Apche Tomcat

Tomcat is a web server which implements Java Servlet Specification and Java Server Pages technology

Tomcat architecture:

tomcat architecture

You will see later that server.xml is organized in the same way as picture above.

Install Tomcat

Unzip the package wherever you like. This directory is known as the root of your Tomcat installation and is usually referenced as $CATALINA_HOME.

$CATALINA_HOME=/PATH/TO/YOUR/apache-tomcat-6.0.20

Take a brief look at the directories:
- bin (scripts for starting and stopping Tomcat)
- lib (jar files for Tomcat)
- conf (configuration of Tomcat)
- logs (default location for log files)
- webapps (deployed WAR files)

Running Tomcat

Manually you can start Tomcat by running the startup.sh script (or startup.bat, depending on the operating system). The script is placed inside the $CATALINA_HOME/bin directory.

Tomcat server can be stopped with shutdown.sh script.

Make WAR not war.

Java Servlet Specification >2.2 defines the following directory hierarchy that should be recognized by any Servlet compliant server. Usually all directories which your application consists of are packed in single file - Web ARchive or shorter WAR.

myapplication
+---*.jsp
+---*.html
+---/META-INF
+---/WEB-INF
+------web.xml
+------/classes
+------*.class
+---/lib
+------*.jar

In the root directory of application you can put web pages and other resources (directories or files). META-INF directory is optional; it contains context.xml with some additional parameters for your application, and it is often included by many building tools. WEB-INF holds all the source code that is needed to run web application and deployment descriptor web.xml which describes the components of your application (servlets, pages, security constraints...). Classes directory contains compiled java classes and lib directory contains any additional .jar files needed for your application.

Deploying WAR

WAR is deployed by putting it in $CATALINA_HOME/webapps directory. Tomcat will automatically unpack web archive and run your application. But it is ok with Tomcat to deploy your application unpacked.

Deployment descriptor web.xml

Servlets must be declared with Servlet element and Servlet-mapping element (when url pattern is requested, route the request to default servlet).

<servlet>
<servlet-name>default</servlet-name>
<servlet-class>
org.apache.catalina.servlets.DefaultServlet
</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>listings</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>

Servlet is invoked at url:

http://<host name>/<context path>/servlet/<servlet name>

Next example shows that all URL requests containing *.jsp will be handled by the processJsp servlet:

<servlet>
<servlet-name>processJsp</servlet-name>
<servlet-class>com.example.servlet.MyJspServlet</servlet-class>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>processJsp</servlet-name>
<url-pattern>*.jsp</url-pattern>
</servlet-mapping>

Build war file from command line

> cd /path/to/hello
> jar cvf hello.war

Enabling HTTPS on Tomcat

In server.xml uncomment the <Connector> element which allows https.

<Connector port="8443" protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="/path/to/certificates/tomcat.keystore"
keystorePass="tomcat"/>

Generate self-signed certificate, fill the fields you are asked for.

> $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA

To tell your web application to start using HTTPS add the following lines into web.xml file of your web application. Element <transport-guarantee>NONE</..> element allows HTTP and HTTPS. be using https only. HTTP requests will be automatically switched to HTTPS.

<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Possible values for <transport-guarantee>:
- NONE (http and https)
- CONFIDENTIAL (https only)

Realms

Realms offer authentication mechanism to secure your application.

Form based realm
Custom realm
JDBC realm

Path to file

How to set path to a file from web application deployed on Tomcat. Absolute paths are not very convenient to use.
getRealPath("relative/path/to/file.txt") method returns the absolute path of the file in web application (absolute path to webapp + relative path to the file).

String resource = getServletContext().getRealPath(
"WEB-INF/classes/si/matjaz/config/file.txt");

Deploying web application

There are several ways to deploy your web application

- drop war file into $TOMCAT_HOME/webapps directory; war should be automatically unpacked and deployed

- add context in server.xml; web app will be automatically deployed when server starts

<Context docBase="/Absolute/Path/To/Web/Application" path="/jee" reloadable="true" />

Session timeout

Session timeout interval (in minutes) can be set in web.xml:

<session-config>
<session-timeout>5</session-timeout>
</session-config>

Session will never expire if session-timeout value is set to 0 or less.