Tomcat -- The Java Web Server

When software written in the Java^TM programming language is compiled with Java technology, byte code results. Another piece of Java technology, the Java virtual machine, can explain (interpret) that byte code to any platform on which the Java virtual machine is installed. No more porting of programs to platforms. The Java technology takes programming to a new meeting of the minds, where issues that arise from different operating systems and platforms are resolved by an interpretation process.

JSP^TM IMPLEMENTATIONS & SPECIFICATIONS

JavaServer Pages^TM (JSP^TM) technology offers a simple way to create dynamic web pages that are both platform-independent and server-independent, giving you more freedom through Java technology's "Write Once, Run Anywhere^TM" capability.

JSP technology separates content generation from presentation and takes advantage of reusable tags and objects, simplifying the maintenance of your web applications. It's your choice -- JSP technology provides the scripting ability you need to create simple interactive Web pages, or it scales to support complex web sites that are fully integrated with enterprise class applications.

Java Servlet technology provides Web developers with a simple, consistent mechanism for extending the functionality of a Web server and for accessing existing business systems. A servlet can almost be thought of as an applet that runs on the server side--without a face. Java servlets make many Web applications possible.

JavaServer Pages (JSP) technology provides a simplified, fast way to create dynamic web content. JSP technology enables rapid development of web-based applications that are server- and platform-independent.

As soon as the Web began to be used for delivering services, service providers recognized the need for dynamic content. Applets, one of the earliest attempts toward this goal, focused on using the client platform to deliver dynamic user experiences. At the same time, developers also investigated using the server platform for this purpose. Initially, Common Gateway Interface (CGI) scripts were the main technology used to generate dynamic content. Though widely used, CGI scripting technology has a number of shortcomings, including platform dependence and lack of scalability. To address these limitations, Java Servlet technology was created as a portable way to provide dynamic, user-oriented content.

Instructions and Manual:

• Install Tomcat
• Download and Install Other Software
• System Configuration
• Authentication File Configuration
• Copy catalina-ant.jar file
• Install Authentication Package
• Modify
• Installing and Configuring SSL Support
• Questions

1. Install Tomcat

1) Download

Go to this link http://jakarta.apache.org/tomcat/ .Download and Install the Tomcat 5 Binary Distribution.

2) Configuration and Starup

Go to this link for more information: http://java.sun.com/webservices/docs/1.3/tutorial/doc/

Set an environment variable JAVA_HOME to the pathname of the directory into which you installed the SDK release. (Control Panel->System->Advanced->Environment Variables->New(Java_HOME c:\j2sdk1.4.2_05)

Tomcat 5 can be started by executing the following commands:

$CATALINA_HOME\bin\startup.bat (Windows)

$CATALINA_HOME/bin/startup.sh (Unix)

Note: CATALINA_HOME is the install directory of Tomcat.

After startup, the default web applications included with Tomcat 5 will be available by visiting:

http://localhost:8080/

3) Shut Down Tomcat 5

Tomcat 5 can be shut down by executing the following command:

$CATALINA_HOME\bin\shutdown (Windows)

$CATALINA_HOME/bin/shutdown.sh (Unix)

4) Enable Invoker Servlet

To enable the invoker servlet, uncomment the following servlet and servlet-mapping elements in install_dir/conf/web.xml. Remember to make a backup copy of the original version of this file before you make the changes.

    
<servlet>
<servlet-name>invoker</servlet-name>
<servlet-class>
org.apache.catalina.servlets.InvokerServlet
</servlet-class>
   ...
</servlet>
   ...
<servlet-mapping>
<servlet-name>invoker</servlet-name>
<url-pattern>/servlet/*</url-pattern>
</servlet-mapping>

Before trying your own servlets or JSP pages, you should make sure that the server is installed and configured properly. For Tomcat, click on install_dir/bin/startup.bat (or execute install_dir/bin/startup.sh on Unix/Linux). Next, enter the URL http://localhost/ in your browser and make sure you get the Tomcat welcome page, not an error message saying that the page could not be displayed or that the server could not be found. If you chose not to change the port number to 80, you will need to use a URL like http://localhost:8080/ that includes the port number.

2. Download and Install other softwares

1)Download and Install Java WSDP(Web Services Developer Pack)

Please download from this link http://java.sun.com/webservices/downloads/webservicespack.html

This software will include ant(the build software).

2)Download sample code jwsdp-1_3-tutorial.zip

I download it from http://www.prism.uvsq.fr/users/viemont/DESS%20IRS%20(Ingenierie%20des%20Reseaux%20et%20des%20Systemes)/Cours-Java-Sun/ . Please notice this link may not be available after some time. Unzip it and put it in a directory. For example, I put it under the directory c:\jakarta-tomcat-5.

3 System Configuration

4 Authentication File Configuration

Open the file <JWSDP_HOME>/conf/tomcat-users.xml in a text editor. The file should contain at the very least the user name for the installer of the Java WSDP, the password specified by that user during installation, and the roles of admin and manager. Add the new role of loginUser to this file, and authorize at least one of the users to assume this role. The completed file should look like this, with the information that needs to be added highlighted in bold type. If there are more users, just imitate the bold line to add username, password or role. In fact, we also specify username and password in <INSTALL>/jwstutorial13/examples/common/build.properties. From the theory, the values should be identical. However, if there are multiple users, what should we do? I have tested that in buld.properties, the username and password should be the same as one of the entries. Another user can also log in.

<?xml version='1.0'?>
<tomcat-users>
  <role rolename="manager"/>
  <role rolename="admin"/>
  <role rolename="loginUser"/>
  <user username="your_name" password="your_password"
    roles="admin,manager,loginUser"/>
</tomcat-users>

5 Copy catalina-ant.jar File

Copy the catalina-ant.jar in c:\jakarta-tomcat-5\server\lib to the $ANT_HOME/lib folder.

6 Install Authentication Package

1)Go to the <INSTALL>/jwstutorial13/examples/security/login/ directory.

2)In the command prompt, input "ant build".

3)Start Tomcat.

4)In the command prompt, input "ant install".

The files are copied into <INSTALL>/webapps/, the directory name is login.

5)Run the Web client by entering the following URL in your Web browser: http://localhost:8080/login.

6)Input your_name, your_password.

Please note, Make sure that the user name and password in your build.properties file(in c:\jakarta-tomcat-5\jwstutorial13\examples\common) match a user name and password with the role of manager in the tomcat-users.xml file.

7 Modify

If you've made changes to the application since it was installed, eg, modify the jsp pages, use ant reload to update the application in Tomcat.

NOTE: The /WEB-INF/web.xml web application configuration file is not reread on a reload. If you have made changes to your web.xml file you must stop then start the web application.

8 Installing and Configuring SSL Support

1) Introduction to SSL

Secure Socket Layer (SSL) is a technology that allows Web browsers and Web servers to communicate over a secured connection. In this secure connection, the data that is being sent is encrypted before being sent, then decrypted upon receipt and prior to processing. Both the browser and the server encrypt all traffic before sending any data.

During your initial attempt to communicate with a Web server over a secure connection, that server will present your Web browser with a set of credentials in the form of a server certificate. The purpose of the certificate is to verify that the site is who and what it claims to be. In some cases, the server may request a certificate that the client is who and what it claims to be (which is known as client authentication).

When data is being passed between the client and server on a network, third parties can view and intercept this data. SSL responses are encrypted so that the data cannot be deciphered by the third-party and the data remains confidential.

When data is being passed between the client and server on a network, third parties can view and intercept this data. SSL helps guarantee that the data will not be modified in transit by that third party.

2) Generate Certificates

A certificate can be purchased from a well-known Certificate Authority (CA). If authentication is not really a concern, such as if an administrator simply wants to ensure that data being transmitted and received by the server is private and cannot be snooped by anyone eavesdropping on the connection, you can simply save the time and expense involved in obtaining a CA certificate and simply use a self-signed certificate.

SSL uses public key cryptography, which is based on key pairs. Key pairs contain one public key and one private key. If data is encrypted with one key, it can only be decrypted with the other key of the pair. This property is fundamental to establishing trust and privacy in transactions. For example, using SSL, the server computes a value and encrypts the value using its private key. The encrypted value is called a digital signature. The client decrypts the encrypted value using the server's public key and compares the value to its own computed value. If the two values match, the client can trust that the signature is authentic since only the private key could have been used to produce such a signature.

Digital certificates are used with the HTTPS protocol to authenticate Web clients. The HTTPS service of most Web servers will not run unless a digital certificate has been installed. Use the procedure outlined below to set up a digital certificate that can be used by your Web server to enable SSL.

One tool that can be used to set up a digital certificate is keytool, a key and certificate management utility that ships with J2SE. It enables users to administer their own public/private key pairs and associated certificates for use in self-authentication (where the user authenticates himself/herself to other users/services) or data integrity and authentication services, using digital signatures. It also allows users to cache the public keys (in the form of certificates) of their communicating peers. For a better understanding of keytool and public key cryptography, read the keytool documentation at the following URL: http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html  

To create a server certificate:

 \j2sdk1.4.2_05\bin\keytool -genkey -alias server-alias -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks

\j2sdk1.4.2_05\bin\keytool -export -alias server-alias -storepass changeit -file server.cer -keystore keystore.jks

\j2sdk1.4.2_05\bin\keytool -import -v -trustcacerts -alias server-alias -file server.cer -keystore cacerts.jks -keypass changeit -storepass changeit

<Connector 
port="8443" 
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
<clientAuth="false" sslProtocol="TLS"
keystoreFile="<path_to_keystore>/keystore.jks"
keystorePass="changeit"
/>