BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ
News Articles Presentations Podcasts Guides

Topics

Choose your language

InfoQ Dev Summit Boston

Discover transformative insights to level up your software development decisions. Register now with early bird tickets.
InfoQ Dev Summit Munich

Get practical advice from senior developers to navigate your current dev challenges. Register now with early bird tickets.
QCon San Francisco

Level up your software skills by uncovering the emerging trends you should focus on. Register now.
The Software Architects' Newsletter

Your monthly guide to all the topics, technologies and techniques that every professional needs to know about. Subscribe for free.

InfoQ Homepage News Apache Tomcat 7 Becomes Latest Stable Release

Apache Tomcat 7 Becomes Latest Stable Release

Leia em Português

This item in japanese

Bookmarks

Jan 24, 2011 2 min read

InfoQ Article Contest

Share your knowledge Win a ticket to a QCon event
or an InfoQ Dev SummitFind out more

Tomcat version 7.0.6, released on January 11th 2011, has been voted stable. This is the first stable release of the Tomcat 7 branch, superseding version 6 which was introduced in February 2007.

Apache have decided not to add support for the full Java EE 6 web profile to Tomcat, at least for the moment. Thus version 7 simply adds support for Servlet 3.0 - introduced in Java EE 6 - as well as JavaServer Pages 2.2 and EL 2.2. It requires Java SE 6 or higher.

Servlet 3.0 is however a significant update, adding a number of refinements to the specification. Key ones include:

  1. The introduction of standardised support for asynchronous HTTP requests and responses. Whilst asynchronous support was available in Tomcat 6 through a non-standard API, standarisation means that the Servlet 3 version is portable between containers.
  2. Dynamic configuration: Support for Web Fragments, which can be used by libraries to provide their configuration, eliminating the need for developers to add library-specific configuration to their application’s web.xml file.
  3. The use of annotations for configuring filters, listeners and servlets, further reducing the amount of XML developers need to write.

Servlet 3.0 has also been overhauled to use generics, has improvements to session tracking, and includes new file upload functionality.

Not all the improvements in Tomcat 7 are down to the Servlet 3.0 API. Tomcat also sees a number of important security improvements. There are now separate roles for script-based, web-based, JMX proxy, and status page access, allowing more specific access control. To prevent Cross-site request forgery (CSRF) attacks, a randomly generated nonce will be required for all non-idempotent requests (that is, an operation which will not produce the same results if executed multiple times). Preventative measures have also been taken to protect against session fixation attacks. A session fixation attack is designed to force the session ID of a client to an explicit, known value.

The development team have also continued to work on common problems with memory leaks in the container, improved the logging system, and improved the container start-up times.

Finally Tomcat 7 provides a lightweight API allowing a developer to embed the container with just a few lines of code.

Developers wanting to use the full Java EE 6 Web Profile can, of course, include the APIs in their projects themselves. However a community led project, Simple Web Profile Application Server, has sprung up to fill the gap. In addition Apache Geronimo, for which Tomcat provides the servlet container, will be supporting the web profile as well as the full Java EE 6 profile.

Rate this Article

Adoption
Style

This content is in the Java topic

Related Topics:
BT