© 2009 VMware Inc. All rights reserved

Apache Tomcat 7

Mark Thomas, Staff Engineer

2

Agenda

Introduction

Specification changes

New features

Current status

Future plans

Useful resources

Questions

3

Introduction

Apache Tomcat committer & PMC member

Wrote a large proportion of the updates for Tomcat 7

Tomcat 7 release manager

Apache Commons (DBCP & Pool) committer

ASF member

ASF Infrastructure team

ASF Security team member

Lead the SpringSource security team

tc Server developer

4

Specification Changes

5

Specification changes

Servlet 3.0

• Java 1.6

• Asynchronous processing

• Pluggability

• Annotations

• Session management

• httpOnly

• Programmatic login

JSP 2.2

• JSP property group additions

• New omit attribute for <jsp:attribute .../>

Expression Language 2.2

• Method invocations

6

New features

7

Management

JMX remote lifecycle listener

Manager application can differentiate between primary, backup and

proxy sessions

Better alignment of MBeans

Can configure an entire Tomcat instance via JMX from just a

running Server component

8

Performance

Limit loaded JSPs with LRU cache

GZIP compressed output streams can now be flushed

Remove bottleneck in session ID generation

Crawler session manager valve

AJP NIO connector (will be in 7.0.15 onwards)

9

Resources

New singleton attribute

New closeMethod attribute

10

Deployment

Support parallel deployment

Copying of /META-INF/context.xml to

$CATALINA_BASE/<engine>/<host>/contextname.xml is now

optional and disabled by default

Added alias support

Improved memory leak detection and prevention

11

Security

Cross-site request forgery (CSRF) protection filter

CSRF protection added to manager application

• role names & some URLs changed

LockOutRealm used by default

Access log enabled by default

exec is disabled by default for SSI

DefaultServlet serves content from root of context by default

12

Security

Graceful handling of users book-marking the login page

Session IDs generated using SecureRandom by default

SSL renegotiation & RFC 5746

HTTP NIO connector now supports SSL renegotiation

Security listener

Better access logging of failed requests

Cookie paths end in /

13

Embedding and Extending

New o.a.catalina.startup.Tomcat class for embedding

New JarResource interface for accessing TLDs

Binary and source JARs provided for Apache Maven

Customisable JAR scanning

14

Code clean-up

Generics

Better definition of Lifecycle interface

Comet classes have moved to o.a.catalina.comet

Expanded the unit tests

Added Checkstyle and FindBugs to the build process

Removed unused / deprecated / duplicated code

Custom components using Tomcat internals are likely to require

changes

15

Windows

Windows installer detects 32-bit or 64-bit JVM and installs correct

native binaries

Windows native authentication (SPNEGO)

16

Current Status

17

Current status

Apache Tomcat 7 is stable as of 7.0.6

Current release is 7.0.14

Continuing to provide a release a month

All releases have passed the Servlet 3.0, JSP 2.2 and EL 2.2 TCKs

Servlet TCK is tested with the following combinations

• HTTP BIO, NIO & APR/native

• mod_jk + AJP BIO, NIO & APR/native

• mod_proxy_http + HTTP BIO, NIO & APR/native

• mod_proxy_ajp + AJP BIO, NIO & APR/native

18

Current status

As of 23 May 2011

Tomcat 7

• 1 open bug

• 29 open enhancement requests

Tomcat 6

• 3 hard to reproduce bugs under investigation

• 2 open bugs

• 4 bugs with patches waiting for review

• 73 open enhancement requests

Tomcat 5

• 4 bugs with patches waiting for review

• 33 open enhancement requests

19

Future Plans

20

Future Plans

Commons DBCP v2

Socket IO

Keep on top of open bugs

Continue reviewing enhancement requests

21

Useful Resources

22

Useful resources

http://tomcat.apache.org

• http://blogs.apache.org/tomcat

Mailing lists

• users

• dev

• announce

http://tomcat.markmail.org

http://svn.apache.org/repos/asf/tomcat/trunk/webapps/

docs/changelog.xml

http://ci.apache.org/projects/tomcat/tomcat7/docs/

http://s.apache.org/tomcat-7-open-issues

23

Questions