Apache Tomcat and Java EE Administration US

From Training Material
Jump to navigation Jump to search

Nobleprog.svg


Apache Tomcat and Java EE Administration (US)


The Java Platform

JVM, JRE, JDK - what are these?

JVM - Java Virtual Machine

  • Runs Bytecode produced by the Java Compiler
  • Allows Java to run on multiple types of hardware (write once, run anywhere)
  • Interprets Bytecode into the instruction set of the hardware
  • Can use JIT (just in time) compilation
References:
Wikipedia Article on JVM
NobleProg Page on JVM
Wikipedia Article on JIT Compilation

JRE - Java Runtime Environment

  • Contains the Java Virtual Machine, code Libraries, and other components
  • Allows applications and applets written in Java to run
  • Can be either Standard or Enterprise
References:
Java Standard Libraries
Java Enterprise Libraries

JDK - Java Development Kit

  • An implementation of one of the Java SE, Java EE, or Java ME platforms
  • For a particular Hardware and Operating System such as Windows, Linux, Solaris, or Mac OS
  • Contains JRE (with JVM), and Tools to develop applications
  • Important tools it has include, compiler, debugger, JavaDoc generator, JAR archiver
  • Most development uses an IDE such as Eclipse or NetBeans that may access the tools in the JDK
References:
Wikipedia Article on the JDK
Diagram of JDK vs JRE etc.

Java SE versus EE

  • Java EE is built on top of SE components
  • The more important components in EE are designed to help build
  • Web Applications (Servlets, JSP, JSF, etc.)
  • Enterprise Applications (EJB, Database connectivity, Message Services)
  • There are numerous packages in EE

Installing a Java JDK or JRE

Hands on Exercise:
Using the following document install the Java JDK that corresponds to the type of Operating system that exists on your computer (Windows, Mac OS, Linux x64, etc.). The installation steps will be approximately the same for each operating system.
Installing the JDK

Java Applications on Tomcat

Installing an IDE (Eclipse)

In order to properly explore Java it is easiest to install an Integrated Development Environment (IDE) on your computer so that you can develop classes in the same way that a developer would develop classes. The following document shows how to install Eclipse on your computer. Eclipse is a free IDE used by many developers (Netbeans is another IDE commonly used).

Hands on Exercise:
Using the following instructions install Eclipse on your computer. Eclipse is an Integrated Development Environment commonly used by developers. Installation steps will be approximately the same for all operating systems. There is only one installation zip file for all operating systems.
Installing Eclipse


Java Classes

The concept of a class stems from the desire to have the ability in a programming language to:

  • Encapsulate functionality
  • Distribute tested code
  • Allow reuse of code, write and test complex functionality only once
  • Decrease the cost of software systems
  • Increase the understandability of the code

It was discovered that a good way of doing this was to create code blocks that:

  • Have internal state that is secured from external access
  • Allow access to some internal state through secure channels (now called getter and setter methods)
  • Have code that can be called that perform functionality, sometimes very complex functionality
  • Have tested complexity that can be reused
  • Contain many of the complex concepts and structures of a software system

The result of the above concerns, at this point, is implemented in programming languages through the concepts of classes and objects.

Classes are templates by which objects can be created in a program.

Objects are elements of a program that can have

  • State (characteristics stored in fields)
  • Behavior (Things that it can do which are called methods in Java programming)

Note that most examples of classes for a beginner are very simplistic compared with classes in a real web program. For example a dog has characteristics such as color, height, and disposition. It has behaviors such as bark, drool, run, walk, etc.

On the other hand a web class might have characteristics such as

  • the IP address of the user
  • database connection strings
  • hashmaps or lists of information
  • the request from the user
  • the response to the user
  • other complex characteristics

It might have behaviors of:

  • finding user cookies
  • storing and retrieving data from a database
  • connecting to Enterprise Beans on another server
  • retrieving data
  • encrypting data
  • creating and using XML
  • using a message queue
  • other complex behaviors

A web class may use or invoke methods of many other classes.

Often the classes used by a class are classes from libraries (often contained in JAR files) created by other teams.

Often they are either a part of the Standard or Enterprise libraries of Java or they can be libraries from open source or commercial organizations.

Hands on Exercise:
We will use the Eclipse IDE to create a Java Project and a few standard classes so that we can explore the class and object concept. Note that this is not a Web Project and therefore will have only standard Java classes.
Create a Standard Java Project with Eclipse
Sample Classes for a standard Java program
References:
WikiBooks - Java Programming on Classes
Oracle Tutorial on Classes

Java JAR Files

JAR files are archives of Java components. The JAR Files are actual zip archives with the jar extension rather than the zip extension. Generally, libraries of components come in JAR files. However JAR files can also be made executable by including in them a class with a main method. This class is specified in a manifest so that it can be found when the jar file is executed.

Hands On Exercise
A JAR file can be easily create in the Eclipse IDE. Using the following document create a JAR file from the project created in the prior Hands on Exercise.
Create a JAR file using Eclipse
An executable JAR file can be run by opening a Command Prompt, switching to the folder containing the JAR file, and using the command "java -jar nameOfJarFile.jar"
The java command looks up the name of the class with the main method in the MANIFEST.MF file and then executes that class. Using a zip file application such as 7Zip you can explore the contents of a JAR file.
References:
JAR file format

Servlets

  • Tomcat has a Servlet Container. The Servlet Container:
    • Gets HTTP requests from clicks on web pages (usually)
    • Keeps state for the user through cookie JSESSIONID, web pages are stateless
    • Delegates the request to a servlet.
    • Returns a response to the requester.
  • A servlet:
    • Is a component of a Java Web Application (usually)
    • Is a Java class that extends HttpServlet (usually)
    • Is configured to handle requests for a specific web page
    • Gets requests from the Servlet Container
    • Give responses back to the Servlet Container
Hands on Exercise
Install Tomcat on Windows
Create an Eclipse Web Project
Create a Servlet and WAR file in Eclipse
References
Servlets Tutorial
Tomcat Servlet Examples Explained
HTTP Methods Get vs Post
Using WebServlet Annotation in Tomcat

JSPs

JavaServer Pages (JSPs) are another component of a Web Application.

JavaServer Pages:

    • Mix HTML with Java Code by using scriplets <% some code %>
    • Allow dynamic content such as database content
    • Are translated in Java code
      • Static code is translated as prints to the output
      • Dynamic code is translated as Java code
    • The code is compiled into Servlets
    • When a reference is made to a JSP the servlet is run

An example of a JavaServer Page is given below.

<?xml version="1.0" encoding="ISO-8859-1" ?>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Insert title here</title>
</head>
<body>
  This is the testing page.
  <% int a, b;
     a = 5;
     b = a + 6;
  %>
  <br/>
  The integer was <%=b%>
</body>
</html>

JavaBeans

  • A JavaBean is a class that:
  • Has all properties that are private
  • Has getters and setters for its properties (access to properties is through getters and setters)
  • Implements the Serializable interface
  • A serializable object can be decomposed into a stream of Bytes.
  • Generally this means that a serializable object is composed of primitive types and of objects that are themselves serializable
  • eventually a serializable object and its sub-objects are made of primitives
  • for example an object that contains an object that has a database call that populates some of its properties cannot be serialize because of the database call. Therefore it cannot be a JavaBean

JNDI and DataSources

The Java Naming and Directory Interface (JNDI)

  • Is an API that provides naming and directory services to Java programs
  • Tomcat provides JNDI services for use by the developer
  • Context.xml and web.xml are used to configure JNDI resources for use in Tomcat
Hands on Exercise
Install MySQL
Create a Tomcat JNDI DataSource for MySQL
Create a Tomcat Servlet that uses the JNDI DataSource


References
CodeJava Example of JNDI Datasource in Tomcat
JournalDev Example of Tomcat Datasource JNDI
Tomcat JNDI Resource How-To
Tomcat JNDI Datasource How-To
Oracle JNDI Trail

Apache Tomcat 7

Tomcat is basically a Servlet container with additional Components. Tomcat allows:

  • HTML
  • Servlets
  • JavaServer Pages
  • JNDI with database connectivity
  • JavaServer Faces
  • The use of WAR files

Tomcat Directory Structure

bin - contains scripts that can start and stop the server and related files. Scripts for Unix and Windows are present.
conf - contains the configuration scripts such as server.xml, web.xml, and context.xml
catalina.policy - specifies security policy
catalina.properties and logging.properties - property files for logging and catalina
server.xml - tomcat main configuration file
web.xml - global web application deployment descriptors
context.xml - global tomcat specific configuration options
tomcat_user.xml - user, password, and role for authentication and access control
lib - contains jar files available to all web application, generally jar files for specific web application go into lib folders within the application folder
logs - the default location for log files, contains the engine, host,
temp - the temp directory used by catalina.bat which is called by startup.bat, can also be used by other system components
webapps - the location for the web applications that will run on the server
work - contains the translated servlet source files and classes of JSP/JSF. Organized by engine name (Catalina), host name (i.e. localhost), web application name, followed by the Java classes package structure.

Older Servers Tomcat 5.5 Directories

common, server, and shared - contain jar files available to the common, catalina, and shared class loaders (replaced in Tomcat 6 and above by the lib directory).

References

Tomcat 7 Class Loaders
Tomcat 5.5 Class Loaders
Wikipedia Class Loader Discussion

Tomcat Configuration

Server.xml

Taking the server.xml in the Tomcat installation as an example

  • Server Element
<Server port="8005" shutdown="SHUTDOWN">
  • The Server element is the topmost element of server.xml
  • port - gives the port that the shutdown (bat or sh) script will address to shutdown the server
  • shutdown - gives the text of the command that must be sent to the port to initiate shutdown
  • additional parameters include:
  • address - the TCP/IP address to send the shutdown command to, default is localhost (the command comes from the same server that Tomcat is running on)
  • class - an organization could write their own class that implements the org.apache.catalina.Server interface, not usually done. The default is org.apache.catalina.core.StandardServer.
  • Service Element
<Server port="8005" shutdown="SHUTDOWN">
<Service name="Catalina">
  • A service is an element of a server
  • A server can have several services
  • A service has one or more connector definitions along with a single engine definition
  • name - the display name of this element, used for example in log entries
  • additional parameters include:
  • class - an organization could write their own class for the service element. It would implement the org.apache.catalina.service interface. The default service is org.apache.catalina.core.StandardService.
  • Connector Element
<Server port="8005" shutdown="SHUTDOWN">
<Service name="Catalina">
<Connector port="8080" redirectPort="8443" connectionTimeout="20000" protocol="HTTP/1.1"/>
  • port - gives the port that the connector will listen on for new requests from browsers
  • redirectPort - When an SSL connection is required by a <security-constraint> in the web.xml file the request is redirected to this port
  • connectionTimeout - the number of milliseconds the connector will wait after accepting the connection for the browser to send the request
  • protocol - specifies whether a BIO (Blocking I/O), NIO (Non-Blocking I/O) or APR (Apache Portable Runtime) protocol will be used for connections to the server through the connectory. APR is the default
  • additional parameters are numerous, see references for Tomcat Documentation Index below. Several of these parameters are useful in performance tuning.
  • Engine element
<Server port="8005" shutdown="SHUTDOWN">
<Service name="Catalina">
<Connector port="8080" redirectPort="8443" connectionTimeout="20000" protocol="HTTP/1.1"/>
<Engine name="Catalina" defaultHost="localhost">
  • the engine represents and contains the request processing components for the service
  • It receives and processes all requests from the connectors for the service
  • A service can have only one engine
  • name - the logical name of the engine, used in log and error messages, must be unique within the server
  • defaultHost - identifies the host that will process requests directed by domain name and port address to this server.
  • This host is the default if a Host is not listed within the Engine element that matches the domain.
  • There must be a Host element with this name listed in the Engine element
  • additional parameters are numerous, see references for Tomcat Documentation Index below.
  • Host element
<Server port="8005" shutdown="SHUTDOWN">
<Service name="Catalina">
<Connector port="8080" redirectPort="8443" connectionTimeout="20000" protocol="HTTP/1.1"/>
<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" autoDeploy="true" unpackWARs="true" appBase="webapps">
  • name - the network name of this host, usually registered with Domain Name Service server
  • autoDeploy - if true when a change is made to a WAR file, a context.xml file, or a web application directory then Tomcat will pick it up and deploy the change.
  • unpackWARs - when true WARs will be unpacked in a directory. When false the web application is run out of the WAR which is slower.
  • appBase - the application base directory for this virtual host. Usually and by default this is set to webapps
  • additional parameters are numerous, see references for Tomcat Documentation Index below.
  • Context element
  • There are several methods for defining contexts that are used in the following order when Tomcat starts.
  • Web applications can be defined by placing a context.xml (i.e. webApplicationName.xml) file in the config directory
  • Web applications with a WAR in the appBase of the host
  • Web applications with a directory within the appBase of the Host
  • It is not recommended to put a Context element within server.xml, but it can be done
  • Listener element
<Server port="8005" shutdown="SHUTDOWN">
<Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>
<Listener className="org.apache.catalina.core.JasperListener"/>
  • A Listener element defines a component that performs actions when specific events occur, usually Tomcat starting or Tomcat stopping
  • Some Listeners are only intended to be nested inside specific elements.
  • Standard Listeners that can be in the Server element
  • The APR Lifecycle Listener checks for the presence of the APR/native library and loads the library if it is present.
  • The Jasper Listener initializes the Jasper 2 JSP engine before any web applications that may use it are loaded.
  • The Global Resources Lifecycle Listener - initializes resources
  • The JRE Memory Leak Prevention Listener - see documentation at Tomcat website
  • ThreadLocal Leak Prevention Listener - see documentation at Tomcat website
  • GlobalNamingResources element
  • used to define JNDI resources that are global
  • Realm element
  • Tomcat's mechanism for protecting web application resources.
  • Generally are within the Context element but can be in the engine or host element
  • It is not recommended to put the Context elements within the server.xml file
  • Valve element
  • Named Classes that act as Preprocessors for Requests
  • Most commonly used valve is:
  • AccessLogValve - see the valve in the default server.xml to write the localhost access log
  • There are other valves in Tomcat
  • Access Control - stop a remote address or a remote host from accessing a web application
  • Authorization - some valves are automatically added to the context of a web application
  • when a security constraint adds Basic, form ... authentication
  • requestFilterValve
  • Remote address valve and Remote Host Valve are sub-classes of this
  • SingleSignOnValve
  • The Single Sign On facility operates according to the following rules:
  • All web applications configured for this virtual host must share the same Realm. In practice, that means you can nest the Realm element inside this Host element (or the surrounding Engine element), but not inside a Context element for one of the involved web applications.
  • As long as the user accesses only unprotected resources in any of the web applications on this virtual host, they will not be challenged to authenticate themselves.
  • As soon as the user accesses a protected resource in any web application associated with this virtual host, the user will be challenged to authenticate himself or herself, using the login method defined for the web application currently being accessed.
  • Once authenticated, the roles associated with this user will be utilized for access control decisions across all of the associated web applications, without challenging the user to authenticate themselves to each application individually.
  • As soon as the user logs out of one web application (for example, by invalidating the corresponding session if form based login is used), the user's sessions in all web applications will be invalidated. Any subsequent attempt to access a protected resource in any application will require the user to authenticate himself or herself again.
  • The Single Sign On feature utilizes HTTP cookies to transmit a token that associates each request with the saved user identity, so it can only be utilized in client environments that support cookies.
  • RequestDumperValve
  • Has been replaced by the RequestDumperFilter in Tomcat 7
  • SeeRequest Dump Filter
  • Logs information from the Request and Response
  • Used for debugging

web.xml

  • Contains configurations for local server independent resources such servlets, or DataSources
  • The most commonly used elements are:
  • description
  • display-name
  • error-page
  • filter
  • filter-mapping
  • login-config
  • resource-env-ref
  • resource-ref
  • security-constraint
  • security-role
  • servlet
  • servlet-mapping
  • taglib
  • welcome-file-list

context.xml

  • Contains configurations for local server dependent resources such as Realms or DataSources
  • Can also contain configurations that span web applications if placed in $CATALINA_BASE/conf
  • Can be placed at the following locations
  • CATALINA_BASE/conf/context.xml defines global resources such as JNDI DataSources used across applications
  • web application/META-INF/context.xml defines local resources such as local JNDI DataSources or Realms
  • $CATALINA_BASE/conf/[enginename]/[hostname]/ and renamed to application's base file name plus a ".xml" extension.
  • Defines the Context element of the web application
  • server.xml can also contain the Context element but this is discouraged
  • Requires restarting Tomcat for a change to a Context for a single web application
  • Tomcat will generally have more than one web application on it

References

Tomcat Documentation Index
Advanced Tutorial on Tomcat 7
Tomcat Contexts
web.xml Elements

Memory Management and JMX Monitoring

Java Garbage Collection

  • Java uses a heap to allocate memory for objects
  • Java keeps track of live objects, those with a reference
  • In Java the code does not return memory when objects are through being used
  • there is no free() method as in C to deallocate memory
  • references to objects are removed instead
  • for example the local variables in a method when the method returns
  • the garbage collector keeps track of object references
  • when an object is no longer referenced it is garbage collected
  • therefore memory leaks in Java occur when objects stay referenced when no longer used

The Oracle Hotspot JVM Garbage Collection

  • Heap is made up of 3 spaces
  • Eden Space - pool from which memory is initially allocated for most objects
  • Survivor Space - pool that contains objects that survive the Garbage Collection of Eden Space
  • Tenured Generation - pool containing objects that have been in survivor space for some time
  • there is also Permanent Generation - pool containing all refective data of the virtual machine
generations.gif
Figure 1 Garbage Collection Spaces Image by Oracle
  • When a space runs out of memory the Garbage Collector is started on that space.
  • The Garbage Collector will take less time because of the splitting of the spaces.

Performance Issues with Garbage Collection

  • As the number of live objects increases the Garbage Collector does more work


Performance Issues with memory leaks

  • Monitor the number of objects in the Server - is the number expanding over time
  • May indicate a memory leak
  • determine which object is increasing - this can point to the problem

References

How Garbage Collection Works
Oracle Java Hotspot JVM Garbage Collection
Oracle Hotspot JVM Garbage Collection Tuning

JAVA_OPTS, JMX, and Jconsole

  • It is recommended that Tomcat have a setenv.bat file in its conf directory.
  • This is used to set options for the JVM
  • for example
  • set "JAVA_OPTS=%JAVA_OPTS% -Xms128m -Xmx1024m -XX:MaxPermSize=256m -server" - set the heap to 128m and heap max size to 1024m
  • Note that in Java 8 the MaxPermSize option has been removed

Java Management Extensions (JMX)

  • A standard part of the Standard Edition Java Platform
  • Can be used to monitor and manage resources
  • can monitor and manage the Java Virtual Machine (JVM)
  • MBeans - Managed Beans
  • Java Beans with addition components which allow them to be managed via JMX
  • Registered with an MBEAN server
  • JMX agent - consists of an MBena server, registered MBeans, set of services for handling MBeans
  • JMX connectors - allow access to JMS agents from remote applications

JConsole

JConsole

  • a management tool that uses JMX managed beans (mbeans)
  • Can be used on the local system or to a remote system
  • allows the user to view a Tomcat installation's performance
  • User can view an overview, memory usage, thread usage, loaded classes, VM summary, and MBeans
  • User can change values on some MBean attributes, when their values are in Blue
  • User can start some MBean operations/methods, such as the Garbage Collection, by clicking buttons
References
Oracle Using JConsole
Tomcat with JConsole through Firewall Article
JConsole with Authenication
Hands on Exercise
Start and Explore JConsole

JAVA_OPTS

Exercise, lookup Java Heap size etc. and change for Tomcat.

JVM Memory Opts

Java memory settings

Oracle recommendations for Tomcat

Heap Size

JMeter

  • JMeter Testing in General
  • can be used to simulate a heavy load (stress testing)
  • can be used to analyze overall performance under various load types
  • can be used to test your server behavior under heavy concurrent load
  • JMeter allows the user to build tests using:
  • Thread Groups
  • Controllers
  • Samplers (a partial list)
  • FTP Request
  • HTTP Request
  • JDBC Request
  • Java object request
  • LDAP Request
  • SOAP/XML-RPC Request
  • WebService (SOAP) Request
  • Logical Controllers (a partial list)
  • if controller
  • interleave controller
  • loop controller


JMeter Testing Code


<?xml version="1.0" encoding="ISO-8859-1" ?>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
    <%@ page import="java.util.LinkedList" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>JMeter Testing</title>
</head>
<body>

A JSP that can be used to test JMeter.</br>
Building a long list of Strings for the fun of it</br>
<% 
   LinkedList<String> stringList = new LinkedList<String>();
   int size = 5;
   String theString = "";
   
   // build a large string in theString variable
   for (int j=0; j < 20; j++) {
       theString = theString + "abcd";
   }
   
   for(int i=0; i < size; i++) {
      stringList.add(theString);
			
   }
   String aString = stringList.get(2);
%>

The third string in the list was <%=aString%></br>
Leaving now, bye

</body>
</html>
References
Apache JMeter website
JMeter Documentation
Hands on Exercise
Install and Test Using JMeter, Tomcat, and JConsole
Additionally determine how to run JMeter on a remote system and explain

Java VisualVM

VisualVM is an executable distributed with the Java JDK

  • the executable is jvisualvm.exe
  • it has a visual interface that can be used to display information about a running java application
  • Used for Troubleshooting
  • it federates information from
  • JConsole
  • jstat
  • jinfo
  • jstack
  • jmap
References
Oracle Java VisualVM Guide
Hands on Exercise
Start up jvisualvm.exe using a command prompt and explore it. Start up Tomcat and JMeter and view data in VisualVM while JMeter is hitting Tomcat and creating new threads.

PSI Probe

  • PSI Probe is a browser based server monitoring tool.
  • It monitors
  • traffic per web application
  • DataSources
  • Threads
  • Cluster Data (when enabled in a cluster)
  • System Information
  • Connectors (server.xml connectors)
  • It can deploy web applications to the server


Hands on Exercise

Get PSI Probe running on the computer by following the install instructions given in the References. Explore PSI Probe's functionality

References
PSI Probe Homepage
Install PSI Probe on Tomcat

Logging and Troubleshooting

JULI (Java Util Logging Interface) Logging

JULI

  • JULI is built on top of java.util.logging
  • Corrects java.util.logging so that per Web Application logging can occur
  • JULI is enabled by default
  • supports per class loader configuration
  • Tomcat builds a class loader per Web Application
  • Logging can be configured
  • Globally - usually done in the $CATALINA_BASE/conf/logging.properties file
  • In the Web Application - in the WEB-INF/classes/logging.properties file
  • tomcat-juli.jar is located in the CATALINA_BASE/bin directory rather than the lib directory

java.util.logging

  • Hierarchy of loggers
  • parent and child loggers are named similarly to packages
  • Loggers named logger1, and logger1.logger2 created gives hierarchy of
  • Logger named "" this is the root Logger and parent of logger1
  • Logger named "logger1" this is the parent of logger2
  • Logger named "logger2"
  • Each Logger can have a level Filter
  • Each Logger can have a Handler i.e. ConsoleHandler, etc.
  • Build-in Handlers
  • ConsoleHandler - logs messages to System.err
  • FileHandler - writes messages to a file
  • StreamHandler - generally used in the code uses an output stream
  • SocketHandler - generally used in the code uses a socket
  • MemoryHandler - generally used in the code uses a memory buffer
  • Handlers can use Formatters
  • Log Levels
  • SEVERE (Level.SEVERE)
  • WARNING
  • INFO
  • CONFIG
  • FINE
  • FINER
  • FINEST
  • If Loggers level not set it inherits its parents level
  • Log Filters
  • Filter set to WARNING filters out messages below
  • Configuration file
  • Loggers are usually configured using a properties file
  • For Tomcat the global file is at $CATALINA_BASE/conf/logging.properties
  • Loggers can be configured within the code
  • bad idea to set the Level of Logger in code
  • Causes a code change to reset the Level
References
Tomcat JULI logging Tutorial
Tomcat Logging FAQ
Java Logging Tutorial from jenkov.com
Correct Eclipse for Tomcat JULI logging see the Hands on Exercises
Hands on Exercise
[Media:Eclipse_JULI_Logging.pdf |Set up JULI Logging for Web Application Servlet]

log4j Logging

  • log4j is an alternative logging technology that can be used in Tomcat
  • log4j usually is not used to replace the global logging of the Tomcat service
  • This is usually left as JULI logging
  • harder to replace the Tomcat service logging in $CATALINA_BASE/conf/logging.properties
  • It is easy to replace the JULI logging in Web Applications with log4j logging
  • Step1 - put log4j.jar into WEB-INF/lib
  • Step2 - put log4j.properties into WEB_INF/lib


log4j has three main components

  • loggers - capture logging information
  • loggers have a hierarchy similar to JULI logging
  • loggers without levels inherit from closest ancestor with a level
  • have levels
  • TRACE
  • DEBUG
  • INFO
  • WARN
  • ERROR
  • FATAL
  • loggers print messages though methods which determine the level, methods are:
  • debug
  • info
  • warn
  • error
  • fatal
  • log
  • messages are enabled if the level of the logger is equal or higher than the level of the message
  • otherwise the message is disabled
  • DEBUG < INFO < WARN < ERROR < FATAL
  • appenders - send logging information to destinations
  • one or more can be attached to a logger
  • there are various types similar to JULI
  • console
  • file
  • layouts - format logging information
Hands on Exercise
Using the references determine how to get two log4j loggers to be configured in a properties file. Then using the ListAllUsers servlet send log messages using log4j to a file using a fileHandler. Leave the JULI logging in place as this is done. Look up references on the web to determine how to do this.
References
Using log4j in Tomcat 7 from Tomcat website

Exceptions

An exception is an event, which occurs during the execution of a program, that disrupts the normal flow of the program's instructions.

  • Types of exceptions
  • checked exceptions - must be handled by the code or passed on using a throws keyword
  • examples are FileNotFoundException for using a FileReader must be caught or passed on using throws
  • unchecked exceptions - do not have to be handled since the compiler does not check for them
these can be handled if so desired
examples are null pointer error, or divide by zero
  • Exceptions can be caught with "try catch" code
  • The decision as to how exceptions should be handled is controversial
  • Some groups try to catch all exceptions
  • Some ignore exceptions unless forced to handle them (because they are checked exceptions)
  • Exceptions can be logged with a logger
  • Often they are just printed to the console with a stack trace (printStackTrace)
  • if the console is not available, i.e. in production, then printing to the console may not be suitable
References
Java Exception Handling from Jenkov.com
Oracle Discussion of Exceptions


Thread Dumps

Thread Dumps are logs of the threads running at a specific moment of a server

  • The can be obtained through various tools
  • jstack
  • VisualVM
  • various command line commands
  • Generally they give the following information
  • Thread Name
  • Priority
  • Thread ID
  • Status
  • callstack

Thread dumps can be used when threads seem to be slow, blocked, or deadlocked

Hands on Exercise
Using VisualVM create a thread dump and look it over
References
Analyzing Thread Dumps

Security

Realms, Authentication, Authorization

Tomcat Security Realms

  • Mechanism for protecting web application resources
  • Define users, passwords, and roles
  • Define security constraints with roles
  • Realm types
  • MemoryRealm - hold users, passwords and roles in memory after reading an XML file
  • JDBCRealm - supports storing usernames, passwords, and roles in a SQL database
  • JNDIRealm - implementation back by JNDI
  • DataSourceRealm - Realm backed by JNDI-configured JDBC data source
  • UserDatabaseRealm - Realm backed by custom UserDatabase configured via JNDI
  • JaasRealm - uses Java Authentication and Authorization Service (JAAS)
  • CombinedRealm - uses multiple realms at the same time
  • LockOutRealm - locks out users if too many incorrect login tries
  • a custom realm can also be built by the developers

Hands on Exercise - MemoryRealm example

  • Define a set of users in default file of $CATALINA_BASE/conf/tomcat-users.xml
  • Protect a resource with a MemoryRealm (protect our Web_PROJECT_1 context)
  • Realm definition goes into Context, Engine, or HOST element
  • Can protect an Engine, Host, or Context by putting it under that element
  • Is the Context defined in server.xml or is it done by default to the WAR name in webapps?
  • Should the Context element be in META-INF/context.xml
  • Realm element form is - <Realm className="org.apache.catalina.realm.MemoryRealm"/>
  • Add a security constraint to web.xml
  • Add a login-config element to web.xml
  • Add a security-role element to web.xml

Now run Tomcat and view a page within Web_Project_1 web application

Defining a Realm within a Context element. Note that a context within META-INF cannot have a docbase attribute

<Context path="/Web_Project_1">
    <Realm className="org.apache.catalina.realm.MemoryRealm"/>
</Context>

Defining users in tomcat-users.xml

  <role rolename="WebProject1"/>
  <user username="webprojectuser" password="tomcat123" roles="WebProject1"/>

Defining the security constraint, login configuration, and security role in web.xml

<security-constraint>
   <web-resource-collection>
       <web-resource-name>Memory Realm Example</web-resource-name>
       <url-pattern>/*</url-pattern>
   </web-resource-collection>
   <auth-constraint>
       <role-name>WebProject1</role-name>
   </auth-constraint>
</security-constraint>

<login-config>
   <auth-method>BASIC</auth-method>
   <realm-name>Web Project 1</realm-name>
</login-config>

<security-role>
    <role-name>WebProject1</role-name>
</security-role>

Secure Socket Layer SSL

SSL allows web browsers and web servers to communicate over a secured connection

  • A server has a certificate with a public and a private key
  • Items sent from the browser using the server's public key can be decrypted by the server using its private key
  • The SSL protocol (Discussion from DigiCert.com) is
  • Browser connects to a web server (website) secured with SSL (https). Browser requests that the server identify itself.
  • Server sends a copy of its SSL Certificate, including the server’s public key.
  • Browser checks the certificate root against a list of trusted CAs and that the certificate is unexpired, unrevoked, and that its common name is valid for the website that it is connecting to. If the browser trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server’s public key.
  • Server decrypts the symmetric session key using its private key and sends back an acknowledgement encrypted with the session key to start the encrypted session.
  • Server and Browser now encrypt all transmitted data with the session key.
Hands on Exercise
Create an SSL certificate using keytool and install it on Tomcat, see Tomcat SSL Configuration How-To in the References
References
Tomcat SSL Configuration How-To
Oracle KeyTool
Digicert discussion of SSL

Tomcat Behind Apache httpd

  • Tomcat can act as the servlet handler for Apache httpd
  • There are good and bad points to doing things this way.
  • Tomcat is an efficient handler of static pages.

Hands on Exercise 1

Look up on the web and discuss the good and bad points of using Tomcat behind Apache httpd

Hands on Exercise 2

Get Apache hpptd running with Tomcat handling servlets and JavaServer Pages

  • download Apache httpd, see reference below
  • put Apache at c:\apache24
  • Change the port in httpd.conf if something is on port 80 already (i.e. Skype)
  • Check the port with netstat -aon | findstr 0.0:80 in a command prompt
  • set the system path so it has apache24 in it
  • Download the connector binary release
  • Unpack the zip file
  • move mod_jk.so into the apache24/modules directory
  • create a configuration file mod_jk.conf and put it into $CATALINA_BASE/conf, see below for details
  • in Apache httpd.conf put a line at the end:
  • include $CATALINA_BASE/conf/mod_jk.conf (replace $CATALINA_BASE with the real path)
  • create a configuration file called workers.properties, see below
  • place workers.properties file at location specified in mod_jk.conf

mod_jk.conf sample

# Load mod_jk module
LoadModule    jk_module  modules/mod_jk.so
# Where to find workers.properties
JkWorkersFile C:/apache-tomcat-7.0.55/conf/workers.properties
# Where to put jk logs
JkLogFile     C:/apache-tomcat-7.0.55/logs/httpd/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel    info
# Select the timestamp log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
# Send servlet for context /Web_Project_1 to worker named worker1
JkMount  /Web_Project_1/* ajp13
# Send JSPs  for context /examples to worker named worker1
JkMount  /Web_Project_1/*.jsp ajp13

workers.properties

# Define 1 real worker named ajp13
worker.list=ajp13

# Set properties for worker named ajp13 to use ajp13 protocol,
# and run on port 8009 as given in server.xml connector
worker.ajp13.type=ajp13
worker.ajp13.host=localhost
worker.ajp13.port=8009
worker.ajp13.lbfactor=50
worker.ajp13.cachesize=10
worker.ajp13.cache_timeout=600
worker.ajp13.socket_keepalive=1
worker.ajp13.socket_timeout=300


References
Download Apache
Download Tomcat Connector Binary
Tomcat Connector Documentation
Configure Tomcat to work with Apache
Apache Tomcat mod_jk Connector Configuration Made Simple

The World Beyond Tomcat

Spring Framework

JavaServer Faces (ICEfaces, RichFaces)

Hibernate and IBatis

  • Object Relational Mapping (ORM)
  • Hibernate
  • Map class fields to database fields
  • IBATIS
  • Map select statement fields to class fields