InfoQ

News

Tomcat 7 Beta Debuts Servlet 3.0 Support, Security Upgrades and Operations-Friendly Updates

Posted by Josh Long on Jul 09, 2010

Community
Java
Topics
Tools ,
Web Servers
Tags
Apache Tomcat
Share Share |

The Apache Software Foundation's Tomcat web server has reached 7.0 beta, the first release more than 3 years. The new release has been in development for around 18 months. The release can be downloaded from the project's download page at the Apache Software Foundation.

The release features implementations of many new specifications, including Servlet 3.0, JSP 2.2, and EL 2.2. The introduction of Servlet 3.0 support brings the worlds most used Java web container up to date with the latest servlet specifications, as introduced by the Java EE 6 specification. Servlet 3.0 promises many refinements (the API has been genericized, for example) and introduces a number of new features designed to make developers lives easier, making it faster to build scalable applications. A key feature the Servlet 3.0 specification is support for standardized (as these features are, technically, already available through non-standard APIs for Tomcat, Jetty, and other containers) asynchronous HTTP requests and responses. The specification describes baked-in support for file uploads, negating the need for a third party library like the Apache project's Commons File Upload component.

The specification also defines support for dynamically configuring a web application which has an impact in a number of places. Web-tier constructs like servlets may be defined using annotations, negating the need for registration in the WEB-INF/web.xml deployment descriptor file. Additionally, the new specification defines an API by which Servlets, Filters, etc., may be programmatically registered with a container at runtime. Along these same lines, web fragments enable third party libraries to ship web.xml descriptors with the library and the configuration will be added to the web application's main web.xml. You might imagine, for example, simply dropping a web framework's .jar files in the WEB-INF/lib folder of your application and seeing it configured automatically.

Tomcat 7 adds protection against session fixation attacks. A session fixation attack is designed to force the session ID of a client to an explicit, known value. Additionally, it supports SSL session tracking, and more granular permissions for the various access mechanisms (JMX, web-based, and script access, for example.).

The new release is more flexible for developers who would like to embed the container; it exposes a lightweight API for embedding the container in client code. Additionally, Tomcat requires fewer .jars, making it easier to build Tomcat a la carte.

The release features several features to ease administration and management of the server. It supports an asynchronous logging thread to write requests/responses independent of the request/response pipeline. Tomcat 7 features sophisticated support for preventing, identifying and trapping memory leaks. The crux of this memory leak busting support lies in Tomcat 7's improved class loader and a JreLeakPreventionListener class. Tomcat 7 debuts support for what it calls "aliases," very much like the Apache server's feature of the same name. It lets applications in Tomcat see content from external sources, like a fileysytem.

Finally, one thing you'll not see in Tomcat 7 is support for the Java EE 6 web-profile. The Java EE 6 web profile defines a subset of the whole Java EE specification geared towards enabling web-facing applications. For more on the Java EE 6 spec, including the web profile, see Java EE 6 Platform Draft Published featuring the Web Profile. Conceptually, this reduces the onus on application server vendors to maintain complete backwards compatability simply to remain "certified." The Java EE 6 web profile is also ideal for servlet containers that wish to obtain certification. The Simple Web Profile Application Server project aims to build a Java EE 6 web-profile compliant server using Apache Software Foundation components, with Apache Tomcat 7 as the base.

Related Sponsor

Dynamic Application Infrastructure delivers the innovation, performance and scalability to build, deploy and manage all types of highly robust applications.

2 comments

Watch Thread Reply

comet? websocket? by Vic _ Posted Jul 9, 2010 3:13 PM
Re: comet? websocket? by anjan bacchu Posted Jul 10, 2010 8:30 PM
Sort by date descending

  1. Back to top

    comet? websocket?

    Jul 9, 2010 3:13 PM by Vic _

    ?

    Reply

  2. Back to top

    Re: comet? websocket?

    Jul 10, 2010 8:30 PM by anjan bacchu

    hi there,

    yes, it will be nice to know if there is WebSocket support. Given that almost all browsers will soon have WebSockets, NOT having support in the WebServer/AppServer does NOT make sense.

    BR,
    ~A

    Reply

Educational Content

A Brief Introduction to the Java and .NET Patent Issues

Tim Smith introduces the licenses offered by Oracle/Sun and Microsoft, with a focus on how they may affect third party implementation such as Google’s Android platform.

Obscured by Clouds

Russ Miles and Toby Hobson outline many factors to be considered when adopting a cloud solution, creating a wider view of the cloud from the development and business perspective.

The Power of Visibility: Driving a Lean-Agile Transition

Kelley Horton discusses the reasons why her organization transitioned to Lean-Agile, the approach used and the visual tools helping them minimize WIP, concluding that visibility leads to success.

Panel: Modular Java

Alex Blewitt, Kevin Seal and Alex Buckley answer Java modularity-related questions: when is modularity needed, how to address it, and what are the improvements in OSGi-based development.

Whither the Smartphone? Future Directions in Smartphones and Mobile Development

Adam Blum discusses the current trends in mobile development and smartphones, trying to predict what will happen in this area over the next 5 years so a developer would know what to expect.

Cogs in the Machine: Testing Code Embedded in an Impenetrable Framework

Roy Osherove discusses the difficulties met when trying to test code embedded in a framework (cog), presenting several solutions to create unit tests for cogs, using Silverlight code as example.

Confessions of A New Agile Developer

This short article is a first-person case history of someone taking up Agility for the first time. It covers the problems and reactions that are common to most teams and most developers.

Scott Chacon on Git and GitHub

Scott Chacon talks about the technologies that power GitHub (Erlang, Redis,...), and the benefits of Git as a version control and as a storage system. Also: ShowOff, a JS-based presentation tool.