Apche Tomcat
Tomcat is a web server which implements Java Servlet Specification and Java Server Pages technology
Tomcat architecture:

You will see later that server.xml is organized in the same way as picture above.
Install Tomcat
Unzip the package wherever you like. This directory is known as the root of your Tomcat installation and is usually referenced as $CATALINA_HOME.
$CATALINA_HOME=/PATH/TO/YOUR/apache-tomcat-6.0.20
Take a brief look at the directories:
- bin (scripts for starting and stopping Tomcat)
- lib (jar files for Tomcat)
- conf (configuration of Tomcat)
- logs (default location for log files)
- webapps (deployed WAR files)
Running Tomcat
Manually you can start Tomcat by running the startup.sh script (or startup.bat, depending on the operating system). The script is placed inside the $CATALINA_HOME/bin directory.
Tomcat server can be stopped with shutdown.sh script.
Make WAR not war.
Java Servlet Specification >2.2 defines the following directory hierarchy that should be recognized by any Servlet compliant server. Usually all directories which your application consists of are packed in single file - Web ARchive or shorter WAR.
myapplication
+---*.jsp
+---*.html
+---/META-INF
+---/WEB-INF
+------web.xml
+------/classes
+------*.class
+---/lib
+------*.jar
In the root directory of application you can put web pages and other resources (directories or files). META-INF directory is optional; it contains context.xml with some additional parameters for your application, and it is often included by many building tools. WEB-INF holds all the source code that is needed to run web application and deployment descriptor web.xml which describes the components of your application (servlets, pages, security constraints...). Classes directory contains compiled java classes and lib directory contains any additional .jar files needed for your application.
Deploying WAR
WAR is deployed by putting it in $CATALINA_HOME/webapps directory. Tomcat will automatically unpack web archive and run your application. But it is ok with Tomcat to deploy your application unpacked.
Deployment descriptor web.xml
Servlets must be declared with Servlet element and Servlet-mapping element (when url pattern is requested, route the request to default servlet).
<servlet>
<servlet-name>default</servlet-name>
<servlet-class>
org.apache.catalina.servlets.DefaultServlet
</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>listings</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
Servlet is invoked at url:
http://<host name>/<context path>/servlet/<servlet name>
Next example shows that all URL requests containing *.jsp will be handled by the processJsp servlet:
<servlet>
<servlet-name>processJsp</servlet-name>
<servlet-class>com.example.servlet.MyJspServlet</servlet-class>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>processJsp</servlet-name>
<url-pattern>*.jsp</url-pattern>
</servlet-mapping>
Build war file from command line
> cd /path/to/hello
> jar cvf hello.war
Enabling HTTPS on Tomcat
In server.xml uncomment the <Connector> element which allows https.
<Connector port="8443" protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="/path/to/certificates/tomcat.keystore"
keystorePass="tomcat"/>
Generate self-signed certificate, fill the fields you are asked for.
> $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
To tell your web application to start using HTTPS add the following lines into web.xml file of your web application. Element <transport-guarantee>NONE</..> element allows HTTP and HTTPS. be using https only. HTTP requests will be automatically switched to HTTPS.
<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Possible values for <transport-guarantee>:
- NONE (http and https)
- CONFIDENTIAL (https only)
Realms
Realms offer authentication mechanism to secure your application.
Form based realm
Custom realm
JDBC realm
Path to file
How to set path to a file from web application deployed on Tomcat.
Absolute paths are not very convenient to use.
getRealPath("relative/path/to/file.txt") method returns the absolute path of
the file in web application (absolute path to webapp + relative path to
the file).
String resource = getServletContext().getRealPath(
"WEB-INF/classes/si/matjaz/config/file.txt");
Deploying web application
There are several ways to deploy your web application
- drop war file into $TOMCAT_HOME/webapps directory; war should be automatically unpacked and deployed
- add context in server.xml; web app will be automatically deployed when server starts
<Context docBase="/Absolute/Path/To/Web/Application" path="/jee" reloadable="true" />
Session timeout
Session timeout interval (in minutes) can be set in web.xml:
<session-config>
<session-timeout>5</session-timeout>
</session-config>
Session will never expire if session-timeout value is set to 0 or less.