Tomcat -- The Java Web Server

When software written in the JavaTM programming language is compiled with Java technology, byte code results. Another piece of Java technology, the Java virtual machine, can explain (interpret) that byte code to any platform on which the Java virtual machine is installed. No more porting of programs to platforms. The Java technology takes programming to a new meeting of the minds, where issues that arise from different operating systems and platforms are resolved by an interpretation process.

JSPTM IMPLEMENTATIONS & SPECIFICATIONS

JavaServer PagesTM (JSPTM) technology offers a simple way to create dynamic web pages that are both platform-independent and server-independent, giving you more freedom through Java technology's "Write Once, Run AnywhereTM" capability.

JSP technology separates content generation from presentation and takes advantage of reusable tags and objects, simplifying the maintenance of your web applications. It's your choice -- JSP technology provides the scripting ability you need to create simple interactive Web pages, or it scales to support complex web sites that are fully integrated with enterprise class applications.

Java Servlet technology provides Web developers with a simple, consistent mechanism for extending the functionality of a Web server and for accessing existing business systems. A servlet can almost be thought of as an applet that runs on the server side--without a face. Java servlets make many Web applications possible.

JavaServer Pages (JSP) technology provides a simplified, fast way to create dynamic web content. JSP technology enables rapid development of web-based applications that are server- and platform-independent.

As soon as the Web began to be used for delivering services, service providers recognized the need for dynamic content. Applets, one of the earliest attempts toward this goal, focused on using the client platform to deliver dynamic user experiences. At the same time, developers also investigated using the server platform for this purpose. Initially, Common Gateway Interface (CGI) scripts were the main technology used to generate dynamic content. Though widely used, CGI scripting technology has a number of shortcomings, including platform dependence and lack of scalability. To address these limitations, Java Servlet technology was created as a portable way to provide dynamic, user-oriented content.

Instructions and Manual:

1. Install Tomcat

1) Download

Go to this link http://jakarta.apache.org/tomcat/ .Download and Install the Tomcat 5 Binary Distribution.

2) Configuration and Starup

Go to this link for more information: http://java.sun.com/webservices/docs/1.3/tutorial/doc/

Set an environment variable JAVA_HOME to the pathname of the directory into which you installed the SDK release. (Control Panel->System->Advanced->Environment Variables->New(Java_HOME c:\j2sdk1.4.2_05)

Tomcat 5 can be started by executing the following commands:

$CATALINA_HOME\bin\startup.bat (Windows)

$CATALINA_HOME/bin/startup.sh (Unix)

Note: CATALINA_HOME is the install directory of Tomcat.

After startup, the default web applications included with Tomcat 5 will be available by visiting:

http://localhost:8080/

3) Shut Down Tomcat 5

Tomcat 5 can be shut down by executing the following command:

$CATALINA_HOME\bin\shutdown (Windows)

$CATALINA_HOME/bin/shutdown.sh (Unix)

4) Enable Invoker Servlet

To enable the invoker servlet, uncomment the following servlet and servlet-mapping elements in install_dir/conf/web.xml. Remember to make a backup copy of the original version of this file before you make the changes.

    
<servlet>
<servlet-name>invoker</servlet-name>
<servlet-class>
org.apache.catalina.servlets.InvokerServlet
</servlet-class>
   ...
</servlet>
   ...
<servlet-mapping>
<servlet-name>invoker</servlet-name>
<url-pattern>/servlet/*</url-pattern>
</servlet-mapping>

Before trying your own servlets or JSP pages, you should make sure that the server is installed and configured properly. For Tomcat, click on install_dir/bin/startup.bat (or execute install_dir/bin/startup.sh on Unix/Linux). Next, enter the URL http://localhost/ in your browser and make sure you get the Tomcat welcome page, not an error message saying that the page could not be displayed or that the server could not be found. If you chose not to change the port number to 80, you will need to use a URL like http://localhost:8080/ that includes the port number.

2. Download and Install other softwares

1)Download and Install Java WSDP(Web Services Developer Pack)

Please download from this link http://java.sun.com/webservices/downloads/webservicespack.html

This software will include ant(the build software).

2)Download sample code jwsdp-1_3-tutorial.zip

I download it from http://www.prism.uvsq.fr/users/viemont/DESS%20IRS%20(Ingenierie%20des%20Reseaux%20et%20des%20Systemes)/Cours-Java-Sun/ . Please notice this link may not be available after some time. Unzip it and put it in a directory. For example, I put it under the directory c:\jakarta-tomcat-5.

3 System Configuration

  • Add the bin directory of your J2SE SDK installation to the front of your path.
  • Add <JWSDP_HOME>/bin to the front of your path so that Java WSDP 1.3 scripts override other installations
  • Add <JWSDP_HOME>/jwsdp-shared/bin to the front of your path so the Java WSDP 1.3 scripts that are shared by multiple components override other installations.
  • Add <JWSDP_HOME>/apache-ant/bin to the front of your path so that the Java WSDP 1.3 Ant script overrides other installations.
  • Add <JWSDP_HOME>/apache-ant to the front of your ANT_HOME
  • Set the following properties in the file <INSTALL>/jwstutorial13/examples/common/build.properties:
  • 4 Authentication File Configuration

    Open the file <JWSDP_HOME>/conf/tomcat-users.xml in a text editor. The file should contain at the very least the user name for the installer of the Java WSDP, the password specified by that user during installation, and the roles of admin and manager. Add the new role of loginUser to this file, and authorize at least one of the users to assume this role. The completed file should look like this, with the information that needs to be added highlighted in bold type. If there are more users, just imitate the bold line to add username, password or role. In fact, we also specify username and password in <INSTALL>/jwstutorial13/examples/common/build.properties. From the theory, the values should be identical. However, if there are multiple users, what should we do? I have tested that in buld.properties, the username and password should be the same as one of the entries. Another user can also log in.

    <?xml version='1.0'?>
    <tomcat-users>
      <role rolename="manager"/>
      <role rolename="admin"/>
      <role rolename="loginUser"/>
      <user username="your_name" password="your_password"
        roles="admin,manager,loginUser"/>

    </tomcat-users>

    5 Copy catalina-ant.jar File

    Copy the catalina-ant.jar in c:\jakarta-tomcat-5\server\lib to the $ANT_HOME/lib folder.

    6 Install Authentication Package

    1)Go to the <INSTALL>/jwstutorial13/examples/security/login/ directory.

    2)In the command prompt, input "ant build".

    3)Start Tomcat.

    4)In the command prompt, input "ant install".

    The files are copied into <INSTALL>/webapps/, the directory name is login.

    5)Run the Web client by entering the following URL in your Web browser: http://localhost:8080/login.

    6)Input your_name, your_password.

    Please note, Make sure that the user name and password in your build.properties file(in c:\jakarta-tomcat-5\jwstutorial13\examples\common) match a user name and password with the role of manager in the tomcat-users.xml file.

    7 Modify

    If you've made changes to the application since it was installed, eg, modify the jsp pages, use ant reload to update the application in Tomcat.

    NOTE: The /WEB-INF/web.xml web application configuration file is not reread on a reload. If you have made changes to your web.xml file you must stop then start the web application.

    8 Installing and Configuring SSL Support

    1) Introduction to SSL

    Secure Socket Layer (SSL) is a technology that allows Web browsers and Web servers to communicate over a secured connection. In this secure connection, the data that is being sent is encrypted before being sent, then decrypted upon receipt and prior to processing. Both the browser and the server encrypt all traffic before sending any data.

  • Authentication
  • During your initial attempt to communicate with a Web server over a secure connection, that server will present your Web browser with a set of credentials in the form of a server certificate. The purpose of the certificate is to verify that the site is who and what it claims to be. In some cases, the server may request a certificate that the client is who and what it claims to be (which is known as client authentication).

  • Confidentiality
  • When data is being passed between the client and server on a network, third parties can view and intercept this data. SSL responses are encrypted so that the data cannot be deciphered by the third-party and the data remains confidential.

  • Integrity
  • When data is being passed between the client and server on a network, third parties can view and intercept this data. SSL helps guarantee that the data will not be modified in transit by that third party.

    2) Generate Certificates

    A certificate can be purchased from a well-known Certificate Authority (CA). If authentication is not really a concern, such as if an administrator simply wants to ensure that data being transmitted and received by the server is private and cannot be snooped by anyone eavesdropping on the connection, you can simply save the time and expense involved in obtaining a CA certificate and simply use a self-signed certificate.

    SSL uses public key cryptography, which is based on key pairs. Key pairs contain one public key and one private key. If data is encrypted with one key, it can only be decrypted with the other key of the pair. This property is fundamental to establishing trust and privacy in transactions. For example, using SSL, the server computes a value and encrypts the value using its private key. The encrypted value is called a digital signature. The client decrypts the encrypted value using the server's public key and compares the value to its own computed value. If the two values match, the client can trust that the signature is authentic since only the private key could have been used to produce such a signature.

    Digital certificates are used with the HTTPS protocol to authenticate Web clients. The HTTPS service of most Web servers will not run unless a digital certificate has been installed. Use the procedure outlined below to set up a digital certificate that can be used by your Web server to enable SSL.

    One tool that can be used to set up a digital certificate is keytool, a key and certificate management utility that ships with J2SE. It enables users to administer their own public/private key pairs and associated certificates for use in self-authentication (where the user authenticates himself/herself to other users/services) or data integrity and authentication services, using digital signatures. It also allows users to cache the public keys (in the form of certificates) of their communicating peers. For a better understanding of keytool and public key cryptography, read the keytool documentation at the following URL: http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html  

    To create a server certificate:

    a) Create the keystore. If you create a server certificate, you will reference it from the Tomcat deployment descriptor so that you can use SSL.
     \j2sdk1.4.2_05\bin\keytool -genkey -alias server-alias -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks

    b) Export the certificate from the keystore.

    \j2sdk1.4.2_05\bin\keytool -export -alias server-alias -storepass changeit -file server.cer -keystore keystore.jks

    c) Sign the certificate. Because we don't need CA, we can skip this step.

    d) Import the certificate into a trust-store. A trust-store is a repository of certificates used for verifying the certificates. A trust-store typically contains more than one certificate.

    \j2sdk1.4.2_05\bin\keytool -import -v -trustcacerts -alias server-alias -file server.cer -keystore cacerts.jks -keypass changeit -storepass changeit

    Miscellaneous Commands for Certificates

    All keystore entries (key and trusted certificate entries) are accessed via unique aliases. This specifies an initial password of "changeit" required by subsequent commands to access the private key associated with the alias duke.

    3) Enable or add an SSL HTTPS Connector to your Web server.

    a) shut down Tomcat Server.

    b) To enable the Connector element for Tomcat, find the following section in the file <JWSDP_HOME>/conf/server.xml, remove the comment tags surrounding it, and add the code in bold to specify the keystore information.

    <Connector 
    port="8443" 
    maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
    enableLookups="false" disableUploadTimeout="true"
    acceptCount="100" debug="0" scheme="https" secure="true"
    <clientAuth="false" sslProtocol="TLS"
    keystoreFile="<path_to_keystore>/keystore.jks"
    keystorePass="changeit"
    />

    Please note that the keystore is by default stored in a file named .keystore and the default path_to_keystore is the directory of <JWSDP_HOME>. If it is the case, you can omit this part. The default keystorePass is "changeit", you can omit this item if the configuration is as default.

    4) Specifying a Secure Connection

    To configure HTTP basic or form-based authentication over SSL, specify CONFIDENTIAL or INTEGRAL within the <transport-guarantee> elements in <JWSDP_HOME>\webapps\login\WEB-INF\web.xml. Specify CONFIDENTIAL when the application requires that data be transmitted so as to prevent other entities from observing the contents of the transmission. Specify INTEGRAL when the application requires that the data be sent between client and server in such a way that it cannot be changed in transit.

    If you specify CONFIDENTIAL or INTEGRAL as a security constraint, that type of security constraint applies to all requests that match the URL patterns in the Web resource collection, not just to the login dialog.

    Any page within an application can be requested over a secure socket by simply prefixing the address with https: instead of http:.

    9 Questions

    1) After I load logonError.jsp, if I click "Try again.", the page will not be redirected to logon.jsp. Why?

    A: It will work well as follows.

    <c:url var="url" value="index.jsp"/>

    <p><a href="index.jsp">Please try again.</a></p>

    2) After I modify server.xml to configure SSL (include className in connector), if I start Tomcat, it comes out a DOS prompt and disappears quickly.

    A: run tomcat on a command prompt. don't use startup. you can observe the error and get it resolved. check if there is come other server running on the same port.

    C:\jakarta-tomcat-5.0.16\bin>catalina run

    The easiest way to determine the problem is to run tomcat in the DEBUG mode like "catalina debug" in the command prompt for Win.

    กก