to a browser, without the browser explicitly requesting it. Ajax Push, Reverse Ajax, Two-way-web, HTTP Streaming, HTTP Server Push Usage of Comet requires using the APR or NIO HTTP connectors. The classic java.io HTTP connector and the AJP connectors do not support Comet.
  • 19. Comet Implementation  Streaming (Tomcat Implementation)   An application using streaming Comet opens a single persistent connection from the client browser to the server for all Comet events. Long Polling  The browser makes an Ajax-style request to the server, which is kept open until the server has new data to send to the browser.
  • 22. Tomcat 6 New Features (6)  The new Executor element represents a thread pool that can be shared between connectors in Tomcat, but also other components when those get configured to support executors.
  • 23. Tomcat 6 New Features (7)    A limitation of java.util.logging appears to be the inability to have per-web application logging, as the configuration is per-VM. Replace the default LogManager implementation with a container friendly implementation called JULI (Java Utility Logging Implementation) Use tomcat-juli.jar to allows the implementation of an alternate commonslogging adaptor such as Log4J.
  • 24. Tomcat 6 New Features (8)   Tomcat provides factories for Web Services JSR 109 which may be used to resolve web services references. Place the generated catalina-ws.jar as well as jaxrpc.jar and wsdl4j.jar in the Tomcat lib folder.
  • 26. Tomcat 6 New Features (9)  Changes to the configuration rules allow users to define multiple URL-pattern elements within a single servlet-mapping element.
  • 27. Tomcat 6 New Features (10)  Common Annotations Support          @HandlesTypes @HttpConstraint @HttpMethodConstraint @MultipartConfig @ServletSecurity @WebFilter @WebInitParam @WebListener @WebServlet
  • 28. Single Server Problems     A single server cannot handle the high number of incoming requests efficiently. A stateful application needs a way of preserving session data if its server fails. A developer requires the capability to make configuration changes or deploy updates to their applications without discontinuing service. A clustered architecture solves these problems using a combination of load balancing, multiple servers to process the balanced load, and some kind of session replication.
  • 29. Tomcat 6 New Features (11)  HA (High Availability) – Load Balance     Static content is served directly by Apache HTTP server and any dynamic requests forwarded to the Tomcat servers based on some algorithm. JK 1.2.x native connector Apache HTTP Server 2.x with mod_proxy HA (High Availability) – Fail-over Solution   If the load balancer detects that one of the nodes has gone down it will redirect all the traffic to the second instance and your clients, apart from any on the failed node. Tomcat Session Replication
  • 31. Apache + Tomcat + MySQL
  • 33. Tomcat 7 Basis      Need Java 1.6 or further version Servlet 3.0, EL 2.2, and JSP 2.2, WebSocket RFC 6455 support Improved security for the Manager and Host Manager applications Offers tomcat-api.jar which contains interfaces that are shared by the Jasper and Catalina Provides improved configurability through newly added container components
  • 34. Tomcat 7 New Features (1)   A Web application might need static resources that increases the size of the war file and also leads to duplication of static resources. Allows a new aliases attribute in the context element that can point to the static resources are stored outside the war file.
  • 35. Tomcat 7 New Features (2)  WebSocket Support   WebSocket developed as part of the HTML5 initiative — introduced the WebSocket JavaScript interface, which defines a full-duplex single socket connection over which messages can be sent between client and server. The WebSocket standard simplifies much of the complexity around bi-directional web communication and connection management.
  • 38. Tomcat 7 New Features (3)   Tomcat can be embedded in an application and it can be configured and started programmatically. A new Tomcat class uses defaults for several configuration elements and provides an easier and simpler way to embed Tomcat.
  • 40. Tomcat 7 New Features (4)    AsyncFileHandler employs a producer/consumer relationship with the queue to store log messages. Replace all occurrences of FileHandler with AsyncFileHandler in the "$CATALINA_HOME/conf/logging.properties" file. The application must use java.util.Logging; asynchronous logging does not work with Log4j.
  • 42. Reference (1)         Apache Tomcat - Which Version Do I Want? Memory Leak Protection in Tomcat 7 Tomcat Wiki – Memory Leak Protection Cross-site Request Forgery Session Fixation Wikipedia The Top 3 Apache Tomcat 7 features now Available in A Tomcat 6 – New Features, Migration, and Tomcat 7 Java NIO vs. IO
  • 43. Reference (2)          Comet (programming) Wikipedia Apache Tomcat Configuration Reference - The Executor (thread pool) A Simple Guide To Tomcat Logging Setting up Clustering on Apache/Tomcat using Jakarta mod_jk Top 7 Features in Tomcat 7: The New and the Improved What’s New in Tomcat 7 Tomcat 7 Changes And New Features HTML5 WebSocket Client WebSocket Wikipedia
  • 44. Q&A