apache tomcat 8 preview
DESCRIPTION
Speakers: Daniel Mikusa and Stuart Williams Apache Tomcat 8 will implement new versions of the Servlet, JSP and EL specifications as well as adding support for the new WebSocket specification. Work is also planned for internal refactoring in a number of areas that will impact a number of Tomcat specific features. This presentation will provide an overview of the changes and new features introduced by both the updated specifications and the Tomcat specific changes. With the first stable Tomcat 8 release expected towards the middle of 2013 (once the Java EE 7 specifications are finalised) this session will enable attendees to identify the Tomcat 8 features of greatest interest to them and provide them with the information required to start planning their migration to Tomcat 8.TRANSCRIPT
© 2013 SpringOne 2GX. All rights reserved. Do not distribute without permission.
Apache Tomcat 8 Preview
By Daniel Mikusa & Stuart Williams
Agenda
● Introductions● Java EE 7● Tomcat specific changes● Timescales● Questions
Introductions
Introductions● Daniel Mikusa● Active on [email protected]● Contributing Author on TomcatExpert.com● Senior Technical Support Engineer at
Pivotal○ Tomcat / tc Server○ Spring Framework○ CloudFoundry
● Stuart Williams● Active on [email protected]● A committer on open source projects at
Apache, Eclipse and elsewhere● Consulting Architect at Pivotal
Java EE 7
Java EE 7● Tomcat 8
○ Servlet 3.1 ○ JSP 2.3 ○ Expression Language 3.0○ Web Sockets 1.0○ Little / no demand for other Java EE 7 components in Tomcat
■ Java Authentication SPI for Containers (JASPIC JSR 196)
● Web Container - Apache TomEE
● J2EE Container - Apache Geronimo
Servlet 3.1● Final: May 28th 2013● New Features
○ Non-blocking IO○ HTTP Upgrade○ Change session id on authentication
● Improvements○ Protection for uncovered HTTP methods in security constraints○ Clarified some ambiguities○ Fixed some typos
Change Session Id● To change the session id:
○ HttpServletRequest.changeSessionId()● To listen for session id changes with HttpSessionIdListener● Register HttpSessionIdListener with:
○ ServletContext.addListener(..)○ @WebListener
public class CustomHttpSessionIdListener implements HttpSessionIdListener { public void sessionIdChanged(HttpSessionEvent event, String oldSessionId) { …. }}
Uncovered HTTP Methods● When defining security constraints, it’s possible to list specific HTTP methods
covered by the security constraint○ <http-method>○ <http-method-omission>
● A method is “uncovered” when…○ One or more methods are listed with <http-method>, any method not
listed is “uncovered”○ One or more methods are listed with <http-method-omission>, every
method list is “uncovered”● If no methods are specifically listed then all methods are protected
Uncovered HTTP Methods: Ex 1
<security-constraint><web-resource-collection>
<web-resource-name>wholesale</web-resource-name> <url-pattern>/acme/wholesale/*</url-pattern> <http-method>GET</http-method>
</web-resource-collection><auth-constraint>
<role-name>SALESCLERK</role-name></auth-constraint>
</security-constraint>
Only GET is covered
Uncovered HTTP Methods: Ex 2
@ServletSecurity((httpMethodConstraints = { @HttpMethodConstraint(value = "GET", rolesAllowed = "R1"), @HttpMethodConstraint(value = "POST", rolesAllowed = "R1", transportGuarantee = TransportGuarantee.CONFIDENTIAL)})public class Example5 extends HttpServlet { ….}
Only GET & POST are covered
Servlet 3.1 Demos
JSP 2.3● Final: June 12th 2013● There is no JSP Expert Group● JSP 2.3 is a maintenance release● Changes
○ Requires Servlet 3.1, EL 3.0 & Java 7○ JSP must render identical response for GET, POST & HEAD; all other
methods are undefined
EL 3.0● Final: Final May 22nd 2013● Significant Changes● New Features
○ Access to static fields, methods & constructors○ Assignment operator○ Semi-colon operator (chain multiple commands)○ String concatenation operator○ New Collections API, including dynamic construction of collections & the
stream method and the collection pipeline○ Lambda Expressions
● Incompatibilities○ Default coercion for nulls to non-primitive types, except Strings, return
null. Ex: null -> Boolean returns null, but null -> boolean returns false.
EL 3.0 Demos
WebSocket 1.0● Final: May 22nd 2013● Tomcat 7 has supported WebSockets for a while (different API)● Tomcat 8 implements new API● Tomcat 7 has been upgraded to support new API (as of Tomcat 7.0.4x)● Both implement client & server APIs● Additional Features
○ Encoding / decoding (lots of debate here)○ Annotations
● Differences○ Tomcat 7’s implementation is blocking within a Frame○ WebSocket 1.0 is non-blocking although some writes do block
● Non-blocking○ Works with the BIO connector but obviously is not really non-blocking○ Fundamentally changes the API
Tomcat Specific Changes
Tomcat Specific Changes● Resources
○ Aliases○ VirtualDirContext / VirtualWebappLoader○ External repositories for the WebappClassLoader○ Servlet 3.0 resource JARS
● Tomcat 7 implements each of these slightly differently○ Very fragile○ Servlet 3.1 overlays would have been difficult
● New resources implementation○ Much cleaner implementation○ Overlays now simpler to implement (but have been dropped from Servlet
3.1)
Resources● Ordering
○ Pre Resources○ Main Resources (i.e. the docBase for a context)○ Jar Resources○ Post Resources
● Types○ DirResourceSet - a directory○ FileResourceSet - a single file○ JarResourceSet - a JAR file
● General recommendation is avoid using directly as this is Tomcat specific
Resources<?xml version='1.0' encoding='utf-8'?><Context>
<Resources> <PreResources className="org.apache.catalina.webresources.FileResourceSet" base="/app/files/special.txt" webAppMount="/static/special.txt" /> <PostResources className="org.apache.catalina.webresources.DirResourceSet" base="/app/files/static" webAppMount="/static" />
</Resources></Context>
Tomcat Specific Changes (cont.)● NIO connector is now the default● Additional diagnostic information in the Manager
○ SSL ciphers○ May be back-ported to Tomcat 7
● API changing clean-up○ Remove duplicated functionality○ Move Manager, Loader & Resources from Container to Context○ Move Mapper from Connector to Service
● Code clean-up○ Reduce warnings○ IDE, FindBugs, Javadocs, Checkstyle, etc...
Timescales
Timescales● Java EE 7 Final has shipped● Tomcat 8.0.0
○ 8.0.0.RC1 (alpha) is available○ Alpha has complete implementations of Servlet 3.1, JSP 2.3, EL 3.0 &
WebSocket 1.0○ Code is not ready for production usage, purpose is to gather community
feedback○ Additional internal refactoring will likely occur prior to a non-alpha release○ Based on past experience, 8.0.0 release will likely hit six to nine months
after initial alpha release (Feb - May 2014). Depends on community usage and feedback.
Questions
Learn More. Stay Connected.
● Demo Code: github.com/swilliams-vmw/s2gx-tomcat● Website: tomcat.apache.org● Download: tomcat.apache.org/download-80.cgi● Documentation: tomcat.apache.org/tomcat-8.0-doc/index.html● Migration Guide: tomcat.apache.org/migration.html● Mailing Lists: tomcat.apache.org/lists.html
● Find Session replays on YouTube: spring.io/video