Evolution in Data Integration From EII to Big Data
Approaches to integrating data are changing with emergence of cloud computing.
News
The content has been bookmarked!
There was an error bookmarking this content! Please retry.
Apache Tomcat 7 Becomes Latest Stable Release
Posted by Charles Humble on Jan 24, 2011
Tomcat version 7.0.6, released on January 11th 2011, has been voted stable. This is the first stable release of the Tomcat 7 branch, superseding version 6 which was introduced in February 2007.
Apache have decided not to add support for the full Java EE 6 web profile to Tomcat, at least for the moment. Thus version 7 simply adds support for Servlet 3.0 - introduced in Java EE 6 - as well as JavaServer Pages 2.2 and EL 2.2. It requires Java SE 6 or higher.
Servlet 3.0 is however a significant update, adding a number of refinements to the specification. Key ones include:
- The introduction of standardised support for asynchronous HTTP requests and responses. Whilst asynchronous support was available in Tomcat 6 through a non-standard API, standarisation means that the Servlet 3 version is portable between containers.
- Dynamic configuration: Support for Web Fragments, which can be used by libraries to provide their configuration, eliminating the need for developers to add library-specific configuration to their application’s web.xml file.
- The use of annotations for configuring filters, listeners and servlets, further reducing the amount of XML developers need to write.
Servlet 3.0 has also been overhauled to use generics, has improvements to session tracking, and includes new file upload functionality.
Not all the improvements in Tomcat 7 are down to the Servlet 3.0 API. Tomcat also sees a number of important security improvements. There are now separate roles for script-based, web-based, JMX proxy, and status page access, allowing more specific access control. To prevent Cross-site request forgery (CSRF) attacks, a randomly generated nonce will be required for all non-idempotent requests (that is, an operation which will not produce the same results if executed multiple times). Preventative measures have also been taken to protect against session fixation attacks. A session fixation attack is designed to force the session ID of a client to an explicit, known value.
The development team have also continued to work on common problems with memory leaks in the container, improved the logging system, and improved the container start-up times.
Finally Tomcat 7 provides a lightweight API allowing a developer to embed the container with just a few lines of code.
Developers wanting to use the full Java EE 6 Web Profile can, of course, include the APIs in their projects themselves. However a community led project, Simple Web Profile Application Server, has sprung up to fill the gap. In addition Apache Geronimo, for which Tomcat provides the servlet container, will be supporting the web profile as well as the full Java EE 6 profile.
- This article is part of a featured topic series on Agile
- See more Agile content at: http://www.infoq.com/agile
- Other recent content items in this topic
RelatedVendorContent
Monitor your Production Java App - includes JMX! Low Overhead - Free download
Using Drools? See what you're missing! Get the Power of Drools with the Assurance of Red Hat
Related Sponsor
In today’s hyper-competitive world, later may be too late to adopt Agile development and this Roadmap for Success will help you get started. Download "Agile Development: A Manager's Roadmap for Success" now!
No comments
Watch Thread Reply