Tomcat: The Definitive Guide, 2nd Edition

Book description

It takes a book as versatile as its subject to cover Apache Tomcat, the popular open source Servlet and JSP container and high performance web server. Tomcat: The Definitive Guide is a valuable reference for administrators and webmasters, a useful guide for programmers who want to use Tomcat as their web application server during development or in production, and an excellent introduction for anyone interested in Tomcat. Updated for the latest version of Tomcat, this new edition offers a complete guide to installing, configuring, maintaining and securing this servlet container. In fact, with such a wealth of new information, this is essentially a new book rather than a simple revision. You will find details for using Tomcat on all major platforms, including Windows, Linux, OS X, Solaris, and FreeBSD, along with specifics on Tomcat configuration files, and step-by-step advice for deploying and running web applications. This book offers complete information for:

  • Installation and startup procedures

  • Configuring Tomcat-including realms, roles, users, servlet sessions, and JNDI resources including JDBC DataSources

  • Deploying web applications-individual servlets and JSP pages, and web application archive files

  • Tuning Tomcat to measure and improve performance

  • Integrating Tomcat with Apache Web Server

  • Securing Tomcat to keep online thugs at bay

  • Tomcat configuration files-server.xml and web.xml, and more

  • Debugging and Troubleshooting-diagnosing problems with Tomcat or a web application

  • Compiling your own Tomcat, rather than using the pre-built release

  • Running two or more Tomcat servlet containers in parallel

This book also offers an overview of the Tomcat open source project's community resources, including docs, mailing lists, and more. Community interest fueled a strong demand for a Tomcat guide from O'Reilly. The result clearly exceeds expectations.

Table of contents

  1. Tomcat: The Definitive Guide
    1. A Note Regarding Supplemental Files
    2. Preface
      1. What's This Book About?
      2. Why an Entire Book on Tomcat?
      3. Who This Book Is For
      4. Conventions Used in This Book
      5. Using Code Examples
      6. We'd Like to Hear from You
      7. Safari® Books Online
      8. Acknowledgments
        1. Jason Brittain's Acknowledgments
        2. Ian Darwin's Acknowledgments
    3. 1. Getting Started with Tomcat
      1. Installing Tomcat
        1. Installing Tomcat on Linux
          1. Installing Tomcat from an Apache multiplatform binary release
          2. Installing Tomcat from this book's Linux RPM packages
          3. Installing Tomcat from the JPackage.org Linux RPM packages
        2. Installing Tomcat on Solaris
        3. Installing Tomcat on Windows
        4. Installing Tomcat on Mac OS X
        5. Installing Tomcat on FreeBSD
      2. Starting, Stopping, and Restarting Tomcat
        1. Starting Up and Shutting Down
          1. Environment variables
          2. Starting and stopping: The general case
          3. Starting and stopping on Linux
          4. Starting and stopping on Solaris
          5. Starting and stopping on Windows
          6. Starting and stopping on Mac OS X
          7. Starting and stopping on FreeBSD
        2. Common Errors
        3. Restarting Tomcat
          1. The general case
          2. Restarting Tomcat on Linux
          3. Restarting Tomcat on Solaris
          4. Restarting the Tomcat Windows Service
          5. Restarting Tomcat on Mac OS X
          6. Restarting Tomcat on FreeBSD
      3. Automatic Startup
        1. Automatic Startup on Linux
        2. Automatic Startup on Solaris
        3. Automatic Startup on Windows
        4. Automatic Startup on Mac OS X
        5. Automatic Startup on FreeBSD
      4. Testing Your Tomcat Installation
      5. Where Did Tomcat Come From?
    4. 2. Configuring Tomcat
      1. A Word About Using the Apache Web Server
      2. Relocating the Web Applications Directory
      3. Changing the Port Number from 8080
        1. Relaying Port 80 TCP Connections to Port 8080
        2. Running Tomcat on Port 80 via a Service Wrapper
        3. Common Errors
      4. Java VM Configuration
      5. Changing the JSP Compiler
      6. Managing Realms, Roles, and Users
        1. Realms
          1. UserDatabaseRealm
          2. JDBCRealm
          3. JNDIRealm
          4. JAASRealm
        2. Container-Managed Security
          1. Basic authentication
          2. Digest authentication
          3. Form authentication
          4. Client-cert authentication
        3. Single Sign-on
      7. Controlling Sessions
        1. Session Persistence
          1. StandardManager
          2. PersistentManager
          3. Using FileStore for storing sessions
          4. Using JDBCStore for storing sessions
      8. Accessing JNDI and JDBC Resources
        1. JDBC DataSources
        2. Other JNDI Resources
      9. Servlet Auto-Reloading
      10. Customized User Directories
      11. Tomcat Example Applications
      12. Common Gateway Interface (CGI)
      13. The Tomcat Admin Webapp
    5. 3. Deploying Servlet and JSP Web Applications in Tomcat
        1. Hosts
        2. The Host Manager Webapp
      1. Layout of a Web Application
        1. Deploying Servlets and JavaServer Pages
      2. Deploying an Unpacked Webapp Directory
        1. server.xml Context Deployment
        2. Context XML Fragment File Deployment
      3. Deploying a WAR File
        1. server.xml Context Deployment
        2. Context XML Fragment File Deployment
      4. Hot Deployment
      5. Working with WAR Files
      6. The Manager Webapp
      7. Automation with Apache Ant
        1. Building a JAR/WAR
        2. Deployment via Ant
          1. Copying the WAR file or webapp directory
          2. Accessing the Manager webapp
          3. The Tomcat standalone deployer
          4. The scp Ant Task
        3. Common Errors
          1. XML in property files
          2. FileNotFoundExceptions
      8. Symbolic Links
    6. 4. Tomcat Performance Tuning
      1. Measuring Web Server Performance
        1. Load-Testing Tools
          1. ab: The Apache benchmark tool
          2. Siege
          3. Apache Jakarta JMeter
        2. Web Server Performance Comparison
          1. Tomcat connectors and Apache httpd connector modules
          2. Benchmarked hardware and software configurations
          3. Benchmark procedure
          4. Benchmark results and summary
          5. What else we could have benchmarked
      2. External Tuning
        1. JVM Performance
        2. Operating System Performance
      3. Internal Tuning
        1. Disabling DNS Lookups
        2. Adjusting the Number of Threads
        3. Speeding Up JSPs
          1. Precompiling JSPs by requesting them
          2. Precompiling JSPs at webapp start time
          3. Precompiling JSPs at build time using JspC
      4. Capacity Planning
        1. Anecdotal Capacity Planning
        2. Enterprise Capacity Planning
        3. Capacity Planning on Tomcat
      5. Additional Resources
    7. 5. Integration with the Apache Web Server
      1. The Pros and Cons of Integration
        1. Running Tomcat Standalone
          1. It's easier to set up
          2. No web server connector module to worry about
          3. Tomcat standalone is faster than Apache httpd proxying requests to Tomcat
          4. Potential for better security
          5. Ease of migration
          6. Ease of upgrades
          7. Tomcat has less supporting software
          8. Fewer people who know Tomcat's web server
          9. Fewer web server features
        2. Running Tomcat with Apache httpd
          1. Tomcat's web server is faster than Apache httpd
          2. More support software
          3. Faster startup and shutdown times
          4. More difficult to set up
          5. Tomcat dynamic content slowdown
          6. Potential for additional security holes
          7. More complicated upgrades
      2. Installing Apache httpd
      3. Apache Integration with Tomcat
        1. Sharing the Load Using Separate Port Numbers
          1. Apache httpd is oblivious to Tomcat security
          2. Twice the web servers to tune, maintain, and secure
          3. Awkward user experience and splintered logging
          4. Troublesome double authentication
        2. Proxying from Apache httpd to Tomcat
        3. Setting Up Apache httpd
        4. Setting Up Tomcat
        5. Verify That Proxying Works
        6. Disadvantages
          1. Apache httpd slows Tomcat's response time
          2. Twice the web servers to tune, maintain, and secure
          3. Troublesome dual authentication
          4. See also
        7. Proxying from Tomcat to Apache httpd
        8. Using the mod_jk Connector
          1. Using binary releases
          2. Compiling mod_jk
          3. Starting up the integrated servers
          4. workers.properties
      4. Tomcat Serving HTTP over the APR Connector
        1. Installing APR
          1. Using binary releases
          2. Compiling and installing APR
        2. Building and Installing the APR Connector
        3. Configuring Tomcat to Use the APR Connector
    8. 6. Tomcat Security
      1. Securing the System
        1. Operating System Security Forums
        2. Configuring Your Network
      2. Multiple Server Security Models
      3. Using the SecurityManager
      4. Granting File Permissions
      5. Setting Up a Tomcat chroot Jail
        1. Setting Up a chroot Jail
        2. Using a Non-Root User in the chroot Jail
      6. Filtering Bad User Input
        1. Vulnerabilities
          1. Cross site scripting
          2. HTML injection
          3. SQL injection
          4. Command injection
        2. HTTP Request Filtering
          1. Installing the BadInputValve
          2. Installing the BadInputFilter
          3. See also
      7. Securing Tomcat with SSL
        1. Generating a Self-Signed Server Certificate
        2. Requesting and Installing a Commercial Certificate
        3. Setting Up an SSL Connector for Tomcat
          1. Configuring the JIO connector for SSL
          2. Configuring the APR connector for SSL
          3. Configuring the NIO connector for SSL
        4. Client Certificates
    9. 7. Configuration
      1. server.xml
        1. Server
        2. Service
        3. Executor
        4. Connector
        5. Engine
        6. Host
          1. Virtual hosting
          2. Alias
        7. Context
        8. Realm
        9. GlobalNamingResources
          1. Environment
          2. Resource
          3. ResourceEnvRef
        10. WatchedResource
        11. Listener
        12. Loader
        13. Manager
        14. Stores
        15. Resources
        16. Valve
          1. Controlling access logs with an access log valve
          2. RemoteHostValve and RemoteAddrValve
          3. Limiting request concurrency with SemaphoreValve
        17. Transaction
        18. Cluster
          1. Channel
          2. Membership
          3. Sender
          4. Transport
          5. Receiver
          6. Interceptor
          7. Member
          8. Deployer
          9. ClusterListener
        19. Migrating from Older Versions of Tomcat
          1. Migrating from 4.1 to 5.0
          2. Migrating from 5.0 to 5.5
          3. Migrating from 5.5 to 6.0
      2. web.xml
        1. web-app
        2. icon, display-name, and description
        3. distributable
        4. context-param
        5. filter and filter-mapping
        6. listener
        7. servlet
        8. servlet-mapping
        9. session-config
        10. mime-mapping
        11. welcome-file-list
        12. error-page
        13. jsp-config and taglib
        14. resource-env-ref
        15. resource-ref
          1. See also
        16. security-constraint
          1. See also
        17. login-config
          1. See also
        18. security-role
        19. env-entry
          1. See also
        20. ejb-ref and ejb-local-ref
        21. service-ref
        22. message-destination-ref
        23. message-destination
        24. locale-encoding-mapping-list
      3. tomcat-users.xml
      4. catalina.policy
      5. catalina.properties
      6. context.xml
    10. 8. Debugging and Troubleshooting
      1. Reading Logfiles
      2. Hunting for Errors
      3. URLs and the HTTP Conversation
        1. HTTP Requests
        2. Response Codes and Headers
        3. Interacting with HTTP
      4. Debugging with RequestDumperValve
      5. When Tomcat Won't Shut Down
    11. 9. Building Tomcat from Source
      1. Installing Apache Ant
      2. Obtaining the Source
        1. Downloading Source Code
        2. Obtaining Source Code from Apache's Subversion Repository
      3. Downloading Support Libraries
      4. Building Tomcat
    12. 10. Tomcat Clustering
      1. Clustering Terms
      2. The Communication Sequence of an HTTP Request
        1. DNS Request Distribution
        2. TCP NAT Request Distribution
        3. mod_proxy Load Balancing and Failover
      3. Distributed Java Servlet Containers
          1. Servlet sessions
          2. Session affinity
          3. Replicated sessions
      4. Tomcat 6 Clustering Implementation
        1. Features
        2. Configuring and Testing IP Multicast
        3. Configuring All-to-All Replication
        4. Testing Session Replication
        5. Configuring Static Membership
        6. Configuring Primary/Backup Replication
      5. JDBC Request Distribution and Failover
      6. Additional Resources
    13. 11. Final Words
      1. Supplemental Resources
        1. Online Documentation That Shipped with Tomcat
        2. The Apache Tomcat Web Documentation
        3. The Apache Tomcat Mailing List Archives
        4. Web Sites Related to This Book
        5. Third-Party Web Sites About Tomcat
        6. The #tomcat IRC Channel
        7. The Apache Tomcat Mailing Lists
      2. Community
    14. A. Installing Java
      1. Choosing a Java JDK
      2. Working Around Older GCJ and Kaffe JVMs
      3. Sun Microsystems Java SE JDK
      4. IBM J9 JDK
      5. BEA JRockit JDK
      6. Apple Java SE JDK
      7. Excelsior JET
      8. Apache Harmony JDK
    15. B. jbchroot.c
    16. C. BadInputValve.java
    17. D. BadInputFilter.java
    18. E. RPM Package Files
    19. Index
    20. About the Authors
    21. Colophon

Product information

  • Title: Tomcat: The Definitive Guide, 2nd Edition
  • Author(s): Jason Brittain, Ian F. Darwin
  • Release date: October 2007
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9780596101060