Apache Tomcat and Java EE Administration US

Apache Tomcat and Java EE Administration (US)

The Java Platform

JVM, JRE, JDK - what are these?

JVM - Java Virtual Machine

Runs Bytecode produced by the Java Compiler
Allows Java to run on multiple types of hardware (write once, run anywhere)
Interprets Bytecode into the instruction set of the hardware
Can use JIT (just in time) compilation

References:

Wikipedia Article on JVM

NobleProg Page on JVM

Wikipedia Article on JIT Compilation

JRE - Java Runtime Environment

Contains the Java Virtual Machine, code Libraries, and other components
Allows applications and applets written in Java to run
Can be either Standard or Enterprise

References:

Java Standard Libraries

Java Enterprise Libraries

JDK - Java Development Kit

An implementation of one of the Java SE, Java EE, or Java ME platforms
For a particular Hardware and Operating System such as Windows, Linux, Solaris, or Mac OS
Contains JRE (with JVM), and Tools to develop applications
Important tools it has include, compiler, debugger, JavaDoc generator, JAR archiver
Most development uses an IDE such as Eclipse or NetBeans that may access the tools in the JDK

References:

Wikipedia Article on the JDK

Diagram of JDK vs JRE etc.

Java SE versus EE

Java EE is built on top of SE components
The more important components in EE are designed to help build

Web Applications (Servlets, JSP, JSF, etc.)
Enterprise Applications (EJB, Database connectivity, Message Services)

There are numerous packages in EE

Installing a Java JDK or JRE

Hands on Exercise:

Using the following document install the Java JDK that corresponds to the type of Operating system that exists on your computer (Windows, Mac OS, Linux x64, etc.). The installation steps will be approximately the same for each operating system.

Installing the JDK

Java Applications on Tomcat

Installing an IDE (Eclipse)

In order to properly explore Java it is easiest to install an Integrated Development Environment (IDE) on your computer so that you can develop classes in the same way that a developer would develop classes. The following document shows how to install Eclipse on your computer. Eclipse is a free IDE used by many developers (Netbeans is another IDE commonly used).

Hands on Exercise:

Using the following instructions install Eclipse on your computer. Eclipse is an Integrated Development Environment commonly used by developers. Installation steps will be approximately the same for all operating systems. There is only one installation zip file for all operating systems.

Installing Eclipse

Java Classes

The concept of a class stems from the desire to have the ability in a programming language to:

Encapsulate functionality
Distribute tested code
Allow reuse of code, write and test complex functionality only once
Decrease the cost of software systems
Increase the understandability of the code

It was discovered that a good way of doing this was to create code blocks that:

Have internal state that is secured from external access
Allow access to some internal state through secure channels (now called getter and setter methods)
Have code that can be called that perform functionality, sometimes very complex functionality
Have tested complexity that can be reused
Contain many of the complex concepts and structures of a software system

The result of the above concerns, at this point, is implemented in programming languages through the concepts of classes and objects.

Classes are templates by which objects can be created in a program.

Objects are elements of a program that can have

State (characteristics stored in fields)
Behavior (Things that it can do which are called methods in Java programming)

Note that most examples of classes for a beginner are very simplistic compared with classes in a real web program. For example a dog has characteristics such as color, height, and disposition. It has behaviors such as bark, drool, run, walk, etc.

On the other hand a web class might have characteristics such as

the IP address of the user
database connection strings
hashmaps or lists of information
the request from the user
the response to the user
other complex characteristics

It might have behaviors of:

finding user cookies
storing and retrieving data from a database
connecting to Enterprise Beans on another server
retrieving data
encrypting data
creating and using XML
using a message queue
other complex behaviors

A web class may use or invoke methods of many other classes.

Often the classes used by a class are classes from libraries (often contained in JAR files) created by other teams.

Often they are either a part of the Standard or Enterprise libraries of Java or they can be libraries from open source or commercial organizations.

Hands on Exercise:

We will use the Eclipse IDE to create a Java Project and a few standard classes so that we can explore the class and object concept. Note that this is not a Web Project and therefore will have only standard Java classes.

Create a Standard Java Project with Eclipse

Sample Classes for a standard Java program

References:

WikiBooks - Java Programming on Classes

Oracle Tutorial on Classes

Java JAR Files

JAR files are archives of Java components. The JAR Files are actual zip archives with the jar extension rather than the zip extension. Generally, libraries of components come in JAR files. However JAR files can also be made executable by including in them a class with a main method. This class is specified in a manifest so that it can be found when the jar file is executed.

Hands On Exercise

A JAR file can be easily create in the Eclipse IDE. Using the following document create a JAR file from the project created in the prior Hands on Exercise.

Create a JAR file using Eclipse

An executable JAR file can be run by opening a Command Prompt, switching to the folder containing the JAR file, and using the command "java -jar nameOfJarFile.jar"

The java command looks up the name of the class with the main method in the MANIFEST.MF file and then executes that class. Using a zip file application such as 7Zip you can explore the contents of a JAR file.

References:

JAR file format

Servlets

Tomcat has a Servlet Container. The Servlet Container:
- Gets HTTP requests from clicks on web pages (usually)
- Keeps state for the user through cookie JSESSIONID, web pages are stateless
- Delegates the request to a servlet.
- Returns a response to the requester.

A servlet:
- Is a component of a Java Web Application (usually)
- Is a Java class that extends HttpServlet (usually)
- Is configured to handle requests for a specific web page
- Gets requests from the Servlet Container
- Give responses back to the Servlet Container

Hands on Exercise

Install Tomcat on Windows

Create an Eclipse Web Project

Create a Servlet and WAR file in Eclipse

References

Servlets Tutorial

Tomcat Servlet Examples Explained

HTTP Methods Get vs Post

Using WebServlet Annotation in Tomcat

JSPs

JavaServer Pages (JSPs) are another component of a Web Application.

JavaServer Pages:

- Mix HTML with Java Code by using scriplets <% some code %>
- Allow dynamic content such as database content
- Are translated in Java code
  - Static code is translated as prints to the output
  - Dynamic code is translated as Java code
- The code is compiled into Servlets
- When a reference is made to a JSP the servlet is run

An example of a JavaServer Page is given below.

<?xml version="1.0" encoding="ISO-8859-1" ?>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Insert title here</title>
</head>
<body>
  This is the testing page.
  <% int a, b;
     a = 5;
     b = a + 6;
  %>
  <br/>
  The integer was <%=b%>
</body>
</html>

JavaBeans

A JavaBean is a class that:

Has all properties that are private
Has getters and setters for its properties (access to properties is through getters and setters)
Implements the Serializable interface

A serializable object can be decomposed into a stream of Bytes.
Generally this means that a serializable object is composed of primitive types and of objects that are themselves serializable

eventually a serializable object and its sub-objects are made of primitives
for example an object that contains an object that has a database call that populates some of its properties cannot be serialize because of the database call. Therefore it cannot be a JavaBean

JNDI and DataSources

The Java Naming and Directory Interface (JNDI)

Is an API that provides naming and directory services to Java programs
Tomcat provides JNDI services for use by the developer

Context.xml and web.xml are used to configure JNDI resources for use in Tomcat

Hands on Exercise

Install MySQL

Create a Tomcat JNDI DataSource for MySQL

Create a Tomcat Servlet that uses the JNDI DataSource

References

CodeJava Example of JNDI Datasource in Tomcat

JournalDev Example of Tomcat Datasource JNDI

Tomcat JNDI Resource How-To

Tomcat JNDI Datasource How-To

Oracle JNDI Trail

Apache Tomcat 7

Tomcat is basically a Servlet container with additional Components. Tomcat allows:

HTML
Servlets
JavaServer Pages
JNDI with database connectivity
JavaServer Faces
The use of WAR files

Tomcat Directory Structure

bin - contains scripts that can start and stop the server and related files. Scripts for Unix and Windows are present.

conf - contains the configuration scripts such as server.xml, web.xml, and context.xml

catalina.policy - specifies security policy

catalina.properties and logging.properties - property files for logging and catalina

server.xml - tomcat main configuration file

web.xml - global web application deployment descriptors

context.xml - global tomcat specific configuration options

tomcat_user.xml - user, password, and role for authentication and access control

lib - contains jar files available to all web application, generally jar files for specific web application go into lib folders within the application folder

logs - the default location for log files, contains the engine, host,

temp - the temp directory used by catalina.bat which is called by startup.bat, can also be used by other system components

webapps - the location for the web applications that will run on the server

work - contains the translated servlet source files and classes of JSP/JSF. Organized by engine name (Catalina), host name (i.e. localhost), web application name, followed by the Java classes package structure.

Older Servers Tomcat 5.5 Directories

common, server, and shared - contain jar files available to the common, catalina, and shared class loaders (replaced in Tomcat 6 and above by the lib directory).

References

Tomcat 7 Class Loaders

Tomcat 5.5 Class Loaders

Wikipedia Class Loader Discussion

Tomcat Configuration

Server.xml

Taking the server.xml in the Tomcat installation as an example

Server Element

The Server element is the topmost element of server.xml
port - gives the port that the shutdown (bat or sh) script will address to shutdown the server
shutdown - gives the text of the command that must be sent to the port to initiate shutdown
additional parameters include:

address - the TCP/IP address to send the shutdown command to, default is localhost (the command comes from the same server that Tomcat is running on)
class - an organization could write their own class that implements the org.apache.catalina.Server interface, not usually done. The default is org.apache.catalina.core.StandardServer.

Service Element

A service is an element of a server
A server can have several services
A service has one or more connector definitions along with a single engine definition
name - the display name of this element, used for example in log entries
additional parameters include:

class - an organization could write their own class for the service element. It would implement the org.apache.catalina.service interface. The default service is org.apache.catalina.core.StandardService.

Connector Element

port - gives the port that the connector will listen on for new requests from browsers
redirectPort - When an SSL connection is required by a <security-constraint> in the web.xml file the request is redirected to this port
connectionTimeout - the number of milliseconds the connector will wait after accepting the connection for the browser to send the request
protocol - specifies whether a BIO (Blocking I/O), NIO (Non-Blocking I/O) or APR (Apache Portable Runtime) protocol will be used for connections to the server through the connectory. APR is the default
additional parameters are numerous, see references for Tomcat Documentation Index below. Several of these parameters are useful in performance tuning.

Engine element

the engine represents and contains the request processing components for the service
It receives and processes all requests from the connectors for the service
A service can have only one engine
name - the logical name of the engine, used in log and error messages, must be unique within the server
defaultHost - identifies the host that will process requests directed by domain name and port address to this server.

This host is the default if a Host is not listed within the Engine element that matches the domain.
There must be a Host element with this name listed in the Engine element

additional parameters are numerous, see references for Tomcat Documentation Index below.

Host element

name - the network name of this host, usually registered with Domain Name Service server
autoDeploy - if true when a change is made to a WAR file, a context.xml file, or a web application directory then Tomcat will pick it up and deploy the change.
unpackWARs - when true WARs will be unpacked in a directory. When false the web application is run out of the WAR which is slower.
appBase - the application base directory for this virtual host. Usually and by default this is set to webapps
additional parameters are numerous, see references for Tomcat Documentation Index below.

Context element

There are several methods for defining contexts that are used in the following order when Tomcat starts.

Web applications can be defined by placing a context.xml (i.e. webApplicationName.xml) file in the config directory
Web applications with a WAR in the appBase of the host
Web applications with a directory within the appBase of the Host
It is not recommended to put a Context element within server.xml, but it can be done

Listener element

A Listener element defines a component that performs actions when specific events occur, usually Tomcat starting or Tomcat stopping
Some Listeners are only intended to be nested inside specific elements.
Standard Listeners that can be in the Server element

The APR Lifecycle Listener checks for the presence of the APR/native library and loads the library if it is present.
The Jasper Listener initializes the Jasper 2 JSP engine before any web applications that may use it are loaded.
The Global Resources Lifecycle Listener - initializes resources
The JRE Memory Leak Prevention Listener - see documentation at Tomcat website
ThreadLocal Leak Prevention Listener - see documentation at Tomcat website

GlobalNamingResources element

used to define JNDI resources that are global

Realm element

Tomcat's mechanism for protecting web application resources.
Generally are within the Context element but can be in the engine or host element
It is not recommended to put the Context elements within the server.xml file

Valve element

Named Classes that act as Preprocessors for Requests
Most commonly used valve is:

AccessLogValve - see the valve in the default server.xml to write the localhost access log

There are other valves in Tomcat

Access Control - stop a remote address or a remote host from accessing a web application
Authorization - some valves are automatically added to the context of a web application

when a security constraint adds Basic, form ... authentication

requestFilterValve

Remote address valve and Remote Host Valve are sub-classes of this

SingleSignOnValve

The Single Sign On facility operates according to the following rules:

All web applications configured for this virtual host must share the same Realm. In practice, that means you can nest the Realm element inside this Host element (or the surrounding Engine element), but not inside a Context element for one of the involved web applications.
As long as the user accesses only unprotected resources in any of the web applications on this virtual host, they will not be challenged to authenticate themselves.
As soon as the user accesses a protected resource in any web application associated with this virtual host, the user will be challenged to authenticate himself or herself, using the login method defined for the web application currently being accessed.
Once authenticated, the roles associated with this user will be utilized for access control decisions across all of the associated web applications, without challenging the user to authenticate themselves to each application individually.
As soon as the user logs out of one web application (for example, by invalidating the corresponding session if form based login is used), the user's sessions in all web applications will be invalidated. Any subsequent attempt to access a protected resource in any application will require the user to authenticate himself or herself again.
The Single Sign On feature utilizes HTTP cookies to transmit a token that associates each request with the saved user identity, so it can only be utilized in client environments that support cookies.

RequestDumperValve

Has been replaced by the RequestDumperFilter in Tomcat 7
SeeRequest Dump Filter
Logs information from the Request and Response
Used for debugging

web.xml

Contains configurations for local server independent resources such servlets, or DataSources
The most commonly used elements are:

description
display-name
error-page
filter
filter-mapping
login-config
resource-env-ref
resource-ref
security-constraint
security-role
servlet
servlet-mapping
taglib
welcome-file-list

context.xml

Contains configurations for local server dependent resources such as Realms or DataSources

Can also contain configurations that span web applications if placed in $CATALINA_BASE/conf

Can be placed at the following locations

CATALINA_BASE/conf/context.xml defines global resources such as JNDI DataSources used across applications
web application/META-INF/context.xml defines local resources such as local JNDI DataSources or Realms
$CATALINA_BASE/conf/[enginename]/[hostname]/ and renamed to application's base file name plus a ".xml" extension.

Defines the Context element of the web application
server.xml can also contain the Context element but this is discouraged

Requires restarting Tomcat for a change to a Context for a single web application
Tomcat will generally have more than one web application on it

References

Tomcat Documentation Index

Advanced Tutorial on Tomcat 7

Tomcat Contexts

web.xml Elements

Memory Management and JMX Monitoring

Java Garbage Collection

Java uses a heap to allocate memory for objects
Java keeps track of live objects, those with a reference
In Java the code does not return memory when objects are through being used

there is no free() method as in C to deallocate memory
references to objects are removed instead

for example the local variables in a method when the method returns

the garbage collector keeps track of object references
when an object is no longer referenced it is garbage collected
therefore memory leaks in Java occur when objects stay referenced when no longer used

The Oracle Hotspot JVM Garbage Collection

Heap is made up of 3 spaces

Eden Space - pool from which memory is initially allocated for most objects
Survivor Space - pool that contains objects that survive the Garbage Collection of Eden Space
Tenured Generation - pool containing objects that have been in survivor space for some time

there is also Permanent Generation - pool containing all refective data of the virtual machine

Figure 1 Garbage Collection Spaces Image by Oracle

When a space runs out of memory the Garbage Collector is started on that space.

The Garbage Collector will take less time because of the splitting of the spaces.

Performance Issues with Garbage Collection

As the number of live objects increases the Garbage Collector does more work

Performance Issues with memory leaks

Monitor the number of objects in the Server - is the number expanding over time

May indicate a memory leak
determine which object is increasing - this can point to the problem

References

How Garbage Collection Works

Oracle Java Hotspot JVM Garbage Collection

Oracle Hotspot JVM Garbage Collection Tuning

JAVA_OPTS, JMX, and Jconsole

It is recommended that Tomcat have a setenv.bat file in its conf directory.
This is used to set options for the JVM
for example

set "JAVA_OPTS=%JAVA_OPTS% -Xms128m -Xmx1024m -XX:MaxPermSize=256m -server" - set the heap to 128m and heap max size to 1024m

Note that in Java 8 the MaxPermSize option has been removed

Java Management Extensions (JMX)

A standard part of the Standard Edition Java Platform
Can be used to monitor and manage resources
can monitor and manage the Java Virtual Machine (JVM)
MBeans - Managed Beans

Java Beans with addition components which allow them to be managed via JMX
Registered with an MBEAN server

JMX agent - consists of an MBena server, registered MBeans, set of services for handling MBeans
JMX connectors - allow access to JMS agents from remote applications

JConsole

a management tool that uses JMX managed beans (mbeans)
Can be used on the local system or to a remote system
allows the user to view a Tomcat installation's performance
User can view an overview, memory usage, thread usage, loaded classes, VM summary, and MBeans
User can change values on some MBean attributes, when their values are in Blue
User can start some MBean operations/methods, such as the Garbage Collection, by clicking buttons

References

Oracle Using JConsole

Tomcat with JConsole through Firewall Article

JConsole with Authenication

Hands on Exercise

Start and Explore JConsole

JAVA_OPTS

Exercise, lookup Java Heap size etc. and change for Tomcat.

JVM Memory Opts

Java memory settings

Oracle recommendations for Tomcat

Heap Size

JMeter

JMeter Testing in General

can be used to simulate a heavy load (stress testing)
can be used to analyze overall performance under various load types
can be used to test your server behavior under heavy concurrent load

JMeter allows the user to build tests using:

Thread Groups
Controllers

Samplers (a partial list)

FTP Request
HTTP Request
JDBC Request
Java object request
LDAP Request
SOAP/XML-RPC Request
WebService (SOAP) Request

Logical Controllers (a partial list)

if controller
interleave controller
loop controller

JMeter Testing Code


<?xml version="1.0" encoding="ISO-8859-1" ?>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
    <%@ page import="java.util.LinkedList" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>JMeter Testing</title>
</head>
<body>

A JSP that can be used to test JMeter.</br>
Building a long list of Strings for the fun of it</br>
<% 
   LinkedList<String> stringList = new LinkedList<String>();
   int size = 5;
   String theString = "";
   
   // build a large string in theString variable
   for (int j=0; j < 20; j++) {
       theString = theString + "abcd";
   }
   
   for(int i=0; i < size; i++) {
      stringList.add(theString);
			
   }
   String aString = stringList.get(2);
%>

The third string in the list was <%=aString%></br>
Leaving now, bye

</body>
</html>

References

Apache JMeter website

JMeter Documentation

Hands on Exercise

Install and Test Using JMeter, Tomcat, and JConsole

Additionally determine how to run JMeter on a remote system and explain

Java VisualVM

VisualVM is an executable distributed with the Java JDK

the executable is jvisualvm.exe
it has a visual interface that can be used to display information about a running java application
Used for Troubleshooting
it federates information from

JConsole
jstat
jinfo
jstack
jmap

References

Oracle Java VisualVM Guide

Hands on Exercise

Start up jvisualvm.exe using a command prompt and explore it. Start up Tomcat and JMeter and view data in VisualVM while JMeter is hitting Tomcat and creating new threads.

PSI Probe

PSI Probe is a browser based server monitoring tool.
It monitors

traffic per web application
DataSources
Threads
Cluster Data (when enabled in a cluster)
System Information
Connectors (server.xml connectors)

It can deploy web applications to the server

Hands on Exercise

Get PSI Probe running on the computer by following the install instructions given in the References. Explore PSI Probe's functionality

References

PSI Probe Homepage

Install PSI Probe on Tomcat

Logging and Troubleshooting

JULI (Java Util Logging Interface) Logging

JULI

JULI is built on top of java.util.logging
Corrects java.util.logging so that per Web Application logging can occur
JULI is enabled by default
supports per class loader configuration

Tomcat builds a class loader per Web Application

Logging can be configured

Globally - usually done in the $CATALINA_BASE/conf/logging.properties file
In the Web Application - in the WEB-INF/classes/logging.properties file

tomcat-juli.jar is located in the CATALINA_BASE/bin directory rather than the lib directory

java.util.logging

Hierarchy of loggers

parent and child loggers are named similarly to packages
Loggers named logger1, and logger1.logger2 created gives hierarchy of

Logger named "" this is the root Logger and parent of logger1

Logger named "logger1" this is the parent of logger2

Logger named "logger2"

Each Logger can have a level Filter
Each Logger can have a Handler i.e. ConsoleHandler, etc.

Build-in Handlers

ConsoleHandler - logs messages to System.err
FileHandler - writes messages to a file
StreamHandler - generally used in the code uses an output stream
SocketHandler - generally used in the code uses a socket
MemoryHandler - generally used in the code uses a memory buffer

Handlers can use Formatters

Log Levels

SEVERE (Level.SEVERE)
WARNING
INFO
CONFIG
FINE
FINER
FINEST
If Loggers level not set it inherits its parents level

Log Filters

Filter set to WARNING filters out messages below

Configuration file

Loggers are usually configured using a properties file
For Tomcat the global file is at $CATALINA_BASE/conf/logging.properties
Loggers can be configured within the code
bad idea to set the Level of Logger in code

Causes a code change to reset the Level

References

Tomcat JULI logging Tutorial

Tomcat Logging FAQ

Java Logging Tutorial from jenkov.com

Correct Eclipse for Tomcat JULI logging see the Hands on Exercises

Hands on Exercise

[Media:Eclipse_JULI_Logging.pdf |Set up JULI Logging for Web Application Servlet]

log4j Logging

log4j is an alternative logging technology that can be used in Tomcat
log4j usually is not used to replace the global logging of the Tomcat service

This is usually left as JULI logging
harder to replace the Tomcat service logging in $CATALINA_BASE/conf/logging.properties

It is easy to replace the JULI logging in Web Applications with log4j logging

Step1 - put log4j.jar into WEB-INF/lib
Step2 - put log4j.properties into WEB_INF/lib

log4j has three main components

loggers - capture logging information

loggers have a hierarchy similar to JULI logging

loggers without levels inherit from closest ancestor with a level

have levels

TRACE
DEBUG
INFO
WARN
ERROR
FATAL

loggers print messages though methods which determine the level, methods are:

debug
info
warn
error
fatal
log

messages are enabled if the level of the logger is equal or higher than the level of the message
otherwise the message is disabled
DEBUG < INFO < WARN < ERROR < FATAL

appenders - send logging information to destinations

one or more can be attached to a logger
there are various types similar to JULI

console
file

layouts - format logging information

Hands on Exercise

Using the references determine how to get two log4j loggers to be configured in a properties file. Then using the ListAllUsers servlet send log messages using log4j to a file using a fileHandler. Leave the JULI logging in place as this is done. Look up references on the web to determine how to do this.

References

Using log4j in Tomcat 7 from Tomcat website

Exceptions

An exception is an event, which occurs during the execution of a program, that disrupts the normal flow of the program's instructions.

Types of exceptions

checked exceptions - must be handled by the code or passed on using a throws keyword

examples are FileNotFoundException for using a FileReader must be caught or passed on using throws

unchecked exceptions - do not have to be handled since the compiler does not check for them

these can be handled if so desired

examples are null pointer error, or divide by zero

Exceptions can be caught with "try catch" code
The decision as to how exceptions should be handled is controversial

Some groups try to catch all exceptions
Some ignore exceptions unless forced to handle them (because they are checked exceptions)
Exceptions can be logged with a logger
Often they are just printed to the console with a stack trace (printStackTrace)

if the console is not available, i.e. in production, then printing to the console may not be suitable

References

Java Exception Handling from Jenkov.com

Oracle Discussion of Exceptions

Thread Dumps

Thread Dumps are logs of the threads running at a specific moment of a server

The can be obtained through various tools

jstack
VisualVM
various command line commands

Generally they give the following information

Thread Name
Priority
Thread ID
Status
callstack

Thread dumps can be used when threads seem to be slow, blocked, or deadlocked

Hands on Exercise

Using VisualVM create a thread dump and look it over

References

Analyzing Thread Dumps

Security

Realms, Authentication, Authorization

Tomcat Security Realms

Mechanism for protecting web application resources
Define users, passwords, and roles
Define security constraints with roles
Realm types

MemoryRealm - hold users, passwords and roles in memory after reading an XML file
JDBCRealm - supports storing usernames, passwords, and roles in a SQL database
JNDIRealm - implementation back by JNDI
DataSourceRealm - Realm backed by JNDI-configured JDBC data source
UserDatabaseRealm - Realm backed by custom UserDatabase configured via JNDI
JaasRealm - uses Java Authentication and Authorization Service (JAAS)
CombinedRealm - uses multiple realms at the same time
LockOutRealm - locks out users if too many incorrect login tries

a custom realm can also be built by the developers

Hands on Exercise - MemoryRealm example

Define a set of users in default file of $CATALINA_BASE/conf/tomcat-users.xml
Protect a resource with a MemoryRealm (protect our Web_PROJECT_1 context)

Realm definition goes into Context, Engine, or HOST element
Can protect an Engine, Host, or Context by putting it under that element

Is the Context defined in server.xml or is it done by default to the WAR name in webapps?
Should the Context element be in META-INF/context.xml

Realm element form is - <Realm className="org.apache.catalina.realm.MemoryRealm"/>

Add a security constraint to web.xml
Add a login-config element to web.xml
Add a security-role element to web.xml

Now run Tomcat and view a page within Web_Project_1 web application

Defining a Realm within a Context element. Note that a context within META-INF cannot have a docbase attribute

<Context path="/Web_Project_1">
    <Realm className="org.apache.catalina.realm.MemoryRealm"/>
</Context>

Defining users in tomcat-users.xml

  <role rolename="WebProject1"/>
  <user username="webprojectuser" password="tomcat123" roles="WebProject1"/>

Defining the security constraint, login configuration, and security role in web.xml

<security-constraint>
   <web-resource-collection>
       <web-resource-name>Memory Realm Example</web-resource-name>
       <url-pattern>/*</url-pattern>
   </web-resource-collection>
   <auth-constraint>
       <role-name>WebProject1</role-name>
   </auth-constraint>
</security-constraint>

<login-config>
   <auth-method>BASIC</auth-method>
   <realm-name>Web Project 1</realm-name>
</login-config>

<security-role>
    <role-name>WebProject1</role-name>
</security-role>

Secure Socket Layer SSL

SSL allows web browsers and web servers to communicate over a secured connection

A server has a certificate with a public and a private key
Items sent from the browser using the server's public key can be decrypted by the server using its private key
The SSL protocol (Discussion from DigiCert.com) is

Browser connects to a web server (website) secured with SSL (https). Browser requests that the server identify itself.
Server sends a copy of its SSL Certificate, including the server’s public key.
Browser checks the certificate root against a list of trusted CAs and that the certificate is unexpired, unrevoked, and that its common name is valid for the website that it is connecting to. If the browser trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server’s public key.
Server decrypts the symmetric session key using its private key and sends back an acknowledgement encrypted with the session key to start the encrypted session.
Server and Browser now encrypt all transmitted data with the session key.

Hands on Exercise

Create an SSL certificate using keytool and install it on Tomcat, see Tomcat SSL Configuration How-To in the References

References

Tomcat SSL Configuration How-To

Oracle KeyTool

Digicert discussion of SSL

Tomcat Behind Apache httpd

Tomcat can act as the servlet handler for Apache httpd
There are good and bad points to doing things this way.
Tomcat is an efficient handler of static pages.

Hands on Exercise 1

Look up on the web and discuss the good and bad points of using Tomcat behind Apache httpd

Hands on Exercise 2

Get Apache hpptd running with Tomcat handling servlets and JavaServer Pages

download Apache httpd, see reference below
put Apache at c:\apache24
Change the port in httpd.conf if something is on port 80 already (i.e. Skype)
Check the port with netstat -aon | findstr 0.0:80 in a command prompt
set the system path so it has apache24 in it
Download the connector binary release
Unpack the zip file
move mod_jk.so into the apache24/modules directory
create a configuration file mod_jk.conf and put it into $CATALINA_BASE/conf, see below for details
in Apache httpd.conf put a line at the end:

include $CATALINA_BASE/conf/mod_jk.conf (replace $CATALINA_BASE with the real path)

create a configuration file called workers.properties, see below
place workers.properties file at location specified in mod_jk.conf

mod_jk.conf sample

# Load mod_jk module
LoadModule    jk_module  modules/mod_jk.so
# Where to find workers.properties
JkWorkersFile C:/apache-tomcat-7.0.55/conf/workers.properties
# Where to put jk logs
JkLogFile     C:/apache-tomcat-7.0.55/logs/httpd/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel    info
# Select the timestamp log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
# Send servlet for context /Web_Project_1 to worker named worker1
JkMount  /Web_Project_1/* ajp13
# Send JSPs  for context /examples to worker named worker1
JkMount  /Web_Project_1/*.jsp ajp13

workers.properties

# Define 1 real worker named ajp13
worker.list=ajp13

# Set properties for worker named ajp13 to use ajp13 protocol,
# and run on port 8009 as given in server.xml connector
worker.ajp13.type=ajp13
worker.ajp13.host=localhost
worker.ajp13.port=8009
worker.ajp13.lbfactor=50
worker.ajp13.cachesize=10
worker.ajp13.cache_timeout=600
worker.ajp13.socket_keepalive=1
worker.ajp13.socket_timeout=300

References

Download Apache

Download Tomcat Connector Binary

Tomcat Connector Documentation

Configure Tomcat to work with Apache

Apache Tomcat mod_jk Connector Configuration Made Simple

The World Beyond Tomcat

Spring Framework

JavaServer Faces (ICEfaces, RichFaces)

Hibernate and IBatis

Object Relational Mapping (ORM)
Hibernate

Map class fields to database fields

IBATIS

Map select statement fields to class fields

Apache Tomcat and Java EE Administration US

The Java Platform

JVM, JRE, JDK - what are these?

JVM - Java Virtual Machine

JRE - Java Runtime Environment

JDK - Java Development Kit

Java SE versus EE

Installing a Java JDK or JRE

Java Applications on Tomcat

Installing an IDE (Eclipse)

Java Classes

Java JAR Files

Servlets

JSPs

JavaBeans

JNDI and DataSources

Apache Tomcat 7

Tomcat Directory Structure

Older Servers Tomcat 5.5 Directories

Tomcat Configuration

Server.xml

web.xml

context.xml

Memory Management and JMX Monitoring

Java Garbage Collection

Performance Issues with Garbage Collection

Performance Issues with memory leaks

JAVA_OPTS, JMX, and Jconsole

Java Management Extensions (JMX)

JConsole

JAVA_OPTS

JMeter

Java VisualVM

PSI Probe

Logging and Troubleshooting

JULI (Java Util Logging Interface) Logging

log4j Logging

Exceptions

Thread Dumps

Security

Realms, Authentication, Authorization

Secure Socket Layer SSL

Tomcat Behind Apache httpd

The World Beyond Tomcat

Spring Framework

JavaServer Faces (ICEfaces, RichFaces)

Hibernate and IBatis

Navigation menu

Search