Global JNDI resources--> <script>f(clean);</script>
Test entry for demonstration purposes--> <script>f(clean);</script>
Editable user database that can also be used by UserDatabaseRealm to authenticate users--> <script>f(clean);</script>
A "Service" is a collection of one or more "Connectors" that share a single "Container" (and therefore the web applications visible within that Container). Normally, that Container is an "Engine", but this is not required. Note: A "Service" is not itself a "Container", so you may not define subcomponents such as "Valves" or "Loggers" at this level.--> <script>f(clean);</script>
Define the Tomcat Stand-Alone Service--> <script>f(clean);</script>
A "Connector" represents an endpoint by which requests are received and responses are returned. Each Connector passes requests on to the associated "Container" (normally an Engine) for processing. By default, a non-SSL HTTP/1.1 Connector is established on port 8080. You can also enable an SSL HTTP/1.1 Connector on port 8443 by following the instructions below and uncommenting the second Connector entry. SSL support requires the following steps (see the SSL Config HOWTO in the Tomcat 5 documentation bundle for more detailed instructions): * If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or later, and put the JAR files into "$JAVA_HOME/jre/lib/ext". * Execute: %JAVA_HOME%/bin/keytool -genkey -alias tomcat -keyalg RSA (Windows) $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix) with a password value of "changeit" for both the certificate and the keystore itself. By default, DNS lookups are enabled when a web application calls request.getRemoteHost(). This can have an adverse impact on performance, so you can disable it by setting the "enableLookups" attribute to "false". When DNS lookups are disabled, request.getRemoteHost() will return the String version of the IP address of the remote client.--> <script>f(clean);</script>
Define a non-SSL Coyote HTTP/1.1 Connector on the port specified during installation--> <script>f(clean);</script>
Note : To disable connection timeouts, set connectionTimeout value to -1--> <script>f(clean);</script>
Note : To use gzip compression you could set the following properties : compression="on" compressionMinSize="2048" noCompressionUserAgents="gozilla, traviata" compressableMimeType="text/html,text/xml"--> <script>f(clean);</script>
Define a SSL Coyote HTTP/1.1 Connector on port 8443--> <script>f(clean);</script>
<Connector port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />--> <script>f(clean);</script>
Define a Coyote/JK2 AJP 1.3 Connector on port 8009--> <script>f(clean);</script>
Define a Proxied HTTP/1.1 Connector on port 8082--> <script>f(clean);</script>
See proxy documentation for more information about using this.--> <script>f(clean);</script>
<Connector port="8082" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" acceptCount="100" debug="0" connectionTimeout="20000" proxyPort="80" disableUploadTimeout="true" />--> <script>f(clean);</script>
An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host).--> <script>f(clean);</script>
You should set jvmRoute to support load-balancing via JK/JK2 ie : <Engine name="Standalone" defaultHost="localhost" debug="0" jvmRoute="jvm1">--> <script>f(clean);</script>
Define the top level container in our container hierarchy--> <script>f(clean);</script>
The request dumper valve dumps useful debugging information about the request headers and cookies that were received, and the response headers and cookies that were sent, for all requests received by this instance of Tomcat. If you care only about requests to a particular virtual host, or a particular application, nest this element inside the corresponding <Host> or <Context> entry instead. For a similar mechanism that is portable to all Servlet 2.4 containers, check out the "RequestDumperFilter" Filter in the example application (the source for this filter may be found in "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters"). Request dumping is disabled by default. Uncomment the following element to enable it.--> <script>f(clean);</script>
<Valve className="org.apache.catalina.valves.RequestDumperValve"/>--> <script>f(clean);</script>
Global logger unless overridden at lower levels--> <script>f(clean);</script>
Because this Realm is here, an instance will be shared globally--> <script>f(clean);</script>
This Realm uses the UserDatabase configured in the global JNDI resources under the key "UserDatabase". Any edits that are performed against this UserDatabase are immediately available for use by the Realm.--> <script>f(clean);</script>
Comment out the old realm but leave here for now in case we need to go back quickly--> <script>f(clean);</script>
Replace the above Realm with one of the following to get a Realm stored in a database and accessed via JDBC--> <script>f(clean);</script>
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="org.gjt.mm.mysql.Driver" connectionURL="jdbc:mysql://localhost/authority" connectionName="test" connectionPassword="test" userTable="users" userNameCol="user_name" userCredCol="user_pass" userRoleTable="user_roles" roleNameCol="role_name" />--> <script>f(clean);</script>
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="oracle.jdbc.driver.OracleDriver" connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL" connectionName="scott" connectionPassword="tiger" userTable="users" userNameCol="user_name" userCredCol="user_pass" userRoleTable="user_roles" roleNameCol="role_name" />--> <script>f(clean);</script>
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="sun.jdbc.odbc.JdbcOdbcDriver" connectionURL="jdbc:odbc:CATALINA" userTable="users" userNameCol="user_name" userCredCol="user_pass" userRoleTable="user_roles" roleNameCol="role_name" />--> <script>f(clean);</script>
Define the default virtual host Note: XML Schema validation will not work with Xerces 2.2.--> <script>f(clean);</script>
Defines a cluster for this node, By defining this element, means that every manager will be changed. So when running a cluster, only make sure that you have webapps in there that need to be clustered and remove the other ones. A cluster has the following parameters: className = the fully qualified name of the cluster class name = a descriptive name for your cluster, can be anything debug = the debug level, higher means more output mcastAddr = the multicast address, has to be the same for all the nodes mcastPort = the multicast port, has to be the same for all the nodes mcastFrequency = the number of milliseconds in between sending a "I'm alive" heartbeat mcastDropTime = the number a milliseconds before a node is considered "dead" if no heartbeat is received tcpThreadCount = the number of threads to handle incoming replication requests, optimal would be the same amount of threads as nodes tcpListenAddress = the listen address (bind address) for TCP cluster request on this host, in case of multiple ethernet cards. auto means that address becomes InetAddress.getLocalHost().getHostAddress() tcpListenPort = the tcp listen port tcpSelectorTimeout = the timeout (ms) for the Selector.select() method in case the OS has a wakup bug in java.nio. Set to 0 for no timeout printToScreen = true means that managers will also print to std.out expireSessionsOnShutdown = true means that useDirtyFlag = true means that we only replicate a session after setAttribute,removeAttribute has been called. false means to replicate the session after each request. false means that replication would work for the following piece of code: <% HashMap map = (HashMap)session.getAttribute("map"); map.put("key","value"); %> replicationMode = can be either 'pooled', 'synchronous' or 'asynchronous'. * Pooled means that the replication happens using several sockets in a synchronous way. Ie, the data gets replicated, then the request return. This is the same as the 'synchronous' setting except it uses a pool of sockets, hence it is multithreaded. This is the fastest and safest configuration. To use this, also increase the nr of tcp threads that you have dealing with replication. * Synchronous means that the thread that executes the request, is also the thread the replicates the data to the other nodes, and will not return until all nodes have received the information. * Asynchronous means that there is a specific 'sender' thread for each cluster node, so the request thread will queue the replication request into a "smart" queue, and then return to the client. The "smart" queue is a queue where when a session is added to the queue, and the same session already exists in the queue from a previous request, that session will be replaced in the queue instead of replicating two requests. This almost never happens, unless there is a large network delay.--> <script>f(clean);</script>
When uncommenting the cluster, REMEMBER to uncomment the replication Valve below as well <Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster" name="FilipsCluster" debug="10" serviceclass="org.apache.catalina.cluster.mcast.McastService" mcastAddr="228.0.0.4" mcastPort="45564" mcastFrequency="500" mcastDropTime="3000" tcpThreadCount="6" tcpListenAddress="auto" tcpListenPort="4001" tcpSelectorTimeout="100" printToScreen="false" expireSessionsOnShutdown="false" useDirtyFlag="true" replicationMode="pooled" />--> <script>f(clean);</script>
When configuring for clustering, you also add in a valve to catch all the requests coming in, at the end of the request, the session may or may not be replicated. A session is replicated if and only if all the conditions are met: 1. useDirtyFlag is true or setAttribute or removeAttribute has been called AND 2. a session exists (has been created) 3. the request is not trapped by the "filter" attribute The filter attribute is to filter out requests that could not modify the session, hence we don't replicate the session after the end of this request. The filter is negative, ie, anything you put in the filter, you mean to filter out, ie, no replication will be done on requests that match one of the filters. The filter attribute is delimited by ;, so you can't escape out ; even if you wanted to. filter=".*/.gif;.*/.js;" means that we will not replicate the session after requests with the URI ending with .gif and .js are intercepted.--> <script>f(clean);</script>
<Valve className="org.apache.catalina.cluster.tcp.ReplicationValve" filter=".*/.gif;.*/.js;.*/.jpg;.*/.htm;.*/.html;.*/.txt;"/>--> <script>f(clean);</script>
Normally, users must authenticate themselves to each web app individually. Uncomment the following entry if you would like a user to be authenticated the first time they encounter a resource protected by a security constraint, and then have that user identity maintained across *all* web applications contained in this virtual host.--> <script>f(clean);</script>
<Valve className="org.apache.catalina.authenticator.SingleSignOn" debug="0"/>--> <script>f(clean);</script>
Access log processes all requests for this virtual host. By default, log files are created in the "logs" directory relative to $CATALINA_HOME. If you wish, you can specify a different directory with the "directory" attribute. Specify either a relative (to $CATALINA_HOME) or absolute path to the desired directory.--> <script>f(clean);</script>
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/>--> <script>f(clean);</script>
Logger shared by all Contexts related to this virtual host. By default (when using FileLogger), log files are created in the "logs" directory relative to $CATALINA_HOME. If you wish, you can specify a different directory with the "directory" attribute. Specify either a relative (to $CATALINA_HOME) or absolute path to the desired directory.--> <script>f(clean);</script>
Define properties for each web application. This is only needed if you want to set non-default properties, or have web application document roots in places other than the virtual host's appBase directory.--> <script>f(clean);</script>
Tomcat Root Context--> <script>f(clean);</script>
<Server>元素
它代表整个容器,是Tomcat实例的顶层元素.由org.apache.catalina.Server接口来定义.它包含一个<Service>元素.并且它不能做为任何元素的子元素.
<Server port="8005" shutdown="SHUTDOWN" debug="0">
1>className指定实现org.apache.catalina.Server接口的类.默认值为org.apache.catalina.core.StandardServer
2>port指定Tomcat监听shutdown命令端口.终止服务器运行时,必须在Tomcat服务器所在的机器上发出shutdown命令.该属性是必须的.
3>shutdown指定终止Tomcat服务器运行时,发给Tomcat服务器的shutdown监听端口的字符串.该属性必须设置
<Service>元素
该元素由org.apache.catalina.Service接口定义,它包含一个<Engine>元素,以及一个或多个<Connector>,这些Connector元素共享用同一个Engine元素
<Service name="Catalina">
<Service name="Apache">
第一个<Service>处理所有直接由Tomcat服务器接收的web客户请求.
第二个<Service>处理所有由Apahce服务器转发过来的Web客户请求
1>className 指定实现org.apahce.catalina.Service接口的类.默认为org.apahce.catalina.core.StandardService
2>name定义Service的名字
<Engine>元素
每个Service元素只能有一个Engine元素.元素处理在同一个<Service>中所有<Connector>元素接收到的客户请求.由org.apahce.catalina.Engine接口定义.
<Engine name="Catalina" defaultHost="localhost" debug="0">
1>className指定实现Engine接口的类,默认值为StandardEngine
2>defaultHost指定处理客户的默认主机名,在<Engine>中的<Host>子元素中必须定义这一主机
3>name定义Engine的名字
在<Engine>可以包含如下元素<Logger>, <Realm>, <Value>, <Host>
<Host>元素
它由Host接口定义.一个Engine元素可以包含多个<Host>元素.每个<Host>的元素定义了一个虚拟主机.它包含了一个或多个Web应用.
<Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="true">
1>className指定实现Host接口的类.默认值为StandardHost
2>appBase指定虚拟主机的目录,可以指定绝对目录,也可以指定相对于<CATALINA_HOME>的相对目录.如果没有此项,默认为<CATALINA_HOME>/webapps
3>autoDeploy如果此项设为true,表示Tomcat服务处于运行状态时,能够监测appBase下的文件,如果有新有web应用加入进来,会自运发布这个WEB应用
4>unpackWARs如果此项设置为true,表示把WEB应用的WAR文件先展开为开放目录结构后再运行.如果设为false将直接运行为WAR文件
5>alias指定主机别名,可以指定多个别名
6>deployOnStartup如果此项设为true,表示Tomcat服务器启动时会自动发布appBase目录下所有的Web应用.如果Web应用中的server.xml没有相应的<Context>元素,将采用Tomcat默认的Context
7>name定义虚拟主机的名字
在<Host>元素中可以包含如下子元素
<Logger>, <Realm>, <Value>, <Context>
<Context>元素
它由Context接口定义.是使用最频繁的元素.每个<Context元素代表了运行在虚拟主机上的单个Web应用.一个<Host>可以包含多个<Context>元素.每个web应用有唯一
的一个相对应的Context代表web应用自身.servlet容器为第一个web应用创建一个
ServletContext对象.
<Context path="/sample" docBase="sample" debug="0" reloadbale="true">
1>className指定实现Context的类,默认为StandardContext类
2>path指定访问Web应用的URL入口,注意/myweb,而不是myweb了事
3>reloadable如果这个属性设为true, Tomcat服务器在运行状态下会监视在WEB-INF/classes和Web-INF/lib目录CLASS文件的改运.如果监视到有class文件被更新,服务器自重新加载Web应用
3>cookies指定是否通过Cookies来支持Session,默认值为true
4>useNaming指定是否支持JNDI,默认值为了true
在<Context>元素中可以包含如下元素
<Logger>, <Realm>, <Resource>, <ResourceParams>
Connector元素
由Connector接口定义.<Connector>元素代表与客户程序实际交互的给件,它负责接收客户请求,以及向客户返回响应结果.
<Connector port="8080" maxThread="50" minSpareThreads="25" maxSpareThread="75" enableLookups="false" redirectPort="8443" acceptCount="100" debug="0" connectionTimeout="20000" disableUploadTimeout="true" />
<Connection port="8009" enableLookups="false" redirectPort="8443" debug="0" protocol="AJP/1.3" />
第一个Connector元素定义了一个HTTP Connector,它通过8080端口接收HTTP请求;第二个Connector元素定义了一个JD Connector,它通过8009端口接收由其它服务器转发过来的请求.
Connector元素共用属性
1>className指定实现Connector接口的类
2>enableLookups如果设为true,表示支持域名解析,可以把IP地址解析为主机名.WEB应用中调用request.getRemoteHost方法返回客户机主机名.默认值为true
3>redirectPort指定转发端口.如果当前端口只支持non-SSL请求,在需要安全通信的场命,将把客户请求转发至SSL的redirectPort端口
HttpConnector元素的属性
1>className实现Connector的类
2>port设定Tcp/IP端口,默认值为8080,如果把8080改成80,则只要输入http://localhost即可
因为TCP/IP的默认端口是80
3>address如果服务器有二个以上ip地址,此属性可以设定端口监听的ip地址.默认情况下,端口会监听服务器上所有的ip地址
4>bufferSize设定由端口创建的输入流的缓存大小.默认值为2048byte
5>protocol设定Http协议,默认值为HTTP/1.1
6>maxThreads设定在监听端口的线程的最大数目,这个值也决定了服务器可以同时响应客户请求的最大数目.默认值为200
7>acceptCount设定在监听端口队列的最大客户请求数量,默认值为10.如果队列已满,客户必须等待.
8>connectionTimeout定义建立客户连接超时的时间.如果为-1,表示不限制建立客户连接的时间
JkConnector的属性
1>className实现Connector的类
2>port设定AJP端口号
3>protocol必须设定为AJP/1.3