Newsletter sign-up
View all newsletters

Enterprise Java Newsletter
Stay up to date on the latest tutorials and Java community news posted on JavaWorld

Sponsored Links

Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs

JavaWorld.com

Apache readies Tomcat Java servlet container upgrade

Scalability and security to be enhanced in Tomcat 7; Apache also is set to take over the Subversion software configuration management project

By Paul Krill, InfoWorld, 11/12/09

  • Print
  • Feedback
.

The Apache Software Foundation for open source projects is readying an upgrade to its Tomcat Java servlet container, eyeing improvements in areas such as scalability and security, Apache personnel said earlier this month.

Version 7 of Tomcat is due in alpha release around the Christmas/New Year's timeframe, said Mark Thomas, an Apache member, Tomcat committer, and senior software engineer at VMware-owned SpringSource.

[ See InfoWorld's report on what's happened with Java in the two years since it was open source. ]

Tomcat is used for deploying Web sites and serves as the basis for such products as the SpringSource tc Server for running Java and Spring applications. Tomcat is used in at least 75 percent of Java-based Web sites, said Jim Jagielski, chairman of the Apache board of directors and a senior staff engineer and chief open source officer at VMware. Apache officials discussed Tomcat at the ApacheCon US 2009 conference in Oakland, Calif.

Plans for Tomcat 7 include backing for the still-unfinished Java Servlet 3.0 specification. Featured in Tomcat 7 and Servlet 3.0 are asynchronous processing capabilities to improve scalability, Apache officials said.

Dynamic configuration also is planned for Tomcat 7 as part of Servlet 3.0 support. "You can programmatically set up the configuration of your Web apps," Thomas said.

Among security improvements planned for Tomcat 7 is protection against cross-site request forgeries. Version 7 will use HTTP POST requests to make it harder for an attacker to construct an attack. A nonce request identifier also is used as a unique identifier to stifle these attackers.

The Manager application in Tomcat 7 features multiple roles for access control. "It gives system administrators more fine-grained control over who's allowed to do what," Thomas said.

Version 7 also is set to make it easier to embed Tomcat in applications and endorses generic programming objects, enabling programming errors to be found earlier in the process, at compilation time rather than runtime.

"[Generics] does make for cleaner code as well," said Thomas. Tomcat 7 also removes old code that is no longer being used.

Also at ApacheCon, the foundation and the CollabNet-sponsored Subversion project announced formal submission of the open source Subversion software configuration management tool to Apache as an Apache Incubator project.  The move is the first step to Subversion becoming an Apache Top-Level Project.

"It's a recognition that both Subversion and Apache have grown in compatible ways," said Brian Behlendorf, who was the first president of Apache and serves on the board of directors at CollabNet.

CollabNet will continue to host the nine-year-old Subversion project at the Tigris.org Web page while Subversion undergoes incubation at the foundation.

Putting Subversion under Apache jurisdiction addresses a situation in which there has been a lot of personnel overlap between Apache and Subversion Corporation, which has had jurisdiction over Subversion but will eventually be disbanded, according to Apache members.


For more enterprise computing news, visit InfoWorld. Story copyright InfoWorld Media Group, Inc.

  • Print
  • Feedback

Resources