TomcatExpert

Welcome to TomcatExpert

Home

You Can Help Improve Apache Tomcat Adoption in the Enterprise!

How? Share your insights, use cases, comments and questions on best practices for deploying, managing and operating Apache Tomcat in the Enterprise.

 

Blog : ActiveMQ and Apache Tomcat: Perfect Partners

posted by bsnyder on December 13, 2010 07:04 AM

This article is excerpted from the forthcoming book ActiveMQ In Action (http://bit.ly/2je6cQ) by Bruce Snyder, Rob Davies and Dejan Bosanac (Manning Publications, ISBN: 1933988940)

At one time or another, every software developer has the need to communicate between applications or transfer data from one system to another. Not only are there many solutions to this sort of problem, but depending on your constraints and requirements, deciding how to go about such a task can be a big decision. Business requirements oftentimes place restrictions on items that directly impact such a decision including performance, scalability, reliability and more. There are many applications that we use every day that impose just such requirements including ATMs, airline reservation systems, credit card systems, point-of-sale systems and telecommunications just to name a few. Where would we be without most of these applications in our daily lives today?

When it comes to developing and deploying Java applications, it is extremely common to use Tomcat as a runtime container. As you expand your Java applications, new business needs arise including the ability to communicate with other applications, the need to scale an application architecture and quite possibly the need to decrease application coupling just to name a few. These requirements and many more can be addressed through the use of ActiveMQ with Tomcat.

In a series of articles, you will learn about the integration of ActiveMQ and Tomcat. In the first article, you will learn a bit about Java Servlet technology, Tomcat and you will be introduced to Apache ActiveMQ. Future articles will continue to dive deeper into the topic of integrating ActiveMQ with Tomcat.

Read More

1 comments   |  

0
Rating
  |  

Developers | Tomcat 6, Tomcat 7, ActiveMQ

Blog : Apache Tomcat 7.0.5 Beta Released

posted by Stacey Schneider on December 1, 2010 10:07 AM

Announced this morning by the Apache Tomcat team:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The Apache Tomcat team announces the immediate availability of Apache Tomcat 7.0.5 beta.

Apache Tomcat 7.0.5 beta contains performance improvements in session management, a number of new features including support for parallel deployment of multiple versions of the same web application and a redesigned welcome page.

The 7.0.5 release also contains numerous bug fixes compared to 7.0.4.

Please refer to the change log for the list of changes: http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Note that this version has 4 zip binaries: a generic one and three bundled with Tomcat native binaries for Windows operating systems running on different CPU architectures.

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guide from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Thank you,

-- The Apache Tomcat Team

Read More

0 comments   |  

0
Rating
  |  

Developers, Operations | Tomcat 7

Blog : Case Study: Hyperic Goes Lean with Spring & Apache Tomcat

posted by Stacey Schneider on November 29, 2010 01:03 PM

Last fall, software provider Hyperic started on a release plan that by all accounts is a major shift in infrastructure by migrating their EJB layer to Spring 3.0 and their internal server to Apache Tomcat. Originally built in 2002, and released as open source in 2006, the Hyperic software, a web infrastructure monitoring and management application, helps some of the largest web shops in the world monitor and manage their production web applications. For any well established software, such a fundemental change to the application architecture is surely not a decision that was made lightly.

So Why Such The Change?

The obvious answer is to follow the proven mantra of eating your own dog food. In 2009, Hyperic was acquired by SpringSource, who has significant investment in both their flagship product Spring and the Apache Tomcat, through their commercial distribution of Tomcat, vFabric tc Server, and the number of Tomcat committers and experts employed directly by the company. By adopting the "company standards", they have better access to engineering support and follow software best practices of using their products just like their customers do.

However, with such an established code base and number of production customers, a shift of this magnitude is bound to delay the development of new features and potentially bug fixes, which are critical improvements needed to keep customers happy. This type of a decision therefore needs to translate quickly into financial or customer benefit.

So why the change? The answer is the Hyperic engineering team wanted to move towards lean software development, a system of development processes popular with the Agile development community. The result of the move would allow future development and bug fixes of the product to happen more quickly through simpler configuration, reduced code complexity, decreased application start time, and faster debugging process which improves the maintainability, testibility, and reliability and their Hyperic HQ 4.5 software, which was released this month. In essence, a temporary delay on a stable product release would quickly pay dividends to their development costs and ultimately provide faster development of features for their customers.

For more information on the rationale, and a detailed walk through of the migration itself, check out the complete webinar that Hyperic technical lead, Jennifer Hickey originally delivered at the SpringOne 2GX conference held in Chicago in October. A link to an audio recording of her presentation with her original slides can be found in the Knowledge Based section of the Tomcat Community here: Hyperic's Migration to Spring and Apache Tomcat Case Study presentation.

Read More

0 comments   |  

5
Rating
  |  

Developers | code migration, Hyperic, Spring Framework

Blog : Apache Tomcat Manager Application XSS Vulnerability

posted by Stacey Schneider on November 22, 2010 04:57 AM

Announced this afternoon by the Apache Tomcat team.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability

Severity: Tomcat 7.0.x - Low, Tomcat 6.0.x - Moderate

Vendor: The Apache Software Foundation

Versions Affected:

  • Tomcat 7.0.0 to 7.0.4
    • Not affected in default configuration.
    • Affected if CSRF protection is disabled
    • Additional XSS issues if web applications are untrusted
  • Tomcat 6.0.12 to 6.0.29
    • Affected in default configuration
    • Additional XSS issues if web applications are untrusted
  • Tomcat 5.5.x
    • Not affected

Description:

The session list screen (provided by sessionList.jsp) in affected
versions uses the orderBy and sort request parameters without applying
filtering and therefore is vulnerable to a cross-site scripting attack.
Users should be aware that Tomcat 6 does not use httpOnly for session
cookies by default so this vulnerability could expose session cookies
from the manager application to an attacker.
A review of the Manager application by the Apache Tomcat security team
identified additional XSS vulnerabilities if the web applications
deployed were not trusted.

Read More

0 comments   |  

0
Rating
  |  

Developers | Tomcat 6, Tomcat 7, Tomcat Manager

Blog : Apache Tomcat Connectors 1.2.31 stable

posted by Stacey Schneider on November 1, 2010 07:07 AM

Announced this morning by the Apache Tomcat team:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Apache Tomcat team announces the immediate availability of
Apache Tomcat Connectors 1.2.31 stable.

Apache Tomcat Connectors 1.2.31 concentrates mainly on bug fixes.

Please refer to the change log for the list of changes:
http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html

Downloads:
http://tomcat.apache.org/download-connectors.cgi

Please note that syncing the release to the download mirrors
might take up to 48 hours.

Thank you
--
The Apache Tomcat Team

Read More

0 comments   |  

0
Rating
  |  

Developers | Tomcat Connectors