Hacking TomcatSecrets Revealed

Talk Sponsored By

Actual Sponsor

Who am I bla blafhanik@apache.orgTomcat Committer / ASF memberCo-designed the Comet implementationImplemented NIO connector in 6Responsible for session replication and clusteringBeen involved with ASF since 2001

Who are WeTop Level Project tomcat.apache.org24 committers on fileActive/core group is much smallerFind us on dev@tomcat.apache.orgWork on what interests you and work without guidanceOur people skills are improving ;)

Welcome to Tomcat

What we will coverHistory of TomcatThe BasicsConfiguration and Container ArchitectureThe AdvancedSwappable ComponentsTomcat ConnectorsServlet ContainerJSP CompilerDeveloping/Debugging Tomcat

What We Will Not CoverToo Basic stuff This is a technical presentationConfiguration detailsHow the actual JSP .jsp to .java compiler worksForked Tomcat code bases, how they differ and why they happenedOlder versions of Tomcat, we will work with Tomcat 6, no looking back

History of TomcatStarted out as a reference implemenation by Sun MicrosystemDonated to ASF Tomcat 3 (roughly 1999)Tomcat 4 New specs & First rewrite Codename CatalinaTomcat 5.0 New specsTomcat 5.5 2nd Rewrite PerformanceTomcat 6.0 New specs, New Cool Features

Basicsserver.xmlMain configuration fileBuilds server on the flyParsed using commons-digesterTomcat has hard coded rule sets for the parsingEvery element/component is swappable

Basics

Example:

BasicsEntire server.xml parsed based on rulesLook for these rules:Catalina.javaorg/apache/catalina/startup/Even web.xml is parsed using the digester

BasicsCatalina.java-createStartDigester

Digester digester = new Digester();digester.setValidating(false);

digester.setClassLoader( StandardServer.class.getClassLoader());

digester.addObjectCreate("Server", "org.apache.catalina.core.StandardServer, "className");

digester.addSetProperties("Server");

BasicsThe exception nested className

BasicsTomcat The ServerServicesEngine (Catalina)ContextJSPsServletsValvesAJP Connector8009SSL Connector84438080HTTP ConnectorHostsRealmValvesValves

BasicsService/Engine/Host/ContextAll are ContainersAll implement LifecycleListenersLifecycleEventsHow objects get initialized, started and stoppedObject relationships are established during creation(digester parsing)

BasicsLast Basics I promiseconf/web.xmlDefault web.xmlMerged with webapps WEB-INF/web.xmlDefaultServlet static contentJSP Servlet JSP filesconf/context.xmlMerged with apps definition

AdvancedConnectors the entry pointServlet Engine and Container DesignJasper The JSP engineValves interceptor patternDeveloping and DebuggingHow to join if you are interested

Performance TipTomcat produces very little GCMost objects are pooledEven though makers of VM say, never pool objectsPrevents CPU/GC jigsaw patternResetting fields is faster than GC old object, create new object and initializeNo GC lock up surprises

ConnectorsHTTP Connector protocol=o.a.coyote.http11.Http11Protocolo.a.coyote.http11.Http11AprProtocolo.a.coyote.http11.Http11NioProtocolHTTP/1.1 aliased to Http11 and Http11AprAJP Connectororg.apache.jk.server.JkCoyoteHandlerorg.apache.coyote.ajp.AjpAprProtocolAJP/1.3 aliased to the two above

Connectors

There are some pretty ugly interdependencies here.While re-factoring would resolve that, time has been spent improving performance.

ConnectorsRequest Process

1. New HTTP RequestAll java.io/java.nio/apr socket logic is in the EndPointProcessor sets up input/output buffersHTTP Parsing logic is in hereParses request, if request is availableOnce the request is parsedThe CoyoteAdapter (bridge between connector and engine)Passes the request to the servlet engine

Performance TipMessageBytes.javaAll HTTP Parsing doesnt deal with stringsEvery chunk of data gets parsed into a MessageBytes objectThis object represents a string in the HTTP headerAvoid string comparison routinesDoesnt contain copy of byte[], but a pointer to the original data with an offset and length

Performance TipUse Http11Protocol Keep Alive is turned offKernel accept filter is in placeUse Http11AprProtocolTake advantage of SEND_FILENative SSL handlingComet SupportUse Http11NioProtocolTake advantage of SEND_FILELarge number of sockets using Keep AliveAPR is not available or JNI is not preferredComet Support

AdvancedCoyoteAdapter.javaCreates Request/Response objectsMaps Request/Response to A Host object (StandardHost)A Context object (StandardContext)A Servlet (StandardWrapper)Parses Session CookieURL CookieGrabs Engines valve and passes the request into the servlet engine

Performance TipDefaultServlet.javaHandles all static contentGets deployed into every webapp through conf/web.xmlIf SEND_FILE support is enabled it will use itIts a REGULAR SERVLET!!Files and their attributes are cachedYou can replace with your own implementation

AdvancedServlet Invokation Chaino.a.c.servlets.DefaultServlet.doGetjavax.servlet.http.HttpServlet.serviceo.a.c.core.ApplicationFilterChain.doFiltero.a.c.core.StandardWrapperValve.invokeo.a.c.core.StandardContextValve.invokeo.a.c.core.StandardHostValve.invokeo.a.c.valves.ErrorReportValve.invokeo.a.c.core.StandardEngineValve.invokeo.a.c.connector.CoyoteAdapter.serviceo.a.coyote.http11.Http11NioProcessor.processo.a.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.processo.a.tomcat.util.net.NioEndpoint$SocketProcessor.runjava.util.concurrent.ThreadPoolExecutor$Worker.runTaskjava.util.concurrent.ThreadPoolExecutor$Worker.runjava.lang.Thread.run1. Everything starts with the thread2. NIO Connector defaults to ThreadPoolExecutor3. SocketProcessor Simple Runnable to invoke Handler.process4. HttpProcessor parses HTTP request5. CoyoteAdapter Creates Request Response pair6. StandardEngineValveFirst valve in the engine container7. ErrorReportValveCatches Throwable Reports 400+ errors8. StandardHostValveSets context class loader9. StandardContextValveInvokes (spec)ServletRequestListeners10. StandardWrapperValveInvokes (spec)FilterChain11. ApplicationFilterChainRepresents Servlet (spec)FilterChain, invokes servlet12. The ServletExecution of the servlet

AdvancedReading Data From the InputStream

o.a.c.http11.InternalNioInputBuffer$SocketInputBuffer.doReado.a.c.http11.filters.ChunkedInputFilter.readByteso.a.c.http11.http11.filters.ChunkedInputFilter.parseChunkHeader o.a.c.http11.http11.filters.ChunkedInputFilter.doReado.a.c.http11.http11.InternalNioInputBuffer.doReado.a.c.http11.Request.doReado.a.catalina.connector.InputBuffer.realReadByteso.a.t.u.buf.ByteChunk.substracto.a.catalina.connector.InputBuffer.reado.a.catalina.connector.CoyoteInputStream.readcomet.CometEchoServlet.echo

Performance TipJspServlet.javaHandles all JSP filesGets deployed into every webapp through conf/web.xmlMapping done through URL patterns (per spec)Its a REGULAR SERVLET!!Connects into the Jasper engine

AdvancedHow are JSP files handledThrough the JspServlet (same invocation path)JspServletWrapper createdContains JspCompilationContextHolds a JSP class loaderInvokes compile on the compilation contextProcesses annotationsLoads .class file through class loaderFinally invokes service(req,resp) on the generated servleto.a.jasper.compiler.CompilerGenerates .java file from .jspo.a.jasper.compiler.JDTCompilerGenerates .class file from .java

AdvancedDeployment of Applications - StandardContext - LifecycleListener - WebappLoader - StandardManager - No default - FileDirContext - No default ContextRuleSet.java parses contexts in server.xml

AdvancedDeployment of applicationsThe deployer is HostConfig.javaEach StandardHost.java object holds a reference to a HostConfigDeploy ordercontext.xml filesWAR filesDirectories/ROOT is hardcoded for path=Runtime deployment triggered by LifecycleEvent

AdvancedDeveloping/DebuggingSVN Repo for TC 6 is simplifiedtrunk/java all you needsvn co/ant download/ant builds the systemRun inside a debugger by emulating the catalina.sh/catalina.bat if you wishEverything is java, breakpoints anywhere

Performance TipDoes it scaleYes, its been tested with 16k concurrent and active connections on a Xmx512m systemPerformance increases well as new CPUs are addedRAM is your max # concurrent connection limitationSimple tests run at http://blog.covalent.net/roller/covalent/entry/20070308

Performance TipTuningMostly in the application itself, Tomcat default is pretty goodWhen it comes down to nuts and bolts, the tuning is in the connectorsNIO connector, by far the most tuning options (see docs)Socket and App buffers usually the most important aspect for write-speedAPR connector, speedy little devil, not as many options, but relies on APR below being well tuned.

Performance TipTuning the servlet engineSure, it can be done, but not through configurationMost common bottlenecks turn out to be synchronized statements or locksCompared to the webapp or the connector, spending time tuning the engine is not worth the time

ConclusionNot so difficult on first impressionSlightly confusing on second impressionOnce you get a hang of it, go crazyModular design, and nasty depsNot the typical text book java designFind something interesting? want to contribute? take initiative, dont be shy

Want to join?Ideas for needed projectsBetter deployerDocumentationAdministration toolBetter JMX supportRemote and Cluster deploymentsLive status dash boardSIP supportThe list goes on, take your pick!

Q & ALots and Lots coveredOnly a drop in the sea, but enough to get you startednot enough timefhanik@apache.org anytimedev@tomcat.apache.org be bravehttp://people.apache.org/~fhanik for the presentation