Apache readies Tomcat Java servlet container upgrade

Scalability and security to be enhanced in Tomcat 7; Apache also is set to take over the Subversion software configuration management project

The Apache Software Foundation for open source projects is readying an upgrade to its Tomcat Java servlet container, with improvements eyed in areas such as scalability and security, Apache personnel said on Wednesday afternoon.

Version 7 of Tomcat is due in alpha release around the Christmas/New Year's timeframe, said Mark Thomas, an Apache member, Tomcat committer and senior software engineer at VMware-owned SpringSource.

[ See InfoWorld's report on what has happened with Java in the two years since it was open sourced. ]

Tomcat is used for deploying Web sites and serves as the basis for such products as the SpringSource tc Server for running Java and Spring applications. Tomcat is used in at least 75 percent of Java- based Web sites, said Jim Jagielski, chairman of the Apache board of directors and a senior staff engineer and chief open source officer at VMware.

Apache officials discussed Tomcat at the ApacheCon US 2009 conference in Oakland, Calif.

Plans for Tomcat 7 include backing for the still-unfinished Java Servlet 3.0 specification. Featured in Tomcat 7 and Servlet 3.0 are asynchronous processing capabilities to improve scalability, Apache officials said.

Dynamic configuration also is planned for Tomcat 7 as part of Servlet 3.0 support. "You can programmatically set up the configuration of your Web apps," Thomas said.

Among security improvements planned for Tomcat 7 is protection against cross-site request forgeries.  Version 7 will use HTTP POST requests to make it harder for an attacker to construct an attack. A nonce request identifier also is used as a unique identifier to stifle these attackers.

The Manager application in Tomcat 7 features multiple roles for access control. "It gives system administrators more fine-grained control over who's allowed to do what," Thomas said.

Version 7 also is set to make it easier to embed Tomcat in applications and endorses generic programming objects, enabling programming errors to be found earlier in the process, at compilation time rather than run time.

"[Generics] does make for cleaner code as well," said Thomas. Tomcat 7 also removes old code that is not being used anymore.

Also at ApacheCon Wednesday, the foundation and the CollabNet-sponsored Subversion project announced formal submission of the open source Subversion software configuration management tool to Apache as an Apache Incubator project.

The move is the first step to Subversion becoming an Apache Top-Level Project.

"It's a recognition that both Subversion and Apache have grown in compatible ways," said Brian Behlendorf, who was the first president of Apache and serves on the board of directors at CollabNet.

CollabNet will continue to host the nine-year-old Subversion project at the Tigris.org Web page while Subversion undergoes incubation at the foundation.

Putting Subversion under Apache jurisdiction addresses a situation in which there has been a lot of personnel overlap between Apache and Subversion Corporation, which has had jurisdiction over Subversion but will eventually be disbanded, according to Apache members.

"Instead of having two legal entities, there [will be] only one," said Roy Fielding, chief scientist at Day Software and an Apache member.

Apache veterans during Wednesday morning conference proceedings waxed sentimental about the early years and the growth of the foundation, which is celebrating its tenth anniversary as a formal organization this year.

"I think one of the funny things about Apache that most people don't know is we didn't have a single meeting in person for the first three years that we developed the [HTTP] server," said Fielding, referring to a time period beginning around 1995 before formal incorporation.

With Apache, management does not tell developers what to do, said Jagielski. "How the code goes and how the community goes is 100 percent in the hands of the members," Jagielski said.

Behlendorf stressed how open source has impacted companies. "Once companies realize their competition is free, they really need to change tactics," he said.

Also, use of open source initially was obscured because CIOs "never saw a purchase order for Apache or a purchase order for Linux," Behlendorf said.

"They had no idea that it was being used," he said.

Apache participants during a luncheon described the newly formed, Microsoft-backed CodePlex Foundation as an effort to provide a streamlined process for Microsoft personnel to become involved in open source project submissions, although they noted CodePlex is not restricted to Microsoft-only projects.

"It's basically a way for Microsoft employees to contribute to open source projects," said Justin Erenkrantz, president of the Apache foundation. CodePlex will hold intellectual property related to contributions, thus separating Microsoft from that process, he said.

Microsoft also is a sponsor of Apache, having just renewed a $100,000 donation this week. The company also made a $100,000 contribution last year.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Brian BehlendorfserversSubversionMicrosoftjavaapachetomcatapplication serverCollabNet

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Krill

Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?