You are previewing Professional Apache Tomcat 6.
O'Reilly logo
Professional Apache Tomcat 6

Book Description

  • Tomcat is the official reference implementation of Sun's servlet and JSP specifications, and Java developers must test all Web applications on Tomcat to ensure they work as designed

  • Boasting more than 40 percent new and updated material, this book covers all the major new features affecting server administration and management

  • Explores the additional built-in tools of Tomcat, which help Java developers program more efficiently, and looks at how Apache's other open source servlet/JSP technologies are designed to work with Tomcat

  • Features full coverage of Release 6, which supports the latest JSP and servlet specifications: JSP 2.1 and Servlets 2.5

  • Addresses solving real-world problems encountered during all phases of server administration, including managing class loaders and connectors, security, shared hosting and clustering, and system testing

Table of Contents

  1. Copyright
  2. About the Authors
  3. Credits
  4. Introduction
    1. What's Changed Since the Second Edition
    2. How to Use This Book
    3. Conventions
      1. Downloads for the Book
    4. Errata
    5. p2p.wrox.com
    6. Caveat
  5. 1. Apache Tomcat
    1. 1.1. Humble Beginnings: The Apache Project
    2. 1.2. The Apache Software Foundation
    3. 1.3. Tomcat
      1. 1.3.1. Distributing Tomcat: The Apache License
      2. 1.3.2. Comparison with Other Licenses
        1. 1.3.2.1. GPL
        2. 1.3.2.2. LGPL
        3. 1.3.2.3. Other Licenses
    4. 1.4. The Big Picture: Java EE
      1. 1.4.1. Java APIs
        1. 1.4.1.1. The Java Community Process
      2. 1.4.2. The Java EE APIs
      3. 1.4.3. Java EE Application Servers
      4. 1.4.4. "Agree on Standards, Compete on Implementation"
      5. 1.4.5. Tomcat and Application Servers
    5. 1.5. Tomcat and Web Servers
    6. 1.6. Summary
  6. 2. Web Applications: Servlets, JSPs, and More
    1. 2.1. A Brief History of Web Applications
      1. 2.1.1. CGI Scripts: The First Mechanism for Dynamic Content
      2. 2.1.2. Server Side Java: Servlets
        1. 2.1.2.1. The Servlet Interface
        2. 2.1.2.2. Servlet Containers
        3. 2.1.2.3. Accessing Servlets
        4. 2.1.2.4. Drawbacks of Servlets
      3. 2.1.3. JavaServer Pages
        1. 2.1.3.1. Early Web Applications: Model 1 Architecture
        2. 2.1.3.2. Modern Web Development: Model 2 Architecture and Web Frameworks
      4. 2.1.4. JSP Tag Libraries
      5. 2.1.5. JSP EL
      6. 2.1.6. MVC Architecture
    2. 2.2. Using Appropriate Web Technologies
    3. 2.3. Building and Distributing Web Applications
    4. 2.4. Summary
  7. 3. Tomcat Installation
    1. 3.1. Installing the Java Virtual Machine
      1. 3.1.1. Installing the JVM on Windows
      2. 3.1.2. Installing the JVM on Linux
        1. 3.1.2.1. Installing the JVM from the tar.gz File
        2. 3.1.2.2. Installing the JVM Using the RPM Installer
    2. 3.2. Installing Tomcat
      1. 3.2.1. Deciding Which Distribution to Install
      2. 3.2.2. Verifying the Downloaded File
      3. 3.2.3. Tomcat Windows Installer
        1. 3.2.3.1. The Service Component
        2. 3.2.3.2. Finishing the Installation
        3. 3.2.3.3. Setting Environment Variables
        4. 3.2.3.4. Testing the Installation
          1. 3.2.3.4.1. Starting the Server Manually
          2. 3.2.3.4.2. Starting the Server as a Service
          3. 3.2.3.4.3. Changing Service Options
        5. 3.2.3.5. Viewing the Default Installation
        6. 3.2.3.6. Assigning Port Numbers
      4. 3.2.4. Installing Tomcat on Windows Using the ZIP File
      5. 3.2.5. Installing Tomcat on Linux
        1. 3.2.5.1. Viewing the Default Installation
        2. 3.2.5.2. Modifying Port Numbers
    3. 3.3. Building Tomcat from Source
      1. 3.3.1. Do You Need to Build Tomcat from the Source Code?
      2. 3.3.2. Downloading the Source Release
      3. 3.3.3. Subversion Repository
      4. 3.3.4. Building a Source Release
    4. 3.4. The Tomcat Installation Directory
    5. 3.5. Installing APR
    6. 3.6. Troubleshooting and Tips
      1. 3.6.1. Class Version Error
      2. 3.6.2. The Port Number Is in Use
      3. 3.6.3. Running Multiple Instances
      4. 3.6.4. A Proxy Is Blocking Access
    7. 3.7. Summary
  8. 4. Tomcat Architecture
    1. 4.1. Tomcat Directory Overview
      1. 4.1.1. bin Directory
      2. 4.1.2. conf Directory
      3. 4.1.3. lib Directory
      4. 4.1.4. logs Directory
      5. 4.1.5. temp Directory
      6. 4.1.6. webapps Directory
      7. 4.1.7. work Directory
    2. 4.2. An Overview of Tomcat Architecture
      1. 4.2.1. The Server
      2. 4.2.2. The Service
      3. 4.2.3. The Connectors
      4. 4.2.4. The Engine
      5. 4.2.5. The Realm
      6. 4.2.6. The Valves
      7. 4.2.7. The Loggers
      8. 4.2.8. The Host
      9. 4.2.9. The Context
      10. 4.2.10. The Remaining Classes in the Tomcat Architecture
    3. 4.3. Connector Architecture
      1. 4.3.1. Communication Paths
      2. 4.3.2. Connector Protocols
      3. 4.3.3. AJP Protocol
      4. 4.3.4. HTTP Protocol
      5. 4.3.5. Choosing a Connector
      6. 4.3.6. AJP History
      7. 4.3.7. AJP JK
      8. 4.3.8. webapp
      9. 4.3.9. JK2
      10. 4.3.10. Proxy
    4. 4.4. Lifecycle
      1. 4.4.1. Lifecycle Interface
      2. 4.4.2. LifecycleListener Interface
    5. 4.5. Configuration by Architecture
    6. 4.6. Summary
  9. 5. Basic Tomcat Configuration
    1. 5.1. Tomcat 6 Configuration Essentials
    2. 5.2. Files in $CATALINA_HOME/conf
    3. 5.3. Basic Server Configuration
      1. 5.3.1. Server Configuration via the Default server.xml
        1. 5.3.1.1. The Server Component
        2. 5.3.1.2. The Service Component
        3. 5.3.1.3. The Connector Component
      2. 5.3.2. Operating Tomcat in Application Server Configuration
        1. 5.3.2.1. The Engine Component
        2. 5.3.2.2. The Realm Component
        3. 5.3.2.3. The Host Component
      3. 5.3.3. Web Application Context Definitions
        1. 5.3.3.1. The Default context.xml File
      4. 5.3.4. Authentication and the tomcat-users.xml File
      5. 5.3.5. The Default Deployment Descriptor — web.xml
        1. 5.3.5.1. Configuring the Default Servlet for Static Resources
        2. 5.3.5.2. Default Directory Listings and Other Customizations
      6. 5.3.6. Configuring the Invoker Servlet
      7. 5.3.7. Configuring the JspServlet
      8. 5.3.8. SSI and CGI Servlets Configuration
      9. 5.3.9. Matching URLs: Servlet Mappings
      10. 5.3.10. How server.xml, Context Descriptors, and web.xml Work Together
      11. 5.3.11. SSI and CGI Mappings
        1. 5.3.11.1. Session Timeout Configuration
        2. 5.3.11.2. Handling Client-Side Helper Activation: Mime Mappings
        3. 5.3.11.3. Simulating Apache Web Server: Welcome File Handling
      12. 5.3.12. Fine-Grained Access Control: catalina.policy
      13. 5.3.13. catalina.properties: Finer-Grained Control over Access Checks
      14. 5.3.14. Bootstrapping Configuration
      15. 5.3.15. A Final Word on Differentiating Between Configuration and Management
    4. 5.4. Tomcat 6 Web-Based GUI Configurator
    5. 5.5. Summary
  10. 6. Advanced Tomcat Features
    1. 6.1. Valves — Interception Tomcat-Style
    2. 6.2. Standard Valves
    3. 6.3. Access Log Implementation
    4. 6.4. Scope of Log Files
    5. 6.5. Single Sign-On Implementation
      1. 6.5.1. Multiple Sign-On Without the Single Sign-On Valve
      2. 6.5.2. Configuring a Single Sign-On Valve
    6. 6.6. Form Authenticator Valve
    7. 6.7. Restricting Access via a Request Filter
      1. 6.7.1. Remote Address Filter
      2. 6.7.2. Remote Host Filter
      3. 6.7.3. Configuring Request Filter Valves
      4. 6.7.4. Request Dumper Valve
    8. 6.8. Persistent Sessions
      1. 6.8.1. The Need for Persistent Sessions
      2. 6.8.2. Configuring a Persistent Session Manager
      3. 6.8.3. The <Manager> Element
      4. 6.8.4. Hands-On Configuration with the Persistent Session Manager
    9. 6.9. JNDI Resource Configuration
      1. 6.9.1. What Is JNDI?
      2. 6.9.2. Tomcat and JNDI
      3. 6.9.3. Typical Tomcat JNDI Resources
      4. 6.9.4. Configuring Resources via JNDI
      5. 6.9.5. The <Environment> Element
      6. 6.9.6. The <Resource> Element
      7. 6.9.7. The <ResourceParams> Element
      8. 6.9.8. The <ResourceLink> Element
      9. 6.9.9. Configuring a JDBC DataSource
      10. 6.9.10. Configuring Mail Sessions
        1. 6.9.10.1. Adding a Resource Definition to the Application Context Descriptor
        2. 6.9.10.2. Adding a Reference to a Mail Session Resource in the Deployment Descriptor
        3. 6.9.10.3. Downloading and Installing JavaMail 1.3.3 and the JavaBeans Activation Framework 1.1 Libraries
        4. 6.9.10.4. Compiling and Configuring the SendMailServlet
        5. 6.9.10.5. Creating the sendmail.jsp JSP
        6. 6.9.10.6. Sending E-mail via JavaMail Sessions
    10. 6.10. Configuring Lifecycle Listeners
      1. 6.10.1. Lifecycle Events Sent by Tomcat Components
      2. 6.10.2. The <Listener> Element
      3. 6.10.3. Tomcat 6 Lifecycle Listeners Configuration
        1. 6.10.3.1. Displaying MBeans Created by Lifecycle Listeners Using the Manager JMX Proxy
        2. 6.10.3.2. Removing Default Lifecycle Listeners
        3. 6.10.3.3. Adding APR Lifecycle Listener and Native SSL Engine Configuration
        4. 6.10.3.4. Initialization of the JSP Processor
    11. 6.11. Summary
  11. 7. Web Application Configuration
    1. 7.1. Understanding the Contents of a Web Application
      1. 7.1.1. Public Resources
      2. 7.1.2. URL Mappings
      3. 7.1.3. The WEB-INF Directory
        1. 7.1.3.1. The classes Directory
        2. 7.1.3.2. The tags Directory
        3. 7.1.3.3. The lib Directory
      4. 7.1.4. The META-INF Directory
        1. 7.1.4.1. The Manifest File
        2. 7.1.4.2. The Context File
    2. 7.2. Understanding the Deployment Descriptor (web.xml)
      1. 7.2.1. The Servlet 2.3-Style Deployment Descriptor
        1. 7.2.1.1. The XML Header
        2. 7.2.1.2. The DTD Declaration
        3. 7.2.1.3. <web-app>
        4. 7.2.1.4. <icon>
        5. 7.2.1.5. <display-name>
        6. 7.2.1.6. <description>
        7. 7.2.1.7. <distributable>
        8. 7.2.1.8. <context-param>
        9. 7.2.1.9. <filter>
        10. 7.2.1.10. <listener>
        11. 7.2.1.11. <servlet>
        12. 7.2.1.12. <session-config>
        13. 7.2.1.13. <mime-mapping>
        14. 7.2.1.14. <welcome-file-list>
        15. 7.2.1.15. <error-page>
        16. 7.2.1.16. <taglib>
        17. 7.2.1.17. <resource-ref>
        18. 7.2.1.18. <security-constraint>
        19. 7.2.1.19. <web-resource-collection>
        20. 7.2.1.20. <auth-constraint>
        21. 7.2.1.21. <user-data-constraint>
        22. 7.2.1.22. <login-config>
        23. 7.2.1.23. <security-role>
        24. 7.2.1.24. <env-entry>
      2. 7.2.2. The Servlet 2.4/2.5-Style Deployment Descriptor
        1. 7.2.2.1. web-app
        2. 7.2.2.2. context-param
        3. 7.2.2.3. description
        4. 7.2.2.4. display-name
        5. 7.2.2.5. distributable
        6. 7.2.2.6. ejb-local-ref
        7. 7.2.2.7. ejb-ref
        8. 7.2.2.8. env-entry
        9. 7.2.2.9. error-page
        10. 7.2.2.10. filter
        11. 7.2.2.11. filter-mapping
        12. 7.2.2.12. icon
        13. 7.2.2.13. jsp-config
        14. 7.2.2.14. listener
        15. 7.2.2.15. locale-encoding-mapping-list
        16. 7.2.2.16. login-config
        17. 7.2.2.17. message-destination
        18. 7.2.2.18. message-destination-ref
        19. 7.2.2.19. mime-mapping
        20. 7.2.2.20. resource-env-ref
        21. 7.2.2.21. resource-ref
        22. 7.2.2.22. security-constraint
        23. 7.2.2.23. security-role
        24. 7.2.2.24. service-ref
        25. 7.2.2.25. servlet
        26. 7.2.2.26. servlet-mapping
        27. 7.2.2.27. session-config
        28. 7.2.2.28. welcome-file-list
    3. 7.3. Summary
  12. 8. Web Application Administration
    1. 8.1. Sample Web Application
    2. 8.2. Tomcat Manager Application
      1. 8.2.1. Enabling Access to the Manager Application
      2. 8.2.2. Manager Application Configuration
        1. 8.2.2.1. Manager Application Context Entry
        2. 8.2.2.2. Manager Application Deployment Descriptor
    3. 8.3. Tomcat Manager: Web Interface
      1. 8.3.1. Displaying Tomcat Server Status
      2. 8.3.2. Managing Web Applications
    4. 8.4. Deploying a Web Application
    5. 8.5. Tomcat Manager: Managing Applications with Ant
      1. 8.5.1. Known Issue: Failure While Undeploying Web Applications on Windows
    6. 8.6. Tomcat Manager — Using HTTP Requests
      1. 8.6.1. List Deployed Applications
      2. 8.6.2. Deploying a New Application
      3. 8.6.3. Installing/Deploying Applications in Tomcat 6
      4. 8.6.4. Deploying a New Application Remotely
      5. 8.6.5. Deploying a New Application from a Local Path
      6. 8.6.6. Reloading an Existing Application
      7. 8.6.7. Listing Available JNDI Resources
      8. 8.6.8. Listing OS and JVM Properties
      9. 8.6.9. Stopping an Existing Application
      10. 8.6.10. Starting a Stopped Application
      11. 8.6.11. Undeploying a Web Application
      12. 8.6.12. Displaying Session Statistics
      13. 8.6.13. Querying Tomcat Internals Using the JMX Proxy Servlet
      14. 8.6.14. Setting Tomcat Internals Using the JMX Proxy Servlet
    7. 8.7. Possible Errors
    8. 8.8. Security Considerations
    9. 8.9. Tomcat Deployer
    10. 8.10. Summary
  13. 9. Class Loaders
    1. 9.1. Class Loader Overview
      1. 9.1.1. Standard Java SE Class Loaders
        1. 9.1.1.1. Bootstrap Class Loader
        2. 9.1.1.2. Extension Class Loader
        3. 9.1.1.3. System Class Loader
        4. 9.1.1.4. The Delegation Model
        5. 9.1.1.5. Endorsed Standard Override Mechanism
      2. 9.1.2. More on Class Loader Behavior
        1. 9.1.2.1. Lazy Loading (Loading Classes on Demand)
        2. 9.1.2.2. Class Caching
        3. 9.1.2.3. Separate Namespaces
      3. 9.1.3. Creating a Custom Class Loader
      4. 9.1.4. Why Is a Custom Class Loader Needed for Tomcat?
    2. 9.2. Security and Class Loaders
      1. 9.2.1. Class Loader Delegation
      2. 9.2.2. Core Class Restriction
      3. 9.2.3. Separate Class Loader Namespaces
      4. 9.2.4. SecurityManager
    3. 9.3. Tomcat and Class Loaders
      1. 9.3.1. System Class Loader
      2. 9.3.2. Endorsed Standards Override Mechanism
      3. 9.3.3. Common Class Loader
      4. 9.3.4. Web Application Class Loader
        1. 9.3.4.1. Web Application Class Loader Details
        2. 9.3.4.2. Class Loader Order Revisited
      5. 9.3.5. Dynamic Class Reloading
    4. 9.4. Common Class Loader Pitfalls
      1. 9.4.1. Packages Split Among Different Class Loaders
      2. 9.4.2. Singletons
      3. 9.4.3. XML Parsers
    5. 9.5. Summary
  14. 10. Http Connectors
    1. 10.1. HTTP Connectors
      1. 10.1.1. Tomcat 6 HTTP/1.1 Connector
        1. 10.1.1.1. HTTP/1.1 Connector Configuration
        2. 10.1.1.2. Configuring Tomcat 6 for SSL
      2. 10.1.2. The Advanced NIO Connector
      3. 10.1.3. Comet Asynchronous IO Support
      4. 10.1.4. The Native APR Connector
        1. 10.1.4.1. Enabling the APR Connector
        2. 10.1.4.2. Configurable Connector Attributes
        3. 10.1.4.3. Kernel Mode File Transfer Sendfile() Optimization
        4. 10.1.4.4. Scalable Keep-Alive Poller
        5. 10.1.4.5. OpenSSL Support
    2. 10.2. Configuring Tomcat for CGI Support
    3. 10.3. Configuring Tomcat for SSI Support
      1. 10.3.1. Configuring the Tomcat 6 SSI Servlet
      2. 10.3.2. Configuring the Tomcat 6 SSI Filter
    4. 10.4. Running Tomcat Behind a Proxy Server
    5. 10.5. Performance Tuning
      1. 10.5.1. Tunable Configuration Attributes
      2. 10.5.2. TCP/IP Stack Tuning Tips
        1. 10.5.2.1. Windows XP or Server 2003 TCP Stack Tuning
        2. 10.5.2.2. Linux TCP Stack Tuning
    6. 10.6. Front-Ending Tomcat 6 with a Web Server
    7. 10.7. Summary
  15. 11. Tomcat and Apache HTTP Server
    1. 11.1. The AJP Connector Architecture
      1. 11.1.1. The Native Code Apache Modules
      2. 11.1.2. The Apache JServ Protocol
      3. 11.1.3. The AJP Connector
    2. 11.2. Apache Web Server Frontend or Tomcat Standalone
    3. 11.3. Understanding Tomcat Workers
      1. 11.3.1. Multiple Tomcat Workers
      2. 11.3.2. Configuring Apache Server to Work with Multiple Tomcat Workers — the workers.properties File
        1. 11.3.2.1. Format of the workers.properties File
        2. 11.3.2.2. Types of Workers
        3. 11.3.2.3. Other Worker Properties
    4. 11.4. Connecting Tomcat with Apache
      1. 11.4.1. Tomcat 6 Configuration
        1. 11.4.1.1. Configuring the AJP 1.3 Connector in server.xml
      2. 11.4.2. Apache Web Server Configuration
      3. 11.4.3. Using the mod_jk Module
        1. 11.4.3.1. Native Code mod-jk Binaries for Apache Server
          1. 11.4.3.1.1. Building mod_jk on Windows
          2. 11.4.3.1.2. Building mod_jk on Linux/*nix
        2. 11.4.3.2. Adding Directives to Load the mod_jk Module (httpd.conf)
        3. 11.4.3.3. Additional mod_jk Directives
        4. 11.4.3.4. Testing the mod_jk Setup
      4. 11.4.4. Using the mod_proxy Module
        1. 11.4.4.1. Configuring the mod_proxy Module on Apache 2.2.x Server for the AJP Protocol
          1. 11.4.4.1.1. Installing mod_proxy on Windows/Linux
          2. 11.4.4.1.2. Testing the mod_proxy Setup
    5. 11.5. Configuring SSL for Apache Web Server
      1. 11.5.1. Configuring mod_ssl for Apache
        1. 11.5.1.1. Verifying OpenSSL Installation
        2. 11.5.1.2. Building Apache with mod_ssl Support from Source
        3. 11.5.1.3. Generating a Test Certificate with OpenSSL
          1. 11.5.1.3.1. Configuration File for Generating a Certificate
          2. 11.5.1.3.2. Create a Certificate Signing Request
          3. 11.5.1.3.3. Remove the Passphrase from the Private Key
          4. 11.5.1.3.4. Create a Self-Signed Certificate
          5. 11.5.1.3.5. Install the Certificate
        4. 11.5.1.4. Setting Up mod_ssl in Apache
      2. 11.5.2. Testing the SSL-Enabled Apache Setup
        1. 11.5.2.1. Browser Security Warnings
      3. 11.5.3. SSL-Enabled Apache-Tomcat Setup
    6. 11.6. Tomcat Load Balancing with Apache
      1. 11.6.1. Changing CATALINA_HOME in the Tomcat Startup Files
      2. 11.6.2. Setting Different AJP Connector Ports
      3. 11.6.3. Setting Different Server Ports
      4. 11.6.4. Disabling the Default HTTP/1.1 Connector
      5. 11.6.5. Setting the jvmRoute in the Standalone Engine
      6. 11.6.6. Commenting Out the Catalina Engine
      7. 11.6.7. Directives in httpd.conf
      8. 11.6.8. Workers Configuration in workers.properties
        1. 11.6.8.1. Configuring Tomcat Worker Instances
        2. 11.6.8.2. Configuring Load Balancer in workers.properties
        3. 11.6.8.3. Configuring a Status Worker in workers.properties
        4. 11.6.8.4. Supplying mod_jk with a workers.list
        5. 11.6.8.5. The Complete workers.properties File
    7. 11.7. Testing the Load Balancer
      1. 11.7.1. Testing Sticky Sessions
      2. 11.7.2. Testing Round-Robin Behavior
      3. 11.7.3. Testing with Different Load Factors
    8. 11.8. Summary
  16. 12. Tomcat and IIS
    1. 12.1. Role of the ISAPI Plug-in
    2. 12.2. Connecting Tomcat with IIS
      1. 12.2.1. Verifying Tomcat and IIS Installations
      2. 12.2.2. Configuring the JK Connector
      3. 12.2.3. Installing the ISAPI Plug-in
      4. 12.2.4. Configuring Tomcat Workers
      5. 12.2.5. Configuring the Request Forwarding Rules
      6. 12.2.6. Optionally Configure URL Rewrite Rules
      7. 12.2.7. Updating the Windows Registry for the ISAPI Plug-in
        1. 12.2.7.1. Editing the Registry Manually
        2. 12.2.7.2. Editing the Registry via a Script
      8. 12.2.8. IIS 5 Isolation Mode (IIS 6 Only)
      9. 12.2.9. Creating a Virtual Directory Under IIS
      10. 12.2.10. Adding the ISAPI Plug-in as an IIS Filter
      11. 12.2.11. Authorizing the ISAPI Plug-in as a Web Application Extension (IIS 6 Only)
      12. 12.2.12. Testing the Final Setup
    3. 12.3. Troubleshooting Tips
    4. 12.4. Using SSL
    5. 12.5. Scalable Architectures with IIS and Tomcat
      1. 12.5.1. Distributing Web and Application Server Deployments
      2. 12.5.2. Multiple Tomcat Workers
      3. 12.5.3. Load-Balanced AJP Workers
    6. 12.6. Summary
  17. 13. JDBC Connectivity
    1. 13.1. JDBC Basics
      1. 13.1.1. Establishing and Terminating Connections to RDBMSs
      2. 13.1.2. Evolving JDBC Versions
      3. 13.1.3. JDBC Driver Types
      4. 13.1.4. Database Connection Pooling
      5. 13.1.5. A Problem with Connection Pooling
      6. 13.1.6. Tomcat and the JDBC Evolution
    2. 13.2. JNDI Emulation and Pooling in Tomcat 6
    3. 13.3. Preferred Configuration: JNDI Resources
      1. 13.3.1. The Resource Tag
        1. 13.3.1.1. Working with Other RDBMSs
        2. 13.3.1.2. DBCP — Jakarta Commons Pooling Support
        3. 13.3.1.3. Transactions and Distributed Transactions Support
      2. 13.3.2. Hands-On JNDI Resource Configuration
        1. 13.3.2.1. Creating the MySQL Test Database
        2. 13.3.2.2. Setting Up the Read-Only User
        3. 13.3.2.3. Adding the JDBC JNDI Resource to the Default Context
          1. 13.3.2.3.1. Step 1: Adding a context.xml with JNDI<Resource>
          2. 13.3.2.3.2. Step 2: Adding the <resource-ref/> Entries to web.xml
          3. 13.3.2.3.3. Step 3: Using JNDI to Look Up a Data Source
      3. 13.3.3. Testing the JNDI Resource Configuration
        1. 13.3.3.1. The Error Page in Action
    4. 13.4. Alternative JDBC Configuration
    5. 13.5. Alternative Connection Pool Managers
      1. 13.5.1. About the c3p0 Pool Manager
      2. 13.5.2. Deploying the c3p0 Pooling Manager
      3. 13.5.3. Obtaining JDBC Connections Without JNDI Lookup
      4. 13.5.4. Testing Non-JNDI Pool Access with c3p0
      5. 13.5.5. Obtaining a Connection with JNDI Mapping
      6. 13.5.6. Testing c3p0 with Tomcat 6 JNDI-Compatible Lookup
      7. 13.5.7. Deploying Third-Party Pools
    6. 13.6. Summary
  18. 14. Tomcat Security
    1. 14.1. Verifying Tomcat Download Integrity
      1. 14.1.1. Verifying the MD5 DIGEST
      2. 14.1.2. Using PGP to Verify the Download
    2. 14.2. Securing the Tomcat Server Installation
      1. 14.2.1. Removing Default Applications
      2. 14.2.2. ROOT and tomcat-docs
      3. 14.2.3. System Applications — manager and host-manager
      4. 14.2.4. Tying Down System Application Access Security
      5. 14.2.5. Removing JSP and Servlet Examples
      6. 14.2.6. Changing the SHUTDOWN Command
    3. 14.3. Running Tomcat with a Special Account
      1. 14.3.1. Creating a Non-Privileged Tomcat User
      2. 14.3.2. Running Tomcat with the Tomcat User
        1. 14.3.2.1. Configuring Windows
        2. 14.3.2.2. Configuring Linux
    4. 14.4. Securing the File System
      1. 14.4.1. Windows File System
        1. 14.4.1.1. Access Control Lists
        2. 14.4.1.2. Restricting Permissions
        3. 14.4.1.3. Granting Permissions
      2. 14.4.2. Linux File System
    5. 14.5. Securing the Java Virtual Machine
      1. 14.5.1. Overview of the Security Manager
        1. 14.5.1.1. Granting Permissions to Applications
        2. 14.5.1.2. Grant Entry Syntax
        3. 14.5.1.3. Available Permissions
        4. 14.5.1.4. Enabling the Security Manager System
        5. 14.5.1.5. Advanced Security Manager Topics
      2. 14.5.2. Using the Security Manager with Tomcat
        1. 14.5.2.1. Enabling Tomcat's Security Manager
        2. 14.5.2.2. Tomcat's Policy File
          1. 14.5.2.2.1. System Code Permissions
          2. 14.5.2.2.2. Catalina Code Permissions
          3. 14.5.2.2.3. System Properties Access Permissions
      3. 14.5.3. Recommended Security Manager Practices
        1. 14.5.3.1. Using the Security Manager
        2. 14.5.3.2. Understanding Application Requirements
        3. 14.5.3.3. Enabling Creation of a Class Loader
        4. 14.5.3.4. Enabling JDBC Drivers to Open Socket Connections to Databases
        5. 14.5.3.5. Sending E-Mail with JavaMail
        6. 14.5.3.6. Reading or Writing to Files Outside of the Web Application's Directory
    6. 14.6. Securing Web Applications
      1. 14.6.1. Authentication and Realms
        1. 14.6.1.1. Authentication Mechanisms
          1. 14.6.1.1.1. BASIC
          2. 14.6.1.1.2. DIGEST
          3. 14.6.1.1.3. Form
          4. 14.6.1.1.4. HTTPS Client Certificate
        2. 14.6.1.2. Configuring Authentication
        3. 14.6.1.3. Authentication Form
      2. 14.6.2. Security Realms
        1. 14.6.2.1. Users and Roles
        2. 14.6.2.2. File-Based Realm: UserDatabase
          1. 14.6.2.2.1. Configuring UserDatabase
          2. 14.6.2.2.2. Securing a File-Based UserDatabase Realm
          3. 14.6.2.2.3. Selecting the DIGEST Algorithm
          4. 14.6.2.2.4. Creating a DIGESTed Password
          5. 14.6.2.2.5. Adding the DIGESTed Password to the UserDatabase Realm
          6. 14.6.2.2.6. Testing the DIGESTed Password
        3. 14.6.2.3. JDBC Realms
          1. 14.6.2.3.1. Mapping Columns to the Required View
          2. 14.6.2.3.2. Configuring JDBC Realms with Digested Passwords
          3. 14.6.2.3.3. Setting up MySQL Tables
          4. 14.6.2.3.4. Adding a Tomcat User to MySQL
          5. 14.6.2.3.5. Defining the MySQL-Based JDBC Realm
          6. 14.6.2.3.6. Testing the JDBC Realm
        4. 14.6.2.4. JNDI Realms
          1. 14.6.2.4.1. Configuring the JNDI Realm
          2. 14.6.2.4.2. Installing the JNDI LDAP Driver
          3. 14.6.2.4.3. Creating the LDAP Schema
          4. 14.6.2.4.4. Populating the Directory
          5. 14.6.2.4.5. Configuring the Realm
          6. 14.6.2.4.6. Adding Roles and Users
          7. 14.6.2.4.7. Removing a Role or a User
        5. 14.6.2.5. JAAS Realm
          1. 14.6.2.5.1. Configuration of a JAAS Realm
          2. 14.6.2.5.2. Adding or Deleting Users and Roles
        6. 14.6.2.6. Single Sign-on
    7. 14.7. Encryption with SSL
      1. 14.7.1. JSSE
        1. 14.7.1.1. Preparing the Certificate Keystore
        2. 14.7.1.2. Installing a Certificate from a Certificate Authority
      2. 14.7.2. Protecting Resources with SSL
        1. 14.7.2.1. Tomcat Setup
    8. 14.8. Securing DefaultServlet
      1. 14.8.1. Disabling Directory Listing
      2. 14.8.2. Disabling an Invoker Servlet, SSI, and CGI Gateway
    9. 14.9. Host Restriction
    10. 14.10. Summary
  19. 15. Shared Tomcat Hosting
    1. 15.1. Virtual Hosting Concepts
    2. 15.2. Virtual Hosting in Apache
      1. 15.2.1. Example Deployment Scenario
      2. 15.2.2. IP-Based Virtual Hosting in Apache
        1. 15.2.2.1. Configuring IP-Based Virtual Hosting in Apache
        2. 15.2.2.2. Testing Your Configuration
        3. 15.2.2.3. Avoiding Common Mistakes
      3. 15.2.3. Name-Based Virtual Hosting in Apache
        1. 15.2.3.1. Configuring Name-Based Virtual Hosting in Apache
        2. 15.2.3.2. Testing Your Configuration
        3. 15.2.3.3. Avoiding Common Issues
    3. 15.3. Virtual Hosting in Tomcat
      1. 15.3.1. Example Deployment Scenario
      2. 15.3.2. Tomcat as a Standalone Server
        1. 15.3.2.1. Name-Based Virtual Hosting in Tomcat
        2. 15.3.2.2. IP-Based Virtual Hosting in Tomcat
      3. 15.3.3. Tomcat with Apache
      4. 15.3.4. Configuring Apache
    4. 15.4. The Tomcat Host-Manager Application
    5. 15.5. Virtual Hosting Issues: Stability, Security, and Performance
    6. 15.6. Tuning Virtual Hosting Settings in Tomcat
      1. 15.6.1. Creating Separate JVMs for Each Virtual Host
      2. 15.6.2. Setting Memory Limits on the Tomcat JVM
        1. 15.6.2.1. Factors Determining Memory Requirements
        2. 15.6.2.2. Setting Memory Limits in Tomcat
      3. 15.6.3. Using Java Security Manager Restrictions
    7. 15.7. Summary
  20. 16. Monitoring and Managing Tomcat with JMX
    1. 16.1. The Requirement to Be Manageable
    2. 16.2. All About JMX
      1. 16.2.1. The JMX Architecture
      2. 16.2.2. Instrumentation Level
      3. 16.2.3. Agent Level
        1. 16.2.3.1. The MBean Server
        2. 16.2.3.2. Connectors and Protocol Adapters
        3. 16.2.3.3. Agent Services
      4. 16.2.4. Distributed Services Level
    3. 16.3. JMX Remote API
    4. 16.4. An Anthology of MBeans
      1. 16.4.1. Standard MBeans
      2. 16.4.2. Dynamic MBeans
      3. 16.4.3. Model MBeans
      4. 16.4.4. Open MBeans
    5. 16.5. JMX Manageable Elements in Tomcat 6
      1. 16.5.1. Manageable Tomcat 6 Architectural Components
        1. 16.5.1.1. Service
        2. 16.5.1.2. Server
        3. 16.5.1.3. Engine
        4. 16.5.1.4. Connector
        5. 16.5.1.5. Host
      2. 16.5.2. Manageable Nested Components
        1. 16.5.2.1. Realm
        2. 16.5.2.2. Valve
        3. 16.5.2.3. Manager
      3. 16.5.3. Manageable Runtime Data Objects
        1. 16.5.3.1. UserDatabase
        2. 16.5.3.2. User
        3. 16.5.3.3. Role
      4. 16.5.4. Manageable Resource Object
        1. 16.5.4.1. NamingResources
        2. 16.5.4.2. Environment
        3. 16.5.4.3. Resource
        4. 16.5.4.4. ResourceLink
        5. 16.5.4.5. Exposed Application-Related Objects
        6. 16.5.4.6. WebModule
        7. 16.5.4.7. Servlet
        8. 16.5.4.8. Exposed Internal Tomcat Objects
        9. 16.5.4.9. RequestProcessor
        10. 16.5.4.10. Cache
        11. 16.5.4.11. ThreadPool
    6. 16.6. Accessing Tomcat 6's JMX Support via the Manager Proxy
      1. 16.6.1. Working with the JMX Proxy
      2. 16.6.2. Modifying MBean Attributes
      3. 16.6.3. Using jconsole GUI to Monitor Tomcat
        1. 16.6.3.1. Connecting to the Local Running Tomcat Instance
        2. 16.6.3.2. Locating the Tomcat 6 Exposed MBeans
        3. 16.6.3.3. Changing Component Attribute Values via jconsole
      4. 16.6.4. Configuring Tomcat for Remote Monitoring
        1. 16.6.4.1. Securing the Remote Management Connection with SSL and User Authentication
    7. 16.7. Summary
  21. 17. Clustering
    1. 17.1. Clustering Benefits
      1. 17.1.1. Scalability and Clustering
      2. 17.1.2. The Need for High Availability
    2. 17.2. Clustering Basics
      1. 17.2.1. Master-Backup Topological Pattern
      2. 17.2.2. Fail-Over Behavioral Pattern
    3. 17.3. Tomcat 6 Clustering Model
      1. 17.3.1. Load Balancing
        1. 17.3.1.1. mod_proxy/mod_jk Load Balancing and Sticky Sessions
        2. 17.3.1.2. Understanding Sticky Sessions
      2. 17.3.2. Session Sharing
        1. 17.3.2.1. Sticky Sessions with No Clustered Session Sharing
        2. 17.3.2.2. Sticky Sessions with a Persistence Manager and a Shared File Store
        3. 17.3.2.3. Sticky Sessions with a Persistent Session Manager and a JDBC-Based Store
        4. 17.3.2.4. In-Memory Session Replication
    4. 17.4. Working with Tomcat 6 Clustering
      1. 17.4.1. Session Management in Tomcat 6
      2. 17.4.2. The Role of Cookies and Modern Browsers
      3. 17.4.3. Configuring a Tomcat 6 Cluster
        1. 17.4.3.1. Setting Up Multiple Tomcat Instances on One Machine
        2. 17.4.3.2. Shutting Down the Tomcat Cluster
        3. 17.4.3.3. Configuring Minimal Web Applications
        4. 17.4.3.4. Disabling the HTTP Connectors
        5. 17.4.3.5. Configuring AJP TCP Ports for Clustered Tomcat Instances
        6. 17.4.3.6. Setting Up jvmRoute for Each Tomcat Instance to Support mod_jk
        7. 17.4.3.7. Setting the <distributable> Attribute for Web Applications
        8. 17.4.3.8. Configuration Consistency
      4. 17.4.4. Common Front End: Load Balancing via Apache mod_jk
        1. 17.4.4.1. Apache Server Configuration
        2. 17.4.4.2. mod_jk Configuration
        3. 17.4.4.3. Map Path to Load Balance Working Using JkMount
      5. 17.4.5. Preparation for Using Different Session-Sharing Backends
      6. 17.4.6. Backend 1: In-Memory Replication Configuration
        1. 17.4.6.1. Operation of the Tomcat 6 SimpleTcpCluster
        2. 17.4.6.2. Cluster Session Manager Configuration with the <Cluster> Element
          1. 17.4.6.2.1. Binding to a Specific Adapter on Multi-Homed Machines
          2. 17.4.6.2.2. Configuring the <Cluster> Element
          3. 17.4.6.2.3. Configuring DeltaManager or BackupManager
          4. 17.4.6.2.4. Configuring Apache Tribes Communications Framework
          5. 17.4.6.2.5. Configuring the <Membership> Subelement
          6. 17.4.6.2.6. Configuring <Receiver> and <Sender> Subelements
          7. 17.4.6.2.7. Configuring <Interceptor> Subelements
        3. 17.4.6.3. A Replication <Valve> Element
        4. 17.4.6.4. The JvmRouteBinderValve
        5. 17.4.6.5. The Farm Deployer
        6. 17.4.6.6. The Cluster Listeners
        7. 17.4.6.7. Setting Up the Test JSP for Tomcat Session Replication
        8. 17.4.6.8. Testing Tomcat 6's In-Memory Session Replication Cluster
        9. 17.4.6.9. Observing HA Fail-Over
        10. 17.4.6.10. Observing Load Balancing for Requests
      7. 17.4.7. Backend 2: Persistent Session Manager with a Shared File Store
        1. 17.4.7.1. Configuring the <Manager> Element
        2. 17.4.7.2. The <Store> Nested Element
        3. 17.4.7.3. Testing a Shared File System–Based Persistent Session Cluster
        4. 17.4.7.4. Observing an Orderly Fail-Over
        5. 17.4.7.5. Observing a Sudden Fail-Over
      8. 17.4.8. Backend 3: Persistent Session Manager with a JDBC Store
      9. 17.4.9. Testing a Tomcat Cluster with JDBC Persistent Session Manager Backend
    5. 17.5. The Complexity of Clustering
      1. 17.5.1. Clustering and Performance
      2. 17.5.2. Clustering and Response Time
      3. 17.5.3. Solving Performance Problems with Clustering
    6. 17.6. Summary
  22. 18. Embedded Tomcat
    1. 18.1. Importance of Embedded Tomcat in Modern System Design
      1. 18.1.1. Typical Embedded Application Scenarios
      2. 18.1.2. Developing with Embedded Tomcat
        1. 18.1.2.1. Programmatically Embedding Tomcat
        2. 18.1.2.2. Running the MyWebServer Example
    2. 18.2. Summary
  23. 19. Logging
    1. 19.1. Changes from Tomcat 5
    2. 19.2. log4j
      1. 19.2.1. log4j Architecture
        1. 19.2.1.1. Logger
        2. 19.2.1.2. Appender
        3. 19.2.1.3. Level
        4. 19.2.1.4. Filter
        5. 19.2.1.5. Layout
      2. 19.2.2. log4j Installation and Configuration
        1. 19.2.2.1. log4j Configuration
        2. 19.2.2.2. Using a Simple Properties File
        3. 19.2.2.3. Using log4j Programmatically
        4. 19.2.2.4. Using an XML Configuration File
      3. 19.2.3. A Tutorial Introduction to log4j
      4. 19.2.4. More log4j Recipes
        1. 19.2.4.1. Logging from a Web Application
        2. 19.2.4.2. Logging to the Console
        3. 19.2.4.3. Logging to a File
        4. 19.2.4.4. Logging to Multiple Destinations
        5. 19.2.4.5. Rolling Log Files by Size
        6. 19.2.4.6. Rolling Log File by Date
        7. 19.2.4.7. Separating Log Messages by Level
        8. 19.2.4.8. Enabling Logging for Specific Packages or Classes in the Application
        9. 19.2.4.9. Custom Formatting of Log Messages
        10. 19.2.4.10. Logging Messages as HTML
        11. 19.2.4.11. E-mail Log Messages
        12. 19.2.4.12. Logging to the NT Event Log
        13. 19.2.4.13. Adding Additional Context Information Using Nested Diagnostic Context
        14. 19.2.4.14. View or Query Log Files
      5. 19.2.5. log4j Performance Tips
    3. 19.3. JULI
      1. 19.3.1. Java Logging Architecture
        1. 19.3.1.1. Logger
        2. 19.3.1.2. Handler
        3. 19.3.1.3. Level
        4. 19.3.1.4. Filter
        5. 19.3.1.5. Formatter
      2. 19.3.2. A Tutorial Introduction to JULI
    4. 19.4. Log Files Analysis
    5. 19.5. Summary
  24. 20. Performance Testing
    1. 20.1. Performance Concepts
      1. 20.1.1. What to Measure
      2. 20.1.2. Scalability and Performance
      3. 20.1.3. Understanding the User's Perspective
      4. 20.1.4. Measuring Performance
    2. 20.2. JMeter
      1. 20.2.1. Installing and Running JMeter
      2. 20.2.2. Making and Understanding Test Plans with JMeter
      3. 20.2.3. JMeter Features
        1. 20.2.3.1. Timer
        2. 20.2.3.2. Listener
          1. 20.2.3.2.1. Visualization Listeners
          2. 20.2.3.2.2. Data Listeners
          3. 20.2.3.2.3. Assertion Results
        3. 20.2.3.3. Logic Controller
          1. 20.2.3.3.1. Interleave Controller
          2. 20.2.3.3.2. Switch Controller
          3. 20.2.3.3.3. Simple Controller
          4. 20.2.3.3.4. Loop Controller
          5. 20.2.3.3.5. If Controller
          6. 20.2.3.3.6. While Controller
          7. 20.2.3.3.7. Module Controller
          8. 20.2.3.3.8. Once Only Controller
          9. 20.2.3.3.9. Random Controller
          10. 20.2.3.3.10. Throughput Controller
          11. 20.2.3.3.11. Recording Controller
        4. 20.2.3.4. Sampler
        5. 20.2.3.5. Config Elements
          1. 20.2.3.5.1. HTTP Header Manager
          2. 20.2.3.5.2. HTTP Authorization Manager
          3. 20.2.3.5.3. HTTP Cookie Manager
          4. 20.2.3.5.4. HTTP Request Defaults
        6. 20.2.3.6. Assertions
        7. 20.2.3.7. HTTP Proxy Server
      4. 20.2.4. Distributed Load Testing
      5. 20.2.5. Interpreting Test Results
        1. 20.2.5.1. Setting Goals and Testing Them
        2. 20.2.5.2. Establishing Scalability Limitations
        3. 20.2.5.3. Further Analysis
    3. 20.3. Alternatives to JMeter
    4. 20.4. What to Do After Performance Testing
    5. 20.5. Summary
  25. 21. Performance Tuning
    1. 21.1. Performance Tuning Best Practices
      1. 21.1.1. Step 1: Set Up a Test Bed
      2. 21.1.2. Step 2: Test Performance and Identify the Baseline
      3. 21.1.3. Step 3: Diagnose Performance Bottlenecks
    2. 21.2. Diagnosing Tomcat Performance Issues
    3. 21.3. Tomcat Performance Tuning Tips
      1. 21.3.1. Tuning the JVM Parameters
        1. 21.3.1.1. Considering the Server VM
        2. 21.3.1.2. Optimizing Memory Allocation
        3. 21.3.1.3. Choosing a Different Vendor's JVM
      2. 21.3.2. Precompiling JSPs
      3. 21.3.3. Tuning Tomcat Configuration
        1. 21.3.3.1. Adjusting Connector Settings
        2. 21.3.3.2. The New High-Performance Connectors
          1. 21.3.3.2.1. APR Connectors
          2. 21.3.3.2.2. Tuning APR Connectors
          3. 21.3.3.2.3. NIO Connectors
          4. 21.3.3.2.4. Tuning NIO Connectors
        3. 21.3.3.3. Adjusting JSP Settings
          1. 21.3.3.3.1. Turning Off JSP Reload and JSP Development Mode
          2. 21.3.3.3.2. Turning On Custom Tags Pooling
          3. 21.3.3.3.3. Tuning JSP Tag Body Pooling
        4. 21.3.3.4. Turning Off Web Application Auto-Deploy and Reloading
      4. 21.3.4. Using Web Servers for Static Content, When Appropriate
    4. 21.4. Summary
  26. A. Tomcat and IDEs
    1. A.1. Eclipse
      1. A.1.1. Debugging a Remote Web Application in Eclipse
      2. A.1.2. Deploying and Debugging Local Web Applications Using the Sysdeo Tomcat Plugin
      3. A.1.3. Deploying and Debugging Web Applications Using the Web Tools Platform
      4. A.1.4. Managing Web Application Deployment Using Apache Ant and Eclipse
    2. A.2. NetBeans
      1. A.2.1. Debugging a Remote Web Application in NetBeans
      2. A.2.2. Debugging a Web Application Inside NetBeans
    3. A.3. Summary
  27. B. Apache Ant
    1. B.1. Installing Ant
    2. B.2. Introduction to Ant
      1. B.2.1. More Command-Line Options
    3. B.3. Ant Recipes
      1. B.3.1. Building Web Applications with Ant
      2. B.3.2. Compiling JSPs
      3. B.3.3. Reusable Ant Scripts Using Property Files and Command-Line Parameters
        1. B.3.3.1. Reusable Scripts for Different Operating Systems (Linux/Unix, Windows)
        2. B.3.3.2. Reusable Scripts for Different Environments: Development, QA, Staging, and Production Systems
      4. B.3.4. Build Logs
      5. B.3.5. Build Notifications via E-mail
      6. B.3.6. Ant and Source Control Systems
      7. B.3.7. Automated Testing
    4. B.4. Continuous Integration
    5. B.5. Ant Task Reference
    6. B.6. Summary