TomcatExpert

The Top 3 Apache Tomcat 7 features now Available in Apache Tomcat 6

posted by mthomas on June 30, 2011 08:39 AM

The release of Apache Tomcat 7(out in beta last June) has made great strides in improving the overall security and general robustness of the world's most popular application server. In fact, over 450 improvements and issues have been resolved in this latest stable release. While these changes range from small to significant, what is notable is the mature architecture of Apache Tomcat has remained intact as we have seen little problems thus far in the backportability of the application. (See a special note at the end of the Crawler Session Manager Valve post where we note that the Apache Software Foundation (ASF) has upgraded its own bug tracker system , JIRA, which runs on Tomcat to version 7, and it just works--even though JIRA has not yet announced support for it). This consistency across versions of course means many bug fixes, as well as new features, are good candidates to be added to Tomcat 6. As of Tomcat 6.0.30 - these are the three that you should know about:

Memory Leak Detection/Prevention

Announced in a post here on Tomcat Expert last year, the new memory leak detection and prevention feature has been a widely anticipated new feature that addresses how Tomcat can cause memory leaks in the permanent generation (PermGen) that lead to OutOfMemoryErrors when re-loading web applications.

This feature exists in two parts. First, it prevents memory leaks through a new life-cycle listener, the JreMemoryLeakPreventionListener that calls various parts of the Java API. Its common that if the web application is the first code to call the Java APIs, the web application class loader will be pinned in memory, causing leaks. The listener ensures that Tomcat is the first to make a call, and therefore prevents the class loader from being pinned in memory. For more details on what this listener actually does, the source code is pretty well commented.

Second, it handles detection by executing code when a web application is stopped, undeployed or reloaded. It scans the code for standard causes of memory leaks, and where it can, fixes the leaks. Implemented in the WebappClassLoader, there are a series of expandable, standard API calls and some reflection tricks that help this detection feature do its job. For more on what these checks do, check out the explanation by Sylvain Laurent on the Tomcat Wiki, or of course, you can look at the source code. Start with the clearReferences() method.

Updates to these features are spread over several 6.0 versions, with 6.0.30 having the latest version of the feature.

 

CSRF Protection

Also described in a post here on Tomcat Expert earlier this year, cross-site request forgery (CSRF) protection provides built-in support to secure websites from a type of malicious attack that compromises the site’s trust in the web browser making calls within an authenticated session. Also sometimes called one-click attacks or session riding, these types of attacks come from embedded code in HTML emails, social media links or flash files that a user loads while they have an authenticated session to a specific application - such as Tomcat Manager itself. Once the malicious code runs, riding on the open authenticated session, it opens a back door to the application for the attacker to cripple a site or control the users account and potentially gain access to money.

The new CSRF Protection specifically prevents attacks directly on Apache Tomcat Manager and Apache Tomcat Host Manager, as well as provides a new CSRF Prevention Filter that companies can use to protect their own applications. The fix prevents these types of attacks by using a system of nonces, or tokens. Starting with the authentication request, the browser is sent a special token that must be provided with the next request, or in the case of more complicated applications, within a specific limit of the next series of requests. Since the token changes frequently, when the attacker sends the request, while it will reach the server, it will not include the correct token, so the server will reject the request and prevent the attack.

Protection from CSRF (Cross-Site Request Forgery) is a new feature in 6.0.30.

Windows Installer

Also new in Tomcat 6.0.30, the Windows Installer has received a number of improvements including the install/uninstall icons that are now available for updates and installation logs can now be created. Windows installer allows 32-bit JVMs to be selected when installing on a 64-bit platform. The .ini files can be replaced with the script equivalents. New manager and host-manager roles are ready to use. The installer provides the ability to edit the roles for the added user and also adds support for the /? command line switch. There is a full clean up after installation, and lastly you can add DetailPrint statements for operations that may take time and improve the descriptions of the components.

Conclusion

Upgrading your application is always a serious consideration, and due diligence to how it will affect your applications and systems should always be fully carried out. However, if any of these three features would improve the performance, security or usability of your Apache Tomcat implementation, consider upgrading your Tomcat 6 implementation. Downloads can be found directly on the Apache Tomcat site here: http://tomcat.apache.org/download-60.cgi

Mark Thomas is a Senior Software Engineer for the SpringSource Division of VMware, Inc. (NYSE: VMW). Mark has been using and developing Tomcat for over six years. He first got involved in the development of Tomcat when he needed better control over the SSL configuration than was available at the time. After fixing that first bug, he started working his way through the remaining Tomcat bugs and is still going. Along the way Mark has become a Tomcat committer and PMC member, volunteered to be the Tomcat 4 & 7 release manager, created the Tomcat security pages, become a member of the ASF and joined the Apache Security Committee. He also helps maintain the ASF's Bugzilla instances. Mark has a MEng in Electronic and Electrical Engineering from the University of Birmingham, United Kingdom.

Comments

re

I have the previous version of Apache Tomcat. Now I hear that the developer has introduced a latest version Apache Tomcat 6 which is more feature-rich. How can I upgrade to this version from my existing version. Looking forward to hear from you.

hydrophobic glass

Obat Herbal Kanker Otak

Apakah yang dimaksud dengan sakit Kanker Serviks Itu Dan Apa Penyebabnya ?
sakit Kanker Serviks yakni satu sakit yang paling tinggi resikonya untuk golongan perempuan. tipe kanker ini menyerbu pada bagian alat vital wanita khususnya di leher rahim. kanker ini yang bermula dari seputar rahim dan bila sudah memasuki tahap yang cukup parah , sel kanker akan secara cepat menyebarkan jaringannya untuk menyerang anggota tubuh lainnya.

bahaya Sakit Kanker Serviks
Seperti data yang diungkap oleh lembaga kesehatan dunia menginformasikan jika kanker rahim ini ialah pembunuh urutan pertama didunia yang diderita kaum wanita di dunia. keadaaan ini dikarenakan kepedulian masyarakat untuk menjalani pemeriksaan diri secara dini masih rendah hingga sering kali perempuan tersebut telat mendapatkan perawatan.

faktor akibat Dari sakit Kanker rahim
penyakit Kanker leher rahim ini dipicu oleh serangan virus virus infeksi human papillomavirus
Bagaimana Penularan Kanker Serviks
Perilaku tidak setia atau suka berganti ganti partner adalah salah satu cara penyebaran virus HPV menyebar ke tubuhnya dengan cara tindakan hubungan intim tidak baik.
pertanda yang biasa dirasakan :
Penderita umumnya menderita nyeri bahkan mengalami pendarahan sewaktu menjalani hubunga suami istri keputihan yang tidak pada umumnya,sulit untuk berkemih.

cara menghindari bahaya Dari Penyakit Kanker Serviks
tindakan preventif yang bisa ditempuh yakni Setia kepada pasangan masing2 dalam hal berhubungan sexual, melakukan pola hidup yang sehat,lekaslah menerima vaksin HPV .

obat obatan alami dan berkhasiat untuk pasien Kanker rahim dengan Teh K-Muricata Obat Herbal Kanker Otak

ramuan K-Muricata Herbal adalah kombinasi dari tanaman keladi tikus serta sirsak (daunnya . Teh K-Muricata merupakan solusi baik untuk menjawab keluhan penderita Penyakit kanker leher rahim.
Typhonium falgelliforme ini kaya kandungan zat super ribosome inacting protein yang berkemampuan untuk menghambat menumpas perkembangan sel kanker tanpa mengusik tubuh yang baik, mencegah munculnya sel kanker baru Obat Herbal Kanker Usus.

Pembasmi berbagai Jenis Sel Kanker leher rahimDengan Minuman amazon Plus
telah diakui jika pemusnah sel kanker terbaik saat ini Minuman herbal amazon Plus mempunyai senyawa antioksidan ampuh yaitu zaitun hydroxytirosol,asam elagik dan lycopene ialah senyawa dibelakang pengobatan kanker servik.

Teh Herbal K-Muricata dapat dipadukan dengan Obat Herbal amazon Plus sehingga pasien merasakan efek kesembuhan yang efektif menghambat menumpas macam macam jenis penyakit kanker serviks Obat Herbal Kanker Hati.

David

buy vine followersTheir work you will is amazingly readily shown ınside your blog articles; you may be an actual competent. I would prefer to supply an extra blog with the preferred varieties one shown yesterday morning. Require ones own people to look into online world.for a lot of stuff tailor-made article.buy youtube views

hay day hack I exploit solely

hay day hack I exploit solely premium quality products -- you will observe these individuals on: clash of clans hack deutsch

The official Snapchat app is

The official Snapchat app is available on iOS and Android devices only! To locate the application, launch your device's app store. In the search, you can either snapchat download for pc

nice

If you have used the new version you would not feel this is not such a great thing. But trust me during that period it was and it was totally enough for handling all that we used to do back then. online cheese shop

Good article! We are linking

Good article! We are linking to this particularly great content on our site. Keep up the good writing.
Mortgage Broker Calgary

There's definately a lot to

There's definately a lot to know about this issue. I like all the points you have made.
Edmonton Mortgage Broker
Life Insurance Vancouver
Life Insurance Calgary

Post new comment

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.