TomcatExpert

Apache Valve Catalog

posted by chanthing on December 21, 2011 05:48 AM

1. Introduction

My last article for Tomcat Expert described various aspects of the Valve construct of Apache Tomcat: some basics about how to implement and configure a valve and an example of where things could go wrong if you were unaware of the operational details. For those of you who don’t remember (or didn’t read the article in the first place), the key takeaway was that because Tomcat valves are maintained as a chain, the order in which the valves are added to the configuration (typically in conf/server.xml) is significant, and the code that implements the filter must conclude with a call to invoke the next filter in the chain.

This time we’re going to lighten things up a bit with a general survey of what valves are available and how one might put them to use. Given the imminent arrival of the winter holiday season, one might think of it as the Apache Tomcat Valve Gift Catalog. Peruse it and find just the right gift for your favorite Tomcat administrator.

For each valve, I’ll describe its functionality, the most important configuration parameters, and point out any configuration subtleties that might not be apparent from the stock documentation. that can be found at http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html. If there are any less well-known attributes or “secret” parameters associated with the valve, I’ll describe them.

 

2. Request Logging

2.1 Access Log Valve

The AccessLogValve can be configured at the context, host, or engine level and will log requests made to that container to a file. Attributes of AccessLogValve control the directory, the filename, and the format of the data to be written, including the ability to write information about headers (incoming and outgoing), cookies, and session or request attributes.

While the documentation says “The files produces by this Valve are rolled over nightly at midnight”, the frequency of rotation can be controlled by the fileDateFormat attribute. Unfortunately, there is no built-in way to specify rotation based on log file size. However, on Unix-type systems (including Linux) there is an attribute checkExists. When checkExists is true the valve will check for the existence of the logfile before every attempt to log and if the file does not exist it will be created. This allows the use of an external program to monitor and rotate the log files. When using this functionality you should disable the rotating functionality of AccessLogValve by setting rotatable to false.

AccessLogValve interacts with the RemoteIPValve via the requestAttributesEnabled attribute. If this is set to true, then the request attributes set by RemoteIPValve will be logged. (This is used for instance, to log the true originating IP address of a request rather than that of an intervening proxy).

Note that if you’re migrating an installation from Tomcat 6 to Tomcat 7, the resolveHosts attribute is no longer supported; you need to use the enableLookups attribute of the particular connector in order to log the hostname of the requestor rather than its IP address.

2.2 Extended Access Log Valve

ExtendedAccessLogValve is a variant of the AccessLogValve that supports the Extended Log File Format defined by the W3C. It differs from AccessLogValve in the supported log pattern values.

3. Access Control

3.1 Remote Address Filter

RemoteAddressFilter is a subclass of the abstract class RequestFilterValve that filters requests based on the originating address of the request. The attributes allow and deny are regular expressions ala java.util.regex. The requestor’s address is initially compared to the deny expression. If it matches, the request is rejected, otherwise (and including the case where no deny expression is specified) the address is next compared to the allow expression. If one is specified, then the address must match or the request is rejected.

So a key element here is that the valve first compares the address with the deny attribute, so if the set of strings matching deny are not mutually exclusive with those matching allow, requests from addresses present in both sets will be denied.

There is an attribute, denyStatus, that allows you to change the HTTP response code returned for rejected requests.

In order to filter on the true originating IP address, rather than that of an intervening proxy, one should configure the RemoteIPValve in the filter chain prior to RemoteAddressFilter.

Finally, don’t be fooled by the unfortunate name of this valve. While the documentation and other texts refer to it as the Remote Address Filter, the className attribute you specify when configuring it is org.apache.catalina.valves.RemoteAddrValve.

3.2 Remote Host Filter

RemoteHostFilter provides essentially the same functionality as RemoteAddressFilter except that it compares the hostname instead of the IP address. It too is subclassed from RequestFilterValve, so the only real difference from RemoteAddressFilter is the request property that gets compared to the allow and deny regular expressions.

The caveat regarding RemoteIPValve discussed above for RemoteAddressFilter also applies here.

4. Accessory Valves

4.1 Remote IP Valve

RemoteIPValve is used in conjunction with the preceding valves to provide those valves with the true originating IP address, hostname, and protocol of the request being processed. This is crucial when requests pass through a proxy or other intermediary system that might mask the true originating system and protocol.

When using this valve, it is vital that it appear in the configuration prior to any valve that is relying on its behavior. Remember the lesson we learned in my last article: the valve pipeline is ordered and behavior can change based upon the order the valves are specified in the configuration file.

In all but the most rare cases, one should let the requestAttributeEnabled attribute remain its default value, which is true.

5. Conclusion

This has been a short summary of the Apache Tomcat valves that are available to log requests and the valves that are available to control access to the configured context (based on hostname or IP address). Future articles will cover further categories of valves.

Channing Benson has over 20 years of experience in the computer industry. Throughout his tenure he has helped customers adopt and master developing technologies, starting with  X11/Motif on Unix-based workstations, cross-Unix porting and C language optimization, and Linux development and performance tuning. While working at HP, he contributed to the FOSSology Open Source project. Channing has been a Java programmer/architect since its genesis in 1995, working primarily to help customers and independent software vendors optimize their programs for the latest available platforms, from EJBs and J2EE to Spring on lightweight containers like Tomcat and tc Server, and now cloud hosts like Cloud Foundry and high performance data grids like GemFire.

 

Comments

It’s a lot more troublesome

It’s a lot more troublesome running Tomcat as a standalone. A few people I know despise installing Apache in front of it. Personally I prefer this because of the load balancing module for scaling cluster- supportive applications in Tomcat instances. sell rewards points

GAME HACK

how to hack hungry shark evolution It is somewhat fantastic, and yet check out the advice at this treat. clash of clans gemmes illimité sans jailbreak

buy social media

buy social media followers Actually I read it yesterday but I had some thoughts about it and today I wanted to read it again because it is very well written. get real youtube views

I really like it when folks

I really like it when folks come together and share views. Great blog, stick with it!
Mortgage Broker Calgary

good After finishing setup

good After finishing setup browse to bluestacks home page SHAREit PC It could share the programs, Films, Files, Videos from one android without Wi Fi Connections fundamentally to a different android. nice.

awsome so that you can use

awsome so that you can use xender for pc.So let us begin to use Xenderdownloadapps.com nice.

excellent site

excellent site
كلاش
لعبه
اجاريو
العاب المزرعة السعيدة

Thanks

Thanks for thid.
Nice.
SMART TOOL FOR ADVERTISE
IM Conversion download
IM Conversion REVIEW | IM Conversion bonus | IM Conversion features
Click here | See more

<a href="http://salesenvyreviewz.net/" rel="dofollow">SALESENVY REVIEW</a>

<a href="http://salesenvyreviewz.net/" rel="dofollow">SALESENVY REVIEW</a>

Watch Latest Pakistani Talk Shows and Dramas Online HD at ViiTV

I wrote about a similar issue, I give you the link to my site.
Mere Mutabiq

Nice Post

Great post on apache valve

https://clashroyaleapk.org

These new, refined valves are

These new, refined valves are much beneficial to the users. I am getting some help me with my essay and as soon as that's done I will try to get a module.

is cosmetic surgery good or bad

Plastic surgery is very good cosmetic surgery which is use to remove the damage part of the body.plastic surgery before and after women< But sometimes this surgery is cosmetic bad for the people.

msry

صور

صور حزينه

نكت
3

Installing apache tomcat is

Installing apache tomcat is very hard and huge process. I have trouble in rebooting the server and running it as per the custom essays blogs. The application need special extension to run in tomcat it is not environmental friendly and other platforms applications cannot run easily in this server. Faced lots of trouble in running tomcat sever.

IMO APP

I have been checking out a few of your stories and i can state pretty good stuff. I will definitely bookmark your blog.. imo beta app

Well i am amazed by its

Well i am amazed by its sophisticated technology implemented in making it. Especially the remote control system in Apache valve catalog. I have read from best ira companies blogs on this new valves and now feel fortunate to go through the specifications of it here.

Implementing and configuring

Implementing and configuring valves in Apache Tomcat is a very difficult task so it needs clear knowledge about both Apache and valves. The article given here clearly explains all the steps necessary for implementing valves. Thank you. How to join Indian Army

You have shared an important

You have shared an important post right here! Actually I have been searching for the Apache Valve catalog and I got what I searched from this website. dm web solution I am so glad to get this opportunity to read the Apache Valve Catalog. Thank you!

You have provided a very

You have provided a very informative article about the Apache valve catalog. From this blog I got the complete details of implementing and configuring the valve and the full operation process. It is very helpful for me. Keep sharing blogs. birth control side effects

The selecting and

The selecting and disciplining influence—destructive, as well as creative and fashioning—which can oyster perpetual air-king be exercised by means of religion is manifold and varied, according to the sort of people placed under its spell and protection. For those who are strong and independent, destined and trained to command, in whom the judgment and skill of a ruling race is incorporated, religion is an additional means for overcoming resistance in the exercise of authority—as a bond which binds rulers and subjects in common, betraying and surrendering to the former the conscience of the latter, their inmost heart, which would fain escape obedience. And in the case of the unique natures of noble origin, if by virtue of superior breitling spirituality they should incline to a more retired and contemplative life, reserving to themselves only the more refined forms of government (over chosen disciples or members of an order).

Religion itself may be used as a means for obtaining peace from the noise and trouble of managing GROSSER affairs, and for securing immunity from the UNAVOIDABLE filth of all political agitation. The Brahmins, for instance, understood this fact. With the help of a religious organization, they secured to themselves rolex datejust the power of nominating kings for the people, while their sentiments prompted them to keep apart and outside, as men with a higher and super-regal mission. At the same time religion gives inducement and opportunity to some of the subjects to qualify themselves for future ruling and commanding the slowly ascending ranks and classes, in which, through fortunate marriage customs, volitional power and delight in self-control are on the increase. To them religion offers sufficient incentives and temptations to aspire to higher intellectuality, and to experience the sentiments of authoritative self-control, of silence, and of solitude. Asceticism and Puritanism are almost indispensable means of educating and ennobling a race which seeks to rise above its hereditary baseness replica burberry handbags and work itself upwards to future supremacy. And finally, to ordinary men, to the majority of the people.

Who exist for service and general utility, and are only so far entitled to exist, religion gives invaluable contentedness with their lot and condition, peace of heart, ennoblement of obedience, additional social happiness and sympathy, with something of transfiguration and embellishment, something of justification of all the commonplaceness, all the meanness, all the semi-animal poverty of their rolex submariner souls. Religion, together with the religious significance of life, sheds sunshine over such perpetually harassed men, and makes even their own aspect endurable to them, it operates upon them as the Epicurean philosophy usually operates upon sufferers of a higher order, in a refreshing and refining manner, almost TURNING suffering TO ACCOUNT, and in the end even hallowing and vindicating it. There is perhaps nothing so admirable in Christianity and Buddhism as their art of teaching even the lowest to elevate themselves by piety to a seemingly higher order of things, and thereby to retain their satisfaction with the actual world in which they find it difficult enough to live—this very difficulty being necessary.
23123123

Good Information

I think this information is very useful to get some idea about various aspects of the Valve construct of Apache Tomcat. This information will be very helpful to all those who are using tomcat server. Please provide more features and benefits of this server. dish network channels

nice article

I have been looking at starting a new business and this is valuable information to help me in my decision. Thank you so much for sharing and keep it up. desert safari dubai special offers

Great

You’ve written nice post, I am gonna bookmark this page, thanks for info. I actually appreciate your own position and I will be sure to come back here.
roblox, a10, color switch

Post new comment

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.