Appendix A
Tomcat
Tomcat is the most popular servlet/JSP container today. It's free, mature, and open-sourced. You need Tomcat 7 or another compliant servlet/JSP container to run the sample applications accompanying this book. This appendix provides a quick installation and configuration guide and is by no means a comprehensive tutorial.
Downloading and Configuring Tomcat
You should first download the latest version of Tomcat from http://tomcat.apache.org. You should get the latest binary distribution in either zip or gz. Tomcat 7 requires Java 6 to run.
After you download the zip or gz file, unpack the file. You will see several directories under the installation directory.
In the bin directory, you will find programs to start and stop Tomcat. The webapps directory is important because you can deploy your applications there. In addition, the conf directory contains configuration files, including the server.xml and tomcat-users.xml files. The lib directory is also of interest since it contains the Servlet and JSP APIs that you need to compile your servlets and custom tags.
After extracting the zip or gz file, set the JAVA_HOME environment variable to the JDK installation directory.
For Windows users, it is a good idea to download the Windows installer for easier installation.
Starting and Stopping Tomcat
Once you've downloaded and extracted a Tomcat binary, you can start Tomcat by running the startup.bat (on Windows) or the startup.sh file (on Unix/Linux/Mac OS). Both files reside under the bin directory of Tomcat's installation directory. By default, Tomcat runs on port 8080, so you can test Tomcat by directing your browser to this address:
http://localhost:8080
To stop Tomcat, run the shutdown.bat (on Windows) or shutdown.sh file (on Unix/Linux/Mac OS) in the bin directory.
Defining A Context
To deploy a servlet/JSP application to Tomcat, you need to define a Tomcat context either explicitly or implicitly. Each Tomcat context represents a web application in Tomcat.
There are several ways of defining a Tomcat context explicitly, including
Creating an XML file in Tomcat's conf/Catalina/localhost directory.
Adding a Context element in Tomcat's conf/server.xml file.
If you decide to create an XML file for each context, the file name is important as the context path is derived from it. For example, if you place a commerce.xml file in the conf/Catalina/localhost directory, the context path of your application will be commerce and a resource can be invoked using this URL:
http://localhost:8080/commerce/
resourceNameA context file must contain a Context element as its root element. Most of the times the element does not have child elements and is the only element in the file. For example, here is an example context file, consisting of a single line.
The only required attribute is docBase, which specifies the location of the application. The reloadable attribute is optional, but if it is present and its value is set to true, Tomcat will monitor the application for any addition, deletion, or update of a Java class file and other resources. When such a change is detected, Tomcat will reload the application. Setting reloadable to true is recommended during development but not in production.
When you add a context file to the specified directory, Tomcat will automatically load the application. When you delete it, Tomcat will unload the application.
Another way of defining a context is by adding a Context element in the conf/server.xml file. To do this, open the file and create a Context element under the Host element. Unlike the previous method, defining a context here requires that you specify the path attribute for your context path. Here is an example:
Generally, managing contexts through server.xml is not recommended as updates will only take effect after you restart Tomcat. However, if you have a bunch of applications that you need to test quickly, like when you are learning to write servlets and JSP pages, you may find working with server.xml almost ideal as you can manage all your applications in a single file.
Finally, you can also deploy an application implicitly by copying a war file or the whole application to Tomcat's webapps directory.
More information on Tomcat contexts can be found here:
http://tomcat.apache.org/tomcat-7.0-doc/config/context.html
Defining A Resource
You can define a JNDI resource that your application can use in your Tomcat context definition. A resource is represented by the Resource element under the Context element.
For instance, to add a DataSource resource that opens connections to a MySQL database, add this Resource element.
More information on the Resource element can be found here.
http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html
Installing SSL Certificates
Tomcat supports SSL and you should use it to secure transfer of confidential data such as social security numbers and credit card details. You can generate a public/private key pair using the KeyTool program and pay a trusted authority to create and sign a digital certificate for you. The process of generating the key pair and having it signed is discussed in , SSL Certificates.
Once you receive your certificate and import it into your keystore, the next step will be to install it on your server. If you're using Tomcat, simply copy your keystore in a location on the server and configure Tomcat. Then, open your conf/server.xml file and add the following Connector element under .
maxSpareThreads="75" enableLookups="true" disableUploadTimeout="true" acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true" keystoreFile="/path/to/keystore" keyAlias="example.com" keystorePass="01secret02%%%" clientAuth="false" sslProtocol="TLS"/>
The lines in bold are related to SSL.
Appendix B
Web Annotations
Servlet 3 comes with a set of annotation types in the javax.servlet.annotation package for annotating web objects such as servlets, filters, and listeners. This Appendix lists the annotation types.
HandlesTypes
This annotation type is used to declare the class types that a ServletContainerInitializer can handle. It has one attribute, value, that is used to declare the class types. For example, the following ServletContainerInitializer is annotated with @HandleTypes that declares that the initializer can handle UsefulServlet.
@HandlesTypes({UsefulServlet.class})public class MyInitializer implements ServletContainerInitializer { }
HttpConstraint
The HttpConstraint annotation type represents the security constraints applied to all HTTP protocol methods for which a corresponding HttpMethodConstraint element is not present. This annotation type must reside within the ServletSecurity annotation.
The attributes of HttpConstraint are given in .
Attribute | Description |
rolesAllowed | A string array representing the authorized roles. |
transportGuarantee | Indicates whether or not there is a data protection requirement that must be met. The valid value is a member of the ServletSecurity.TransportGuarantee enum (CONFIDENTIAL or NONE). |
value |