Apache Tomcat

  



Improving Apache Tomcat Security - A Step By Step Guide Apache Tomcat boasts an impressive track record when it comes to security. According to the official Apache Tomcat Wiki Pages, there has never been a reported case of actual damage or significant data loss due to a malicious attack on any Apache Tomcat instance. The output should be compared with the contents of the SHA256 file. Similarly for other hashes (SHA512, SHA1, MD5 etc) which may be provided. Windows 7 and later systems should all now have certUtil.

Update for 2020! We’ll Cover a Total of 9 Reasons to Use Tomcat in This Post.

Born out of the Apache Jakarta Project, Tomcat is an application server designed to execute Java servlets and render web pages that use Java Server page coding. Accessible as either a binary or a source code version, Tomcat’s been used to power a wide range of applications and websites across the Internet. At the time of writing, it’s definitely one of the more popular servlet containers available.

Don’t take my word for it, though – why not give it a try yourself?

Here are five of our favorite uses for Apache Tomcat server to run your website’s Java applications – and a few reasons it’s a great choice for you.

It’s Incredibly Lightweight

Apache Tomcat 9

Even with JavaEE certification, Tomcat is an incredibly lightweight application. If offers only the most basic functionality necessary to run a server, meaning it provides relatively quick load and redeploy times compared to many of its peers, which are bogged down with far too many bells and whistles. This lightweight nature also allows it to enjoy a significantly faster development cycle.

Of course, if you’re looking for a feature-rich application server, then Tomcat might not be the best choice for you. If you just want a quick-and-easy means to run your applications, though? Go with Tomcat – you won’t regret your choice.

It’s Open-Source

For me, open-source always counts as a win. Tomcat’s free, and the source code for the server is readily available to anyone who’d care to download it. What this means is that – assuming you’re willing to tinker with the moving parts of your server – you’ve got an incredible degree of freedom insofar as what you want to do with a Tomcat installation.

It’s Highly Flexible

Thanks to its lightweight nature and a suite of extensive, built-in customization options, Tomcat is quite flexible. You can run it in virtually any fashion you choose, and it’ll still work as intended. The fact that it’s open-source helps as well, since you can tweak it to fit your needs, provided you’ve the knowledge to do so.

Your Server Will Be More Stable

Tomcat is an extremely stable platform to build on – and using it to run your applications will contribute to your server’s stability, as well. This is because Tomcat runs independently of your Apache installation – even if a significant failure in Tomcat caused it to stop working, the rest of your server would run just fine.

It Offers An Extra Level Of Security

Many organizations choose to position their Tomcat installation behind an extra firewall, accessible only from the Apache installation. In short, depending on how you implement your Tomcat installation, it can add an extra layer of security to your server – which is never a bad thing.

It’s mature

Tomcat has existed for nearly 20 years, allowing it to mature over time. As open-source software maintained by the open source community, new releases and updates come out regularly. Tomcat’s maturity has turned it into one of the most stable application servers for software development and deploying Java applications. It is a stable option that has grown with great community support.

It’s well-documented

Tomcat has a variety of good documentation available, including a wide range of online tutorials that can be viewed or downloaded. This makes it a popular choice to fill the role of an application server in almost all Java web applications. Whether you are looking for startup settings, hardening and security guides, installation instructions, or server configuration notes, Tomcat has you covered.

It’s the most widely used Java application server

Tomcat is estimated to hold over 60 percent of the market share of all Java application server deployments, making it the most popular application server used with Java web applications. Technically, it does not implement all the features required of a Java EE application server, but it does enable you to run Java EE applications. Tomcat acts as a “webserver” or “servlet container,” However, that’s more of a terminology stipulation than anything else.

It’s geared towards Java-based content

Tomcat Vs Apache Web Server

In contrast to Apache HTTPS Server, Tomcat was developed to offer the JSP functionality not available through Apache HTTPS Server. The latter is better suited for handling both static and dynamic (and usually PHP-based) web content but does not have the ability to manage Java Servlets and JSP.

The best part is that both can be run side by side for projects involving both Java and PHP-based content. In that case, Apache can handle static and dynamic content and Tomcat can handle the JSP. For sites entirely built on JSP, Tomcat is the best bet.

As a Java Servlet container that provides extended functionality to interact with Java Servlets, Tomcat is a powerful option to execute Java servlets and render web pages that use Java Server page coding. Tomcat enables a pure Java web server environment, bringing together Java-based technologies to run applications built on Java programming language. While its flexibility and interoperability enable Apache Tomcat to behave as a web application server under certain conditions, its true identity is primarily as a Java servlet container.

As a lightweight, highly flexible option, Tomcat enables quick load and redeploy times without sacrificing built-in customization options. In addition to providing stability, it also offers extra security for organizations that choose to position their Tomcat installation behind an extra firewall. Developers looking to run applications that operate seamlessly and fast should consider Tomcat as an option.

Matthew Davis

Matthew Davis is a technical writer and Linux geek for Future Hosting.

Content

Apache Tomcat

The Apache Tomcat® software is an open source implementationof the Java Servlet, JavaServer Pages, Java Expression Language and JavaWebSocket technologies. The Java Servlet, JavaServer Pages, Java ExpressionLanguage and Java WebSocket specifications are developed under theJava CommunityProcess.

The Apache Tomcat software is developed in an open and participatoryenvironment and released under theApache License version 2. TheApache Tomcat project is intended to be a collaboration of the best-of-breeddevelopers from around the world. We invite you to participate in this opendevelopment project. To learn more about getting involved,click here.

Apache Tomcat software powers numerous large-scale, mission-critical webapplications across a diverse range of industries and organizations. Some ofthese users and their stories are listed on thePoweredBywiki page.

Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcatproject logo are trademarks of the Apache Software Foundation.

2021-04-06 Tomcat 10.0.5 Released

The Apache Tomcat Project is proud to announce the release of version 10.0.5of Apache Tomcat. This release is targeted at Jakarta EE 9.

Apache Tomcat 9.0 Download

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10without changes. Java EE applications designed for Tomcat 9 and earlier may beplaced in the $CATALINA_BASE/webapps-javaee directory and Tomcatwill automatically convert them to Jakarta EE and copy them to the webappsdirectory. This conversion is performed using theApache Tomcatmigration tool for Jakarta EE tool which is also available as a separatedownload for off-line use.

The notable changes in this release are:

Apache Tomcat
  • Fix a regression in 10.0.4 that meant that an error during an asynchronous read broke all future asynchronous reads associated with the same request instance.
  • Prevent concurrent calls to ServletInputStream.isReady() corrupting the input buffer.
  • Update the packaged version of Tomcat Native to 1.2.27 to pick up binaries built with OpenSSL 1.1.1k.

Full details of these changes, and all the other changes, are available in theTomcat 10changelog.

2021-04-06 Tomcat 9.0.45 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.45of Apache Tomcat. The notable changes compared to 9.0.44 include:

  • Fix a regression in 9.0.44 that meant that an error during an asynchronous read broke all future asynchronous reads associated with the same request instance.
  • Prevent concurrent calls to ServletInputStream.isReady() corrupting the input buffer.
  • Update the packaged version of Tomcat Native to 1.2.27 to pick up binaries built with OpenSSL 1.1.1k.

Full details of these changes, and all the other changes, are available in theTomcat 9changelog.

2020-04-06 Tomcat 8.5.65 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.65of Apache Tomcat. The notable changes compared to 8.5.64 include:

  • Fix a regression in 8.5.64 that meant that an error during an asynchronous read broke all future asynchronous reads associated with the same request instance.
  • Prevent concurrent calls to ServletInputStream.isReady() corrupting the input buffer.
  • Update the packaged version of Tomcat Native to 1.2.27 to pick up binaries built with OpenSSL 1.1.1k.

Full details of these changes, and all the other changes, are available in theTomcat 8.5changelog.

2021-04-06 Tomcat Native 1.2.28 Released

The Apache Tomcat Project is proud to announce the release of version 1.2.28 ofTomcat Native. The notable changes since 1.2.27 include:

Apache Tomcat Installation

  • Correct a regression in the fix for 65181 that prevented an error message from being displayed if an invalid key file was provided and no OpenSSL Engine was configured.

Download |ChangeLog for 1.2.28

2021-02-18 Tomcat Migration Tool for Jakarta EE 0.2.0 Released

The Apache Tomcat Project is proud to announce the release of 0.2.0 of theApache Tomcat Migration Tool for Jakarta EE. This release contains a number ofbug fixes and improvements compared to version 0.1.0.

The notable changes in this release are:

  • Various fixes to the packages that are and are not converted
  • A new option to process zip archives in memory to support zip files that use options that are incompatible with a streaming approach
  • A new option to exclude files from transformation

Apache Tomcat 7

Apache Tomcat

Full details of these changes, and all the other changes, are available in thechangelog.

2021-02-05 Tomcat 7.0.108 Released

The Apache Tomcat Project is proud to announce the release of version 7.0.108 ofApache Tomcat. This release contains a number of bug fixes and improvementscompared to version 7.0.107.

  • Fix a potential file descriptor leak when WebSocket connections are attempted and fail. Patch provided by Maurizio Adami.

Full details of these changes, and all the other changes, are available in theTomcat 7 changelog.

Note: End of life date for Apache Tomcat 7.0.x is announced.Read more...

2020-03-06 Tomcat Connectors 1.2.48 Released

Apache Tomcat 9

The Apache Tomcat Project is proud to announce the release of version 1.2.48 ofApache Tomcat Connectors.This version fixes a number of bugs found in previous releases.

Download |ChangeLog for 1.2.48

2015-03-17 Apache Standard Taglib 1.2.5 Released

Apache Tomcat

Apache Tomcat 8.5

The Apache Tomcat Project is proud to announce the release of version 1.2.5 ofthe Standard Taglib. This tag library provides Apache's implementation of the JSTL 1.2 specification.

Version 1.2.5 is a minor bug fix release reverting a change made in 1.2.1 where<c:import> modified the HTTP method during POST operations, and fixing anissues that resulted in an AccessControlException during startup unlesspermission was granted to read the accessExternalEntity property.

Please see the Taglibs section for more details.

Tomcat

Download |Changes

2013-11-11 Tomcat Maven Plugin 2.2 Released

The Apache Tomcat team is pleased to announce the release of Tomcat Maven Plugin 2.2.Changelog available here.

The Apache Tomcat Maven Plugin provides goalsto manipulate WAR projects within the Apache Tomcat servlet container.

The binaries are available from Maven repositories. You should specify theversion in your project's plugin configuration:

or

Old news