Cover image for Tomcat: The Definitive Guide

Book description

Jakarta Tomcat is not only the most commonly used open source servlet engine today, it's become the de facto standard by which other servlet engines are measured. Powerful and flexible, it can be used as a stand-alone web server or in conjunction with another server, like Apache or IIS, to run servlets or JSPs. But mastery of Tomcat is not easy: because it's as complex as it is complete. Tomcat: The Definitive Guide answers vexing questions that users, administrators, and developers alike have been asking. This concise guide provides much needed information to help harness Tomcat's power and wealth of features. Tomcat: The Definitive Guide offers something for everyone who uses Tomcat. System and network administrators will find detailed instructions on installation, configuration, and maintenance. For users, it supplies insightful information on how to deploy Tomcat. And seasoned enterprise Java developers will have a complete reference to setting up, running, and using this powerful software The book begins with an introduction to the Tomcat server and includes an overview of the three types of server configurations: stand-alone, in-process, and out-of-process. The authors show how directories are laid out, cover the initial setup, and describe how to set the environment variables and modify the configuration files, concluding with common errors, problems, and solutions. In subsequent chapters, they cover:

  • The server.xml configuration file

  • Java Security manager

  • Authentication schemes and Tomcat users

  • The Secure Socket Layer (SSL)

  • Tomcat JDBC Realms

  • Installing servlets and Java Server Pages

  • Integrating Tomcat with Apache

  • Advanced Tomcat configuration

and much more. Tomcat: The Definitive Guide covers all major platforms, including Windows, Solaris, Linux, and Mac OS X, contains details on Tomcat configuration files, and has a quick-start guide to get developers up and running with Java servlets and JavaServer Pages. If you've struggled with this powerful yet demanding technology in the past, this book will provide the answers you need.

Table of Contents

  1. Tomcat: The Definitive Guide
    1. SPECIAL OFFER: Upgrade this ebook with O’Reilly
    2. A Note Regarding Supplemental Files
    3. Preface
      1. What's This Book About?
      2. Why an Entire Book on Tomcat?
      3. Who This Book Is For
      4. Conventions Used in This Book
      5. How to Contact Us
      6. Acknowledgments
        1. Ian Darwin's Acknowledgments
        2. Jason Brittain's Acknowledgments
    4. 1. Getting Started with Tomcat
      1. 1.1. Installing Tomcat
        1. 1.1.1. Installing Tomcat on Linux
          1. 1.1.1.1. Installing Tomcat from a Jakarta multiplatform binary release
          2. 1.1.1.2. Installing Tomcat from a Jakarta Linux RPM
        2. 1.1.2. Installing Tomcat on Solaris
        3. 1.1.3. Installing Tomcat on Windows 2000
        4. 1.1.4. Installing Tomcat on Mac OS X
        5. 1.1.5. Installing Tomcat on OpenBSD
      2. 1.2. Starting, Stopping, and Restarting Tomcat
        1. 1.2.1. Starting Up and Shutting Down
          1. 1.2.1.1. Environment variables
          2. 1.2.1.2. Starting and stopping on Linux and Solaris
          3. 1.2.1.3. Starting and stopping on Windows 2000
          4. 1.2.1.4. Starting and stopping on Mac OS X
          5. 1.2.1.5. Starting and stopping on OpenBSD
        2. 1.2.2. Common Errors
        3. 1.2.3. Restarting Tomcat
          1. 1.2.3.1. Restarting Tomcat on Unix-based systems
          2. 1.2.3.2. Restarting the Tomcat Windows Service
      3. 1.3. Automatic Startup
        1. 1.3.1. Automatic Startup on Linux
        2. 1.3.2. Automatic Startup on Solaris
        3. 1.3.3. Automatic Startup on Windows
        4. 1.3.4. Automatic Startup on Mac OS X
        5. 1.3.5. Automatic Startup on OpenBSD
      4. 1.4. Testing Your Tomcat Installation
    5. 2. Configuring Tomcat
      1. 2.1. Using the Apache Web Server
      2. 2.2. Managing Realms, Roles, and Users
        1. 2.2.1. Realms
          1. 2.2.1.1. UserDatabaseRealm
          2. 2.2.1.2. JDBCRealm
          3. 2.2.1.3. JNDIRealm
          4. 2.2.1.4. JAASRealm
        2. 2.2.2. Container-Managed Security
          1. 2.2.2.1. Basic authentication
          2. 2.2.2.2. Digest authentication
          3. 2.2.2.3. Form authentication
          4. 2.2.2.4. Client-cert authentication
        3. 2.2.3. Single Sign-On
      3. 2.3. Controlling Sessions
        1. 2.3.1. Session Persistence
          1. 2.3.1.1. StandardManager
          2. 2.3.1.2. PersistentManager
          3. 2.3.1.3. Using FileStore for storing sessions
          4. 2.3.1.4. Using JDBCStore for storing sessions
      4. 2.4. Accessing JNDI and JDBC Resources
        1. 2.4.1. JDBC DataSources
        2. 2.4.2. Other JNDI Resources
      5. 2.5. Servlet Auto-Reloading
      6. 2.6. Relocating the Web Applications Directory
      7. 2.7. Customized User Directories
      8. 2.8. Tomcat Example Applications
      9. 2.9. Server-Side Includes
      10. 2.10. Common Gateway Interface (CGI)
      11. 2.11. The Tomcat Admin Application
    6. 3. Deploying Servlet and JSP Web Applications in Tomcat
      1. 3.1. Layout of a Web Application
      2. 3.2. Manual Application Deployment
        1. 3.2.1. Deploying Servlets and JavaServer Pages
        2. 3.2.2. Working with WAR Files
      3. 3.3. Automatic Deployment
        1. 3.3.1. Plan A: Copying a WAR File
        2. 3.3.2. Plan B: Context Fragments
      4. 3.4. The Manager Application
        1. 3.4.1. See Also
      5. 3.5. Automation with Jakarta Ant
        1. 3.5.1. Building a JAR/WAR
        2. 3.5.2. Deployment
        3. 3.5.3. Common Errors
          1. 3.5.3.1. XML in property files
          2. 3.5.3.2. FileNotFoundExceptions
    7. 4. Tomcat Performance Tuning
      1. 4.1. Measuring Web Server Performance
        1. 4.1.1. Load Testing Tools
      2. 4.2. External Tuning
        1. 4.2.1. JVM Performance
        2. 4.2.2. Operating System Performance
      3. 4.3. Internal Tuning
        1. 4.3.1. Disabling DNS Lookups
        2. 4.3.2. Adjusting the Number of Threads
        3. 4.3.3. Speeding Up JSP Compilation
          1. 4.3.3.1. Changing the JSP compiler under Tomcat 4.0
          2. 4.3.3.2. Changing the JSP compiler under Tomcat 4.1
          3. 4.3.3.3. Precompiling JSPs
      4. 4.4. Capacity Planning
        1. 4.4.1. Anecdotal Capacity Planning
        2. 4.4.2. Enterprise Capacity Planning
        3. 4.4.3. Capacity Planning on Tomcat
      5. 4.5. Additional Resources
    8. 5. Integration with Apache Web Server
      1. 5.1. Introduction
      2. 5.2. The Pros and Cons of Integration
        1. 5.2.1. Running Tomcat Standalone
        2. 5.2.2. Running Tomcat with Apache httpd
      3. 5.3. Installing Apache httpd
      4. 5.4. Apache Integration with Tomcat
        1. 5.4.1. Sharing the Load Using Separate Port Numbers
        2. 5.4.2. Proxying from Apache to Tomcat
          1. 5.4.2.1. Setting up Apache httpd
          2. 5.4.2.2. Setting up Tomcat
          3. 5.4.2.3. Verify that proxying works
          4. 5.4.2.4. Disadvantages
        3. 5.4.3. Using the mod_jk2 Connector
          1. 5.4.3.1. Using binary releases
          2. 5.4.3.2. Compiling mod_jk2
          3. 5.4.3.3. Master configuration file
          4. 5.4.3.4. The workers2.properties file
          5. 5.4.3.5. Starting up the integrated servers
          6. 5.4.3.6. Configuring mod_jk2 to use a TCP socket
          7. 5.4.3.7. Configuring mod_jk2 to use a Unix domain socket
          8. 5.4.3.8. Common errors
        4. 5.4.4. Two Programs in One Process: Tighter Integration
        5. 5.4.5. Generating mod_jk2 Webapp URI Mappings
      5. 5.5. Of Connectors and Configuration Files
        1. 5.5.1. Configuration Files
          1. 5.5.1.1. workers.properties
          2. 5.5.1.2. urimap.properties
          3. 5.5.1.3. workers2.properties
      6. 5.6. Summary
    9. 6. Tomcat Security
      1. 6.1. Introduction
      2. 6.2. Securing the System
        1. 6.2.1. Operating System Security Forums
        2. 6.2.2. Configuring Your Network
      3. 6.3. Multiple Server Security Models
      4. 6.4. Using the -security Option
        1. 6.4.1. Granting File Permissions
      5. 6.5. Setting Up a Tomcat chroot Jail
        1. 6.5.1. Setting Up a chroot Jail
        2. 6.5.2. Using a Non-root User in the chroot Jail
      6. 6.6. Filtering Bad User Input
        1. 6.6.1. Vulnerabilities
          1. 6.6.1.1. Cross-site scripting
          2. 6.6.1.2. HTML injection
          3. 6.6.1.3. SQL injection
          4. 6.6.1.4. Command injection
        2. 6.6.2. HTTP Request Filtering
        3. 6.6.3. See Also
      7. 6.7. Securing Tomcat with SSL
        1. 6.7.1. Setting Up an SSL Connector for Tomcat
        2. 6.7.2. Multiple Server Certificates
        3. 6.7.3. Client Certificates
    10. 7. Configuration Files and Their Elements
      1. 7.1. server.xml
        1. 7.1.1. Server
        2. 7.1.2. Service
        3. 7.1.3. Connector
          1. 7.1.3.1. Changing the port number from 8080
            1. 7.1.3.1.1. Running Tomcat via the Jakarta Commons Daemon component
            2. 7.1.3.1.2. Common Errors
        4. 7.1.4. Engine
        5. 7.1.5. Host
          1. 7.1.5.1. Virtual hosting
        6. 7.1.6. Context
        7. 7.1.7. DefaultContext
        8. 7.1.8. Realm
        9. 7.1.9. GlobalNamingResources
          1. 7.1.9.1. Environment
          2. 7.1.9.2. Resource
          3. 7.1.9.3. ResourceParams
          4. 7.1.9.4. See also
        10. 7.1.10. Listener
        11. 7.1.11. Loader
        12. 7.1.12. Logger
        13. 7.1.13. Manager
          1. 7.1.13.1. Stores
          2. 7.1.13.2. Resources
          3. 7.1.13.3. Valve
          4. 7.1.13.4. Controlling access log files with AccessLogValve
          5. 7.1.13.5. RemoteHostValve and RemoteAddrValve
      2. 7.2. web.xml
        1. 7.2.1. web-app
        2. 7.2.2. icon, display-name, and description
        3. 7.2.3. distributable
        4. 7.2.4. context-param
        5. 7.2.5. filter and filter-mapping
        6. 7.2.6. listener
        7. 7.2.7. servlet
        8. 7.2.8. servlet-mapping
        9. 7.2.9. session-config
        10. 7.2.10. mime-mapping
        11. 7.2.11. welcome-file-list
        12. 7.2.12. error-page
        13. 7.2.13. taglib
        14. 7.2.14. resource-env-ref
        15. 7.2.15. resource-ref
        16. 7.2.16. security-constraint
          1. 7.2.16.1. See also
        17. 7.2.17. login-config
        18. 7.2.18. security-role
        19. 7.2.19. env-entry
        20. 7.2.20. ejb-ref and ejb-local-ref
      3. 7.3. tomcat-users.xml
      4. 7.4. catalina.policy
    11. 8. Debugging and Troubleshooting
      1. 8.1. Reading Log Files
        1. 8.1.1. Hunting for Errors
        2. 8.1.2. Making Sense of Multiple Files
      2. 8.2. URLs and the HTTP Conversation
        1. 8.2.1. HTTP Requests
        2. 8.2.2. Response Codes and Headers
        3. 8.2.3. Interacting with HTTP
      3. 8.3. Debugging with RequestDumperValve
      4. 8.4. When Tomcat Won't Shut Down
    12. 9. Building Tomcat from Source
      1. 9.1. Installing Jakarta Ant
      2. 9.2. Obtaining the Source
        1. 9.2.1. Downloading Source Code
        2. 9.2.2. Obtaining Source Code with CVS
      3. 9.3. Downloading Support Libraries
      4. 9.4. Building Tomcat
    13. 10. Tomcat Clustering
      1. 10.1. Clustering Terms
      2. 10.2. The Communication Sequence of an HTTP Request
        1. 10.2.1. DNS Request Distribution
        2. 10.2.2. TCP NAT Request Distribution
        3. 10.2.3. mod_jk2 Load Balancing and Failover
        4. 10.2.4. Distributed Java Servlet Containers
          1. 10.2.4.1. Servlet sessions
          2. 10.2.4.2. Session affinity
          3. 10.2.4.3. Replicated sessions
            1. 10.2.4.3.1. Configuring and testing IP multicast
            2. 10.2.4.3.2. Installing, configuring, and testing session replication
        5. 10.2.5. JDBC Request Distribution and Failover
      3. 10.3. Additional Resources
    14. 11. Final Words
      1. 11.1. Supplemental Resources
        1. 11.1.1. Online Documentation That Ships with Tomcat
        2. 11.1.2. The Jakarta Tomcat Web Documentation
        3. 11.1.3. The Jakarta Tomcat Mailing List Archives
        4. 11.1.4. Web Sites Related to This Book
        5. 11.1.5. Third-Party Web Sites About Tomcat
          1. 11.1.5.1. The #tomcat Internet Relay Chat (IRC) channel
          2. 11.1.5.2. The Jakarta Tomcat mailing lists
      2. 11.2. Community
    15. A. Installing Java
      1. A.1. Choosing a Java SDK
        1. A.1.1. Working Around the Kaffe JDK
        2. A.1.2. Sun Microsystems J2SE SDK
        3. A.1.3. IBM JDK
        4. A.1.4. BEA JRockit
        5. A.1.5. Apple J2SE 1.4.1
    16. B. JSPs and Servlets
      1. B.1. Why Both JSPs and Servlets?
      2. B.2. Simplifying JSPs with JavaBeans:Reusable Components
      3. B.3. Simplifying Your JSPs with Custom Tags
      4. B.4. Extending Tomcat
        1. B.4.1. Cocoon: XML Publishing
        2. B.4.2. Element Construction Set
        3. B.4.3. Formatted Objects Printing (FOP)
        4. B.4.4. JavaMail API
        5. B.4.5. JetSpeed: Scalable Information Portal
        6. B.4.6. Lucene Text Searching
        7. B.4.7. PDF Generators
        8. B.4.8. POI
        9. B.4.9. SOAP
        10. B.4.10. Struts
        11. B.4.11. Velocity
        12. B.4.12. WebDAV
        13. B.4.13. See Also
    17. C. jbchroot.c
    18. D. BadInputFilterValve.java
    19. About the Authors
    20. Colophon
    21. SPECIAL OFFER: Upgrade this ebook with O’Reilly