Search This Blog

Tuesday, 2 February 2021

Features of Tomcat 9

 Following are the features to consider when migrating tomcat from 8.0.x or 8.5.x to 9.0.x

Java 8:

Apache Tomcat 9.0.x requires Java 8 or later. Apache Tomcat 8.0.x and 8.5.x required Java 7.

Specifications APIs:

Apache Tomcat 9 supports the Java Servlet 4.0, Java Server Pages 2.3, Java Unified Expression Language 3.0 and Java API for WebSocket 1.0

Servlet 4.0 API

In JSP pages that use wildcard import syntax the new classes added in Servlet API may conflict with ones in web applications. For example, if package "a" contains class PushBuilder, the following JSP page will cease to compile in Tomcat 9:

<%@page import="a.*"%>

<% PushBuilder pushBuilder = new PushBuilder(); %>

This happens because the implicit import of javax.servlet.http.* and the explicit import of a.* will provide conflicting definitions of class PushBuilder that was added in Servlet 4.0. The solution is to use the explicit import, import="a. PushBuilder".

BIO connector removed

The following change is present in 8.5.0 onwards. 

The Java blocking IO implementation (BIO) for both HTTP and AJP has been removed. Users are recommended to switch to the Java non-blocking IO implementation (NIO).

Comet support removed

The following change is present in 8.5.0 onwards.

 Comet support has been removed without a direct replacement. Applications using Comet are recommended to migrate to WebSockets.

HTTP/2 support added

The following feature is available since 8.5.0 onwards.

HTTP/2 is supported for h2 (over TLS, negotiated via ALPN) and h2c (clear text, negotiated via HTTP/1.1 upgrade). HTTP/2 needs to be explicitly enabled for a connector. To enable it, insert

<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />

inside the connector for which you wish to enable HTTP/2. Note that to enable HTTP/2 for a secure NIO or NIO2 connector, those connectors must be using the OpenSSL engine for TLS.

TLS virtual hosting and multiple certificate support added

The following feature is available since 8.5.0 onwards.

Tomcat 9 supports multiple TLS virtual hosts for a single connector with each virtual host able to support multiple certificates. Virtual host definitions are nested inside the Connector element with the default specified using the defaultSSLHostConfigName attribute on the Connector if more than one virtual host is specified. Certificate definitions are nested inside the virtual host.

The following example shows how to use this to configure a single APR/native connector for multiple TLS virtual hosts with each host having both an RSA and EC certificate.

<Connector port="8443"

           protocol="org.apache.coyote.http11.Http11AprProtocol"

           maxThreads="150"

           SSLEnabled="true"

           defaultSSLHostConfigName="openoffice.apache.org" >

    <SSLHostConfig hostName="openoffice.apache.org" >

        <Certificate certificateKeyFile="conf/openoffice.apache.org-rsa-key.pem"

                     certificateFile="conf/openoffice.apache.org-rsa-cert.pem"

                     type="RSA" />

        <Certificate certificateKeyFile="conf/openoffice.apache.org-ec-key.pem"

                     certificateFile="conf/openoffice.apache.org-ec-cert.pem"

                     type="EC" />

    </SSLHostConfig>

    <SSLHostConfig hostName="www.openoffice.org" >

        <Certificate certificateKeyFile="conf/www.openoffice.org-rsa-key.pem"

                     certificateFile="conf/www.openoffice.org-rsa-cert.pem"

                     type="RSA" />

        <Certificate certificateKeyFile="conf/www.openoffice.org-ec-key.pem"

                     certificateFile="conf/www.openoffice.org-ec-cert.pem"

                     type="EC" />

    </SSLHostConfig>

</Connector>

Internal APIs

Whilst the Tomcat 9 internal API is broadly compatible with Tomcat 8 there have been many changes at the detail level and they are not binary compatible. Developers of custom components that interact with Tomcat's internals should review the JavaDoc for the relevant API.

JSR-77 implementation removed

The following change is present in 8.5.0 onwards.

The JSR-77 implementation is incomplete and has been removed in 8.5.x and 9.0.x. Specifically, the following methods that exposed to JMX have been removed.

StandardContext.getServlets()

StandardContext.isStateManageable()

StandardContext.getDeploymentDescriptor()

StandardWrapper.isStateManageable()

Clustering

The following change is present in 8.5.0 onwards.

MessageDispatch15Interceptor had been used to add the Java 5 features to MessageDispatchInterceptor. MessageDispatch15Interceptor has been removed in Tomcat 8.5.x and 9.0.x by merging the Java 5 features to MessageDispatchInterceptor.

InstanceListener removed

The following change is present in 8.5.0 onwards.

The support of InstanceListener has been removed in 8.5.x and 9.0.x. Specifically, the following classes have been removed.

org.apache.catalina.InstanceListener

org.apache.catalina.InstanceEvent

org.apache.catalina.util.InstanceSupport

SessionManager

The following change is present in 8.5.0 onwards.

The following session manager attributes have been completely removed in 8.5.x and 9.0.x.

distributable

maxInactiveInterval

sessionIdLength

The replacements are as follows:

The distributable attribute has been deprecated in 8.0 and specified value is ignored. This should be configured via the Context. The value is inherited based on the presence or absence of the <distributable /> element in /WEB-INF/web.xml.

The maxInactiveInterval attribute has been deprecated in 8.0. If the value is specified, a warning log is issued. This should be configured via the Context. The value is inherited based on the value of the <session-timeout> element in /WEB-INF/web.xml.

The sessionIdLength attribute of Manager has been replaced by sessionIdLength attribute of SessionIdGenerator.

Cookies

The default CookieProcessor is now the Rfc6265CookieProcessor. The CookieProcessor is configurable per Context and the LegacyCookieProcessor may be used to obtain the 8.0.x behaviour.

Web applications

The Manager and HostManager web applications are configured by default with a RemoteAddrValve that limits access to those applications to connections from localhost.

Engine and Host configurations

The behaviour for startStopThreads has changed when the effective value is 1. In this case, children will be started on the current thread rather than via an ExecutorService configured with a single thread.

Context configurations

The clearReferencesStatic attribute has been removed in 8.5.x and 9.0.x.

Logging

By default the log files will be kept 90 days and then removed from the file system.


Tomcat 9.0.x noteable changes

The Tomcat developers aim for each patch release to be fully backwards compatible with the previous release. Occasionally, it is necessary to break backwards compatibility in order to fix a bug. In most cases, these changes will go unnoticed. This section lists changes that are not fully backwards compatible and might cause breakage when upgrading.

  • In 9.0.31 onwards, the default listen address of the AJP Connector was changed to the loopback address rather than all addresses.
  • In 9.0.31 onwards, the requiredSecret attribute of the AJP Connector was deprecated and replaced by the secret attribute.
  • In 9.0.31 onwards, the secretRequired attribute was added to the AJP Connector. If set to true, the default, the AJP Connector will not start unless a secret has been specified.
  • In 9.0.31 onwards, the allowedRequestAttributesPattern attribute was added to the AJP Connector. Requests with unrecognised attributes will now be blocked with a 403.


No comments: