JavaRanch Home
 
 
This page:         last edited 25 March 2008         What's Changed?         Edit

Tomcat Faq   

Useful pages

Front page
List of all FAQs
Content categories
Recent changes
Page formatting
Rancher pages
To Do
Upload files

Top viewed pages

ScjpMockTests
ScjpFaq
FrontPage
ScwcdLinks
CodeBarn
JavaRanchFaq
ActiveStaff
ScwcdFaq
ScbcdLinks
ScdjwsLinks

Recently edited pages

SoftwareEnhancementIde...
ScwcdWallOfFame
BookPromotionsSchedule
ScjaWallOfFame
ScjpWallOfFame
Some of the most frequently asked questions regarding Servlet development on Tomcat. Some questions may also be answered in the ServletsFaq and the JspFaq.

As any other page in this wiki, the page is editable by anyone, so don't hesitate to add useful stuff. Click on "edit this page" below to contribute.

The Official Tomcat Wiki answers many questions, and is an excellent starting point for further research:

http://wiki.apache.org/jakarta-tomcat/HowTo

Web vs Application server?

Difference between Tomcat and JBoss, Geronimo?

Is Tomcat an Application Server?

Difference between a Servlet Container and an Application Server?

See: WebVsApplicationServer


404 Errors

  • Why do I get 404 not found?
    • You are requesting a page or servlet that's not there. Check whether you are referring to an incorrect file location or have made a typo in a URL. Calling an external resource while on a computer that has no access to the Internet can also cause this.
  • What is the invoker servlet?
    • This is more of a FAQ, so it deserves its own page -> InvokerServlet

How do I see what requests are being made ?

  • Edit the file conf/server.xml
  • Uncomment the following lines
<Valve className="org.apache.catalina.valves.AccessLogValve"
       directory="logs"  prefix="localhost_access_log." suffix=".txt"
       pattern="common" resolveHosts="false"/>

Is it possible to embed Tomcat in a desktop application, so it can be used without having to be installed as a separate server ?

Yes, that's possible. You can download a special embedding version of Tomcat, which is smaller than the standard distribution, but the normal version will do as well. All the details can be found in this article.

How do I implement security for my web application ?

If all you need are named users, passwords and roles, then the web-tier authentication defined in the servlet specification may be sufficient. Check out chapter 32 of the J2EE Tutorial, particularly the sections on Web-Tier Security and Understanding Login Authentication for an introduction.

In your web.xml you need to set up three section (the servlet specification explains in detail what goes into each of these; this quick reference is also helpful):

  • security-constraint, where you set up which URL patterns are protected
  • login-config, where you define the method of login (often BASIC or FORM)
  • security-role, where you define the roles you use in your web app

You'll also need to set up a Realm where you store your users, passwords and roles; the relevant documentation part of the Tomcat docs: Realm How-To and Realm Configuration. Common options are MemoryRealm, which stores information in a file (often conf/tomcat-users.xml) or JDBCRealm, which accesses a database. The Realm to use is specified in the conf/server.xml file, in a <Realm> and a <Resource> element. Search for "UserDatabase" in your existing server.xml and you'll find the spots you need to adapt.

Once you've set this up, you can use the getRemoteUser, getUserPrincipal, getAuthType and isUserInRole methods of HttpServletRequest to find out which user is logged in, and whether that user is authenticated for a particular role.

For more detail, see this overview (some parts of which are Weblogic-specific). There's also a good introductory article on form-based login here.

The use of HTTPS/SSL can be required by adding the following to the web.xml file:


<security-constraint>
    <web-resource-collection>
        <web-resource-name>Entire Application</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
 
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

How do I enable the EL (Expression Language) for Tomcat 5?

In order for Tomcat 5 to automatically enable the Expression Language in your JSP pages, your app must be declared as a Servlets 2.4 web application in the application's web.xml deployment descriptor.

Here's how:


<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
     version="2.4">

    <display-name>The name of the application</display-name>

    <!-- rest of declarations go here -->

</web-app>

How can I control a Tomcat server on a remote machine, e.g. to restart a web app or Tomcat itself?

Tomcat comes with a number of Ant tasks that can be used to control it from afar. Some documentation about that is here.

ProxyApacheHttpdAndTomcat
Tomcat crashes with a 'java.lang.OutOfMemoryError?: PermGen? space' message. What gives?

Some discussion and proposed solutions can be found in a couple of Saloon threads here and here.

CategoryFaq

JavaRanchAbout us — Copyright © 1998-2009 Paul Wheaton