View
98
Download
2
Category
Preview:
Citation preview
Copyright ©2000-9 CRS Enterprises Ltd 1
Apache Tomcat ServerAdministration
by
Chris Seddon
Copyright ©2000-9 CRS Enterprises Ltd 2
Apache Tomcat ServerAdministration
1. Introduction to Tomcat2. Deploying Servlets and JSPs3. JNDI4. JDBC5. Security6. SSL7. Web Services8. Clustering9. Performance Tuning
Copyright ©2000-9 CRS Enterprises Ltd 4
Introduction to Tomcat
Copyright ©2000-9 CRS Enterprises Ltd 5
1. Introduction to Tomcat
Copyright ©2000-9 CRS Enterprises Ltd 6
Tomcat InstallationInstall as a service (or daemon)
use the Windows Installer (.exe) distributionor rc scripts on Unix
Install as standaloneuse the Zip distribution
Important Environment VariablesJAVA_HOMEJAVA_OPTS
Copyright ©2000-9 CRS Enterprises Ltd 7
Tomcat as a ServiceUse the Service Control Module
to start and stop the service
Automatic Startup is recommendedbut you can use Manual for testing
Copyright ©2000-9 CRS Enterprises Ltd 8
Starting and Stopping Tomcat
Copyright ©2000-9 CRS Enterprises Ltd 9
Is Tomcat Running?
Copyright ©2000-9 CRS Enterprises Ltd 10
What Port?Use netstat -van
netstat -vanoalso displays the PID - so you can kill a wayward pr ocess
Copyright ©2000-9 CRS Enterprises Ltd 11
Changing PortsConfigure ports in server.xml
Copyright ©2000-9 CRS Enterprises Ltd 12
... Changing PortsLook through server.xml for occurrences of 8080
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 --><Connector acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="8080"redirectPort="8443"/>
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 --><Connector acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="8080"redirectPort="8443"/>
server.xmlserver.xml
Copyright ©2000-9 CRS Enterprises Ltd 13
Default Portsadmin 8005
port used to shutdown Tomcat
http 8080normal http traffic
ssl8443normal https traffic
AJP 8009optimized version of the HTTP protocol used by Apache front end proxy
proxy 8082generic proxy portcan be used by other web servers
Copyright ©2000-9 CRS Enterprises Ltd 14
Using Port 8005You can shutdown Tomcat
by sending the SHUTDOWN string to Tomcatusually via Telnet
Only works on the localhostmight want to change this string
<Server port="8005" shutdown="SHUTDOWN"><Server port="8005" shutdown="SHUTDOWN">server.xmlserver.xml
<Server port="8005" shutdown="SomeSecretString"><Server port="8005" shutdown="SomeSecretString">server.xmlserver.xml
Copyright ©2000-9 CRS Enterprises Ltd 15
Manager AppControl deployments
start, start, redeploy, undeploy
Server Statuscheck on running server
Copyright ©2000-9 CRS Enterprises Ltd 16
Installing the Manager Appedit tomcat-users.xml
add manager role
login to manager apphttp://localhost:8080/manager/html
</tomcat-users><role rolename="manager"/><user username="tomcat"
password="tomcat" roles="manager"/>
</tomcat-users>
</tomcat-users><role rolename="manager"/><user username="tomcat"
password="tomcat" roles="manager"/>
</tomcat-users>
tomcat-users.xmltomcat-users.xml
Copyright ©2000-9 CRS Enterprises Ltd 17
Using Other JVMsOracle JRockit
catlina.batset JAVA_HOME=C:\bea\jrockit90_150_06set JAVA_OPTS=-Djrockit.managementserver.port=7091
jconsoleworks as before
consoleJRockit specific monitor program
IBM JDKfor use on Unix and Linux systems
Copyright ©2000-9 CRS Enterprises Ltd 20
2. Deploying Servlets and JSPs
Copyright ©2000-9 CRS Enterprises Ltd 21
Deploying Servlets and JSPs
Copyright ©2000-9 CRS Enterprises Ltd 22
HTTP Requests and ResponsesWeb browsers and Web servers communicate by using
HTTP requests and responses
The Web browser can request…A static resource, such as a fixed HTML pageA server-side application, such as Java servlet or JSP
HTTP request
Web browser Web server
HTTP response
Copyright ©2000-9 CRS Enterprises Ltd 23
Creating Web Server ApplicationsJava
Java ServletsJava Server Pages (JSPs)Typically a combination of both
Common Gateway Interface (CGI)CGI scripts in Perl, C, C++, etc.
Microsoft technologiesActive Server Pages (ASPs), using JScript or VBScri ptASP.NET, using any .NET language (C#, VB.NET, J#, e tc.)
Proprietary APIs, targeted at a specific Web serverInternet Information Services API (ISAPI)
Copyright ©2000-9 CRS Enterprises Ltd 24
Servlets and JSPs ...
Servletsand
JSPs
Servletsand
JSPs
creates and returns HTML
Copyright ©2000-9 CRS Enterprises Ltd 25
... Servlets and JSPsHosted by a 'servlet container'
container invokes the servlet or JSP when an HTTP request is received
Servlets and JSPs often interact with databasesindirectly using JDBC, iBatis, Hibernate
Servlets and JSPs can also interact with other componentsSpring beans, EJBs, JMS, Web services
Copyright ©2000-9 CRS Enterprises Ltd 26
Servlet ArchitectureServlet engine forwards client request to servlet
Response to client
Client requestServlet ContainerServlet Container
Web Server
Web Server MyServletMyServlet
Load servlet from local disk or remote web server
Pass request info to servlet
1
2
3
Pass response back to server
45
http://www.abc.com:8080/MyServlet?name=john&passwor d=secret
Copyright ©2000-9 CRS Enterprises Ltd 27
ServletsServlets can be very simple
public class MyServlet extends HttpServlet {
public void doGet(ServletRequest req, ServletResponse res) throws IOException, ServletException
{ // your stuff goes here
} }
public class MyServlet extends HttpServlet {
public void doGet(ServletRequest req, ServletResponse res) throws IOException, ServletException
{ // your stuff goes here
} }
Copyright ©2000-9 CRS Enterprises Ltd 28
Simple Servlet
import java.io.*;import javax.servlet.*; import javax.servlet.http.*;
public class HelloServlet extends HttpServlet {public void doGet( HttpServletRequest request,
HttpServletResponse response)throws ServletException, IOException {
response.setContentType("text/html");PrintWriter output = response.getWriter();output.println("<HTML>");output.println("<HEAD><TITLE>Hello</TITLE></HEAD>");output.println("<BODY>");output.println("<BIG>Hello World</BIG>");output.println("</BODY></HTML>");
}}
import java.io.*;import javax.servlet.*; import javax.servlet.http.*;
public class HelloServlet extends HttpServlet {public void doGet( HttpServletRequest request ,
HttpServletResponse response )throws ServletException, IOException {
response.setContentType("text/html");PrintWriter output = response.getWriter();output.println(" <HTML>");output.println(" <HEAD><TITLE>Hello</TITLE></HEAD> ");output.println(" <BODY>");output.println(" <BIG>Hello World</BIG> ");output.println(" </BODY></HTML>");
}}
HelloServlet.javaHelloServlet.java
Copyright ©2000-9 CRS Enterprises Ltd 29
ServletEngine
ServletEngine
Servlet Instance
void init(ServletConfig config) { ... } void init(ServletConfig config) { ... }
void doGet( ServletRequest request, ServletResponse response){ ... }
void doPut( ServletRequest request, ServletResponse response){ ... }
void doGet( ServletRequest request, ServletResponse response){ ... }
void doPut( ServletRequest request, ServletResponse response){ ... }
void destroy( ) { ... } void destroy( ) { ... }
xalled only once - when
servlet is loaded
called each time a client request is received
called when servlet is unloaded
Servlet Lifecycle
Copyright ©2000-9 CRS Enterprises Ltd 30
Web ApplicationsWeb application is a collection of
servlets, JSPs, HTML files, images packaged into a single WAR file
//
WEB-INFWEB-INF web.xmlweb.xml
liblib
classesclasses
HTMLimagesscriptsJSPs
HTMLimagesscriptsJSPs
servletsservlets
libraryJARs
libraryJARs
Copyright ©2000-9 CRS Enterprises Ltd 31
Deployment Descriptor
<?xml version= '1.0' encoding= 'UTF-8'?><web-app xmlns:xsi= "http://www.w3.org/2001/XMLSchema-instance"
xmlns= "http://java.sun.com/xml/ns/javaee"xmlns:web= "http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"xsi:schemaLocation= "http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"id= "WebApp_ID" version= "2.5" >
<welcome-file-list><welcome-file>index.html</welcome-file>
</welcome-file-list>
<servlet><servlet-name>Simple</servlet-name><servlet-class>demos.jee.servlets.SimpleServlet</se rvlet-class>
</servlet>
<servlet-mapping><servlet-name>Simple</servlet-name><url-pattern>/MySimpleServlet</url-pattern>
</servlet-mapping></web-app>
<?xml version= '1.0' encoding= 'UTF-8'?><web-app xmlns:xsi= "http://www.w3.org/2001/XMLSchema-instance"
xmlns= "http://java.sun.com/xml/ns/javaee"xmlns:web= "http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"xsi:schemaLocation= "http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"id= "WebApp_ID" version= "2.5" >
<welcome-file-list><welcome-file>index.html</welcome-file>
</welcome-file-list>
<servlet><servlet-name> Simpl e</servlet-name><servlet-class> demos.jee.servlets.SimpleServlet </servlet-class>
</servlet>
<servlet-mapping><servlet-name> Simple </servlet-name><url-pattern> /MySimpleServlet </url-pattern>
</servlet-mapping></web-app>
web.xmlweb.xml
Copyright ©2000-9 CRS Enterprises Ltd 32
A Simple JSPMixture of Java and HTML
...<table border=1 align=center>
<tr><td colspan=4>Powers of Numbers</td>
</tr><%
for (i = 1; i <= 30; i++) {%>
<tr><td><%= i %></td><td><%= square(i) %></td><td><%= cube(i) %></td><td><%= quad(i) %></td>
</tr><% } %>
</table></body></html>
...<table border=1 align=center>
<tr><td colspan=4>Powers of Numbers</td>
</tr><%
for (i = 1; i <= 30; i++) {%>
<tr><td><%= i %></td><td><%= square(i) %></td><td><%= cube(i) %></td><td><%= quad(i) %></td>
</tr><% } %>
</table></body></html>
Copyright ©2000-9 CRS Enterprises Ltd 33
JSPs are translated into servlets by the JSP enginestatic text is translated into out.write() callsJava code is copied as-is
JSP Page Life Cycle - Overview
Translate page into servlet
Compile servlet source
JSPJSP
Servlet .java fileServlet .java file
Servlet .class fileServlet .class file
Copyright ©2000-9 CRS Enterprises Ltd 34
Sun's Recommended ArchitectureSun recommends a Model/View/Controller pattern
Servlet = "Controller"JSP = "View"Bean(s) = "Model"
HTML form
HTML form
EJBEJB
Servlet(C)
Servlet(C)
Bean(M)
Bean(M)
11
22
4433
JSP(V)
JSP(V)
55
HTTP requestCreate bean(s)
Access bean(s)in JSP code
Forwardto JSP
HTML returnedto browser
JDBC
Copyright ©2000-9 CRS Enterprises Ltd 36
3. JNDI
Copyright ©2000-9 CRS Enterprises Ltd 37
JNDI
Copyright ©2000-9 CRS Enterprises Ltd 38
Naming Service ConceptsA naming service binds objects to meaningful names
files are bound to filenamesIP addresses are bound to computer names
Many different naming services existeach has its own naming convention
Sun's NIS+Domain Naming Service (DNS)Lightweight Directory Access Protocol (LDAP)
JNDI is an interface to naming servicespermits applications to name and locate objects in the naming servicecan use any underlying naming service
transparent to the Java programmer
Copyright ©2000-9 CRS Enterprises Ltd 39
What do we use JNDI for?Database connections
defining a data source
Remotingto communicate with a CORBA serverto create a EJB proxy
JMSto connect to the Messaging Service
LDAPto obtain security and other information from an LD AP server
Transactionsto obtain a connection to the Tx Manager
Copyright ©2000-9 CRS Enterprises Ltd 40
Applications independent of the services used
JNDI Architecture
JNDI SPIJNDI SPI
JNDI APIJNDI API
Naming ManagerNaming Manager
Java AppJava App
CORBACORBARMIRMIDNSDNS LDAPLDAP
Copyright ©2000-9 CRS Enterprises Ltd 41
WebLogic JNDI ArchitectureEach server maintains its own JNDI tree
trees are independentdepend on what has been deployed to that server
Servers in a cluster are synchronizedJNDI trees are duplicatedunicast or multicast messages are shared between th e servers
to keep their JNDI trees the sameby transmitting deltas (changes)
Viewing the JNDI ishelpful in resolving problems with
database poolsJMS connectionsEJB deployments
Copyright ©2000-9 CRS Enterprises Ltd 44
4. JDBC
Copyright ©2000-9 CRS Enterprises Ltd 45
JDBC
Copyright ©2000-9 CRS Enterprises Ltd 46
What is JDBC?JDBC is an API for executing SQL statementsJDBC is
Java Database Connectivitybased on Microsoft's ODBCsingle API for all databases
platform independentdatabase vendor independent (Sybase , Oracle, Infor mix ...)
fully object oriented
JDBC drivers written in pure Javacan be automatically downloaded on a network
Copyright ©2000-9 CRS Enterprises Ltd 47
JDBC Architecture
ClientClient
Java ApplicationJava Application
JDBC APIJDBC API
ODBC Bridge
ODBC Bridge
MixedLanguage
MixedLanguage
NetBridge
NetBridge
PureJava
PureJava
Type 1 Type 2 Type 3 Type 4
Web ServerWeb Server
DatabaseDatabase
Copyright ©2000-9 CRS Enterprises Ltd 48
Two-tier Client/Server
Local client processingHeavy resource usageUI and business code mixedReplication of effortSecurity implications for untrusted applets
DBMSDBMS
Java codeJava code
network boundary
DriverDriver
Copyright ©2000-9 CRS Enterprises Ltd 49
Three-tier Client/Server
DBMSDBMS
Java Application ServerJava Application Server
network boundary
Java client codeJava client code
network boundary
JDBCJDBC
Server handles connections, security, load balancing
Copyright ©2000-9 CRS Enterprises Ltd 50
Driver Types
1
2
3
4
1
2
3
4
JDBC-ODBC bridge
Java to Native DB Driver
Java to Web Server to DB Driver
Pure Java Driver
JDBC-ODBC bridge
Java to Native DB Driver
Java to Web Server to DB Driver
Pure Java Driver
OK for Windows, but very slow
Mixed language and good availability, but native driver must be installed on client
Excellent solution when multiple clients. Web Server handles most issues. Client requires no configuration.
Excellent solution for a small number of clients. Client requires no configuration.
OK for Windows, but very slow
Mixed language and good availability, but native driver must be installed on client
Excellent solution when multiple clients. Web Server handles most issues. Client requires no configuration.
Excellent solution for a small number of clients. Client requires no configuration.
Copyright ©2000-9 CRS Enterprises Ltd 51
JDBC Type 1 DriversJDBC-ODBC bridge plus ODBC driver:
JavaSoft bridge product provides JDBC access via OD BC drivers
Installationmust be loaded on each client machine that uses thi s driverODBC code has to be installedsome associated database client code may require in stallation
PerformancePoor because of the layered drivers
Availabilityalways available but only from JavaSoftvirtually all databases have ODBC driverson appropriate on Windows platforms
Copyright ©2000-9 CRS Enterprises Ltd 52
JDBC Type 2 DriversNative-API partly-Java driver
mixed languageJava front end drivers interfacing to C/C++ drivers
some drivers primarily Javasome drivers primarily C/C++
InstallationC/C++ back end drivers must be installed on each cl ient machine
PerformanceGood because interfacing to efficient C/C++ drivers
Availabilitymany drivers available from various vendorsall major most databases have Type 2 drivers availa bleappropriate on Windows/Unix and other platforms
Copyright ©2000-9 CRS Enterprises Ltd 53
JDBC Type 3 DriversJDBC-Net pure Java driver
translates JDBC calls into a DBMS independent net p rotocolnet protocol translated to a DBMS protocol by a Web Server.
Web Server able to connect pure Java clients to many different databasesthe most flexible JDBC alternativeideal for Internet access
access through firewalls needs further consideratio n
MiddlewareWeb Server able to provide additional services
Copyright ©2000-9 CRS Enterprises Ltd 54
Type 3 Middleware ServicesMiddleware for JDBC Type 3 Drivers
may support connection poolingsingle administratorsecurity localised on Web Serverencryption can be provided between client and Web S erver
Connection Poolsset up by Web Server before client requests connect ionmany clients supported by a few connectionspool can grow and shrinkWeb Server handles all threading issuesvery efficient
Copyright ©2000-9 CRS Enterprises Ltd 55
JDBC Type 4 DriversPure Java Drivers
converts JDBC calls into the network protocol used by DBMS directly
Installationall driver code can be downloaded on demandvery flexible
Performancereasonably good
Availabilitymany drivers available in the last 12 monthsall major most databases have Type 4 drivers availa bleappropriate on Windows/Unix and other platforms
Copyright ©2000-9 CRS Enterprises Ltd 56
The Need for Connection PoolingConnection pools are used to enhance the performanc e
of executing commands on a databasedirect connection to the database strongly discoura ged
Connections are expensive - share connections betwee n usersmaximize bandwidth of each connectionpre-allocates connections - no waitingshares security - only WebLogic needs access to data basefail-over and load balancing possible in clustered environmentif all the connections are being used, a new connec tion is made and is
added to the pool
Users obtain a virtual connectionacquire laterelease early
Copyright ©2000-9 CRS Enterprises Ltd 57
Connection Pooling and Data Sources
DatabaseDatabase
ConnectionPool
ConnectionPool
connection-1connection-1
connection-2connection-2
connection-3connection-3
connection-4connection-4
connection-5connection-5
JNDIJNDI
DataSourceObject
DataSourceObject
ApplicationCode
ApplicationCode
Copyright ©2000-9 CRS Enterprises Ltd 60
5. Security
Copyright ©2000-9 CRS Enterprises Ltd 61
Security
Copyright ©2000-9 CRS Enterprises Ltd 62
Authentication and AuthorizationAuthorization
what resources can you access?use XML descriptorsembed authorization in Java codeuse vendor specific mechanisms
Authenticationwho are you?
username + passwordcertificates
JAASJava Authentication and Authorization Service
programmatic security
Copyright ©2000-9 CRS Enterprises Ltd 63
Users and RolesConfigure users and roles in tomcat-users.xml
</tomcat-users><role rolename="tomcat"/><role rolename="role1"/><user username="tomcat" password="tomcat" roles="tom cat"/><user username="both" password="tomcat" roles="tomc at,role1"/><user username="role1" password="tomcat" roles="rol e1"/><role rolename="manager"/><user username="tomcat" password="tomcat" roles="ma nager"/>
</tomcat-users>
</tomcat-users><role rolename="tomcat"/><role rolename="role1"/><user username="tomcat" password="tomcat" roles ="tomcat"/><user username="both" password="tomcat" roles="tomc at,role1"/><user username="role1" password="tomcat" roles="rol e1"/><role rolename="manager"/><user username="tomcat" password="tomcat" roles="ma nager"/>
</tomcat-users>
tomcat-users.xmltomcat-users.xml
Copyright ©2000-9 CRS Enterprises Ltd 64
Tomcat RealmsRealms Available
UserDatabaseRealmthe built in realm
JDBCRealmstore users in Oracle, Sybase, DB2 ..
JNDIRealmstore users in LDAP, Active Directory ...
JAASRealmstore users in customized system
Realms defined in server.xml
Copyright ©2000-9 CRS Enterprises Ltd 65
Memory RealmSimple Realm
specified in server.xmlnot for production use
<GlobalNamingResources><!-- UserDatabaseRealm to authenticate users --><Resource
auth="Container" description="User database" factory="org.apache.catalina.users.MemoryUserDataba seFactory" name="UserDatabase" pathname=" conf/tomcat-users.xml " type="org.apache.catalina.UserDatabase"/>
</GlobalNamingResources>
server.xmlserver.xml
Copyright ©2000-9 CRS Enterprises Ltd 66
JDBC RealmMore useful Realm
can be used for production usedetails in online manual
<GlobalNamingResources><Realm
className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="org.gjt.mm.mysql.Driver" connectionURL="jdbc:mysql:myauthority?user=admin&am p;password=pass" userTable="users" userNameCol="user_name" userCredCol="user_pass" userRoleTable="user_roles" roleNameCol="role_name"/>
</GlobalNamingResources>
server.xmlserver.xml
Copyright ©2000-9 CRS Enterprises Ltd 67
How to Secure EntitiesUse JEE Deployment Descriptors
original way of securing JEE resources (Servlets, J SPs, EJBs)specified in XML => embedded in WAR, JAR, EAR file
Use Programmatic Securityembed security in Java codevery flexibledifficult for Administrators to modify
Copyright ©2000-9 CRS Enterprises Ltd 68
Protecting Web ApplicationsAuthorization
Using Declarative Security: define roles that should access the protected resou rces determine Web Application resources that must be pr otected map protected resource to roles that should access them
Programmatic Security:security embedded in Java codedifficult to maintain, but more flexible
Roles are vendor independentmap roles to users/groups in the vendor's security realm
Authenticationall security requires an authentication mechanism
provided by vendor
Copyright ©2000-9 CRS Enterprises Ltd 69
Authentication - Login Pagesupplied by the Web Server or by the application:
BASIC Web browser displays a dialog boxFORM uses a custom JSP form with username and passwordCLIENT-CERT uses client certificates
<login-config> <auth-method>BASIC||FORM ||CLIENT-CERT</auth-method> <form -login-config> <form -login-page>login.jsp</form -login-page> <form -error-page>badLogin.jsp</form -error-page>
</form -login-config> </login-config>
<login-config> <auth-method> BASIC||FORM||CLIENT-CERT</auth-method> <form -login-config> <form -login-page>login.jsp</form -login-page> <form -error-page>badLogin.jsp</form -error-page>
</form -login-config> </login-config>
Copyright ©2000-9 CRS Enterprises Ltd 70
Form AuthenticationYou supply the login page
JSP, a Servlet, or an HTML page
must have the fieldsj_usernamej_passwordj_security_check
<form method="POST" action="j_security_check"> <input type="text" name="j_username"> <input type="password" name="j_password"> <input type="SUBMIT">
</form>
<form method="POST" action=" j_security_check "> <input type="text" name=" j_username "> <input type="password" name=" j_password "> <input type="SUBMIT">
</form>
Copyright ©2000-9 CRS Enterprises Ltd 71
Authorization - Web Resources You can apply security constraints to resources in your
Web applicationusers must already be authenticated
<security-constraint> <web-resource-collection> <web-resource-name>My Resource</web-resource-name> <url-pattern>/sports/*</url-pattern> <http-method>POST</http-method>
</web-resource-collection><auth-constraint><role-name>Users</role-name><role-name>Managers</role-name>
</auth-constraint>
<security-constraint> <web-resource-collection> <web-resource-name>My Resource</web-resource-name> <url-pattern> /sports/* </url-pattern> <http-method>POST</http-method>
</web-resource-collection><auth-constraint><role-name> Users </role-name><role-name> Managers </role-name>
</auth-constraint>
<security-role> <role-name>Users</role-name>
</security-role> <security-role>
<role-name>Managers</role-name> </security-role>
<security-role> <role-name> Users </role-name>
</security-role> <security-role>
<role-name> Managers </role-name> </security-role>
Copyright ©2000-9 CRS Enterprises Ltd 72
Programmatic AuthenticationGenerate content based on a user's role
HttpServletRequest interface defines isUserInRole()to determine if the current user is in a specified role.
<% if(request.isUserInRole("Manager")) {
%><jsp:include page="managerMenu.jsp"/>
<%} else {
%> <jsp:include page="basicMenu.jsp"/>
<%}
%>
<% if(request. isUserInRole ("Manager")) {
%><jsp:include page="managerMenu.jsp"/>
<%} else {
%> <jsp:include page="basicMenu.jsp"/>
<%}
%>
Copyright ©2000-9 CRS Enterprises Ltd 73
Role Assignment Vendor provides role mappings to real users and gro ups
<security-role-assignment> <role-name>Users</role-name> <principal-name>employees</principal-name>
</security-role-assignment>
<security-role-assignment> <role-name>Managers</role-name> <principal-name>zoe</principal-name> <principal-name>susan</principal-name>
</security-role-assignment>
<security-role-assignment> <role-name> Users </role-name> <principal-name> employees </principal-name>
</security-role-assignment>
<security-role-assignment> <role-name> Managers </role-name> <principal-name> zoe</principal-name> <principal-name> susan </principal-name>
</security-role-assignment>
Copyright ©2000-9 CRS Enterprises Ltd 76
6. SSL
Copyright ©2000-9 CRS Enterprises Ltd 77
SSL
Copyright ©2000-9 CRS Enterprises Ltd 78
SSLSymmetric Key Encryption
one key to encrypt and decrypt
PKI Encryptionpublic and private keys to encrypt and decrypt
Digital Signatureshow to authenticate sources
Digital Certificatestamperproof distribution of keys
Copyright ©2000-9 CRS Enterprises Ltd 79
plain text plain textciphertext
encrypt decrypt
Conventional EncryptionSymmetric Key Encryption
one key encrypts and decryptsfast bulk encryption
Copyright ©2000-9 CRS Enterprises Ltd 80
DES - Data Encryption StandardData Encryption Standard
adopted 1977 by US Government56 bit keyencryption in 64 bit blocks
DES came from IBM research project called LUCIFER128 bit keyencryption in 128 bit blocks
DES uses multiple permutationsdecryption is in reverse orderresistant to differential cryptanalysis
Copyright ©2000-9 CRS Enterprises Ltd 81
Decryption by Brute ForceDES now considered breakable
fastest computers can crack DES in minutes?
If 56 bit DES could be decrypted in 10 -6 secs ...then longer keys would take:
76 bit key 1 sec82 bit key 1 min88 bit key 1 hour93 bit key 1 day101 bit key 1 year111 bit key 1000 years121 bit key 1,000,000 years128 bit key 150,000,000 years
Copyright ©2000-9 CRS Enterprises Ltd 82
plain text plain textciphertext
encrypt decrypt
Public Key InfrastructurePublic and Private Key Encryption
two keys to encrypt and decryptslow for bulk encryptiongood for key distribution
Copyright ©2000-9 CRS Enterprises Ltd 83
plain text plain textciphertext
encrypt decrypt
A B
B's public key B's private key
PKI - SecrecyA sends a secret message to B
only B can decrypt the message (using B's private k ey)message might have been sent by an imposter
Copyright ©2000-9 CRS Enterprises Ltd 84
plain text plain textciphertext
encrypt decrypt
A B
A's private key A's public key
PKI - AuthenticationA sends an authenticated message to B
everyone can decrypt the message (using A's public key)only A could have sent the the message (B decrypts using A's public key)
Copyright ©2000-9 CRS Enterprises Ltd 85
plain text plain textciphertext
encrypt decrypt
A B
A's private key A's public keyB's public key B's private key
PKI - Authentication and PrivacyA sends a private, authenticated message to B
only B can decrypt the message (using B's private k ey)only A could have sent the the message (B decrypts using A's public key)
Copyright ©2000-9 CRS Enterprises Ltd 86
A B
Man
in the
Middle
Man in the Middle AttackX intercepts B's public key
substitutes his own public key
X can now intercept messages from Aand can hence impersonate A
B's private key
X's public key
A's private key
X's public key
A's public key
X's private key
X's private key
B's public key
Copyright ©2000-9 CRS Enterprises Ltd 87
PKI - Key LengthsKeys are the product of 2 prime numbersLonger keys are required for PKI than symmetric key
encryptionprimes become scarce as numbers get large
Copyright ©2000-9 CRS Enterprises Ltd 88
Digital Certificate
Public KeyDistinguished Name
Expiry DateName of Certificate Authority
Other useful information
Public KeyDistinguished Name
Expiry DateName of Certificate Authority
Other useful information
CA's Public Key
CA's Digital Signature
CA's Public Key
CA's Digital Signature
Digital CertificateDigital Certificate
Copyright ©2000-9 CRS Enterprises Ltd 89
Certificate Chains
CA’scertificate
CA’scertificate
CACA
Certificatefor
abc.com
Certificatefor
abc.com
CACA
Certificatefor
xyz.com
Certificatefor
xyz.com
abc.comabc.com
CertificateforJoe
CertificateforJoe
xyz.comxyz.com
signed
Copyright ©2000-9 CRS Enterprises Ltd 90
Digital Signatures ...
Text
Message
7483217
74832177483217
one way hash one way hash
SENDER RECEIVER
?Tyj^eW
Text
Message
?Tyj^eW
public key
private key
Copyright ©2000-9 CRS Enterprises Ltd 91
Digital Signature
send to clientsend to client
Digital CertificateDigital Certificate
TextMessage
TextMessage
Encrypted HashEncrypted Hash
Digital CertificateDigital Certificate
Hashed TextMessage
Hashed TextMessage
Decrypted HashDecrypted Hash
Copyright ©2000-9 CRS Enterprises Ltd 92
One Way SSL
TomcatTomcatcertificate
Server sends certificate to browserchecked against trusted CAs
Copyright ©2000-9 CRS Enterprises Ltd 93
Two Way SSL
TomcatTomcat
certificate
Server sends certificate to browserchecked against trusted CAs
Browser sends certificate to serverchecked against authorized users
certificate
Copyright ©2000-9 CRS Enterprises Ltd 94
Configuring SSL on Tomcat1. Generate Private Key and Self Certified Certific ate
add to your keystore
2. Generate a certificate signing request - CSRsend it to your CA
3. On receipt, import into your cacerts keystoretrusted certificates are store in a different keyst ore
4. Import your new certificateinto your keystore
5. Update Tomcat configurationmodify server.xml
Copyright ©2000-9 CRS Enterprises Ltd 95
Using Sun's KeytoolGenerate Private Key and Certificate
Generate CSRset NAME="CN=localhost, OU=me, O=me, C=UK"
@REM -- Generate Certificate Requestkeytool -certreq -v -alias myPrivateKeyAlias ^
-file myCertificateRequest.pem ^-keypass myPassword ^-storepass myPassword ^-keystore myIdentityKeystore.jks
set NAME="CN=localhost, OU=me, O=me, C=UK"
@REM -- Generate Certificate Requestkeytool -certreq -v -alias myPrivateKeyAlias ^
-file myCertificateRequest.pem ^-keypass myPassword ^-storepass myPassword ^-keystore myIdentityKeystore.jks
set NAME="CN=localhost, OU=me, O=me, C=UK"
@REM -- create Private Key and Self Signed Certificatekeytool -genkey -v -alias myPrivateKeyAlias ^
-keyalg RSA -keysize 512 ^-dname %NAME% -keypass myPassword ^-validity 365 -keystore myIdentityKeystore.jks ^-storepass myPassword
set NAME="CN=localhost, OU=me, O=me, C=UK"
@REM -- create Private Key and Self Signed Certificatekeytool -genkey -v -alias myPrivateKeyAlias ^
-keyalg RSA -keysize 512 ^-dname %NAME% -keypass myPassword ^-validity 365 -keystore myIdentityKeystore.jks ^-storepass myPassword
keys must be the same
Copyright ©2000-9 CRS Enterprises Ltd 96
Configuring TomcatUncomment connector section
from server.xml
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"maxThreads="150" scheme="https" secure="true"clientAuth="false" sslProtocol="TLS" keystoreFile="C:/... /myIdentityKeystore.jks"keystorePass="myPassword"/>
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"maxThreads="150" scheme="https" secure="true"clientAuth="false" sslProtocol="TLS" keystoreFile="C:/... /myIdentityKeystore.jks"keystorePass="myPassword"/>
Copyright ©2000-9 CRS Enterprises Ltd 98
7. Web Services
Copyright ©2000-9 CRS Enterprises Ltd 99
Web Services
Copyright ©2000-9 CRS Enterprises Ltd 100
Goals of Distributed ServicesPlatform independence
Unix / Windows
Language independenceJava, C++, C#, Python, PERL
Location transparencyservice can move without breaking clients
Service resiliencymultiple copies of a service
Fault toleranceclustering
Copyright ©2000-9 CRS Enterprises Ltd 101
Industry Solutions ...CORBA
Common Object Request Broker Architecturehigh-level architecture for object management
Problems:too complexinterfaces too rigidvendors find it difficult to comply with specificat ion
ServerServer ClientClient
ORB(location transparency)
ORB(location transparency)
SkeletonSkeleton ProxyProxy
NamingService
NamingService
register object
Copyright ©2000-9 CRS Enterprises Ltd 102
... Industry SolutionsEnterprise JavaBeans (EJB)
easier than CORBARMI-basedonly for Java systems
DCOMSimilar to CORBA
Microsoft only technologiesRelies heavily on code generation/wizards
Too complex
Copyright ©2000-9 CRS Enterprises Ltd 103
The ProblemHeterogeneity of Systems
multiple programming languages (Java, C++, VB, Perl , A+)multiple operating systems (Solaris, NT, Linux, IRI X)multiple transport protocols (HTTP, HTTPS, TCP, MQ)
We need a distributed computing framework that:reduces complexityeasy to develop withallows easy maintenance and distribution of service s
Application services, not just “web services”multi-transport support offers option of QoS to cli ents
Copyright ©2000-9 CRS Enterprises Ltd 104
The Strategy – SOAPSimple Object Access Protocol (SOAP)
its SIMPLE!messaging protocol
platform, language and transport neutralleverages XML
flexiblepromotes integration of web services (HTTP) with ap plication services
(non-HTTP)
Copyright ©2000-9 CRS Enterprises Ltd 105
ClientProcess
(C++)
ClientProcess
(C++)
What is a Service?
SOAP Server
SOAP Clients
Derivative Calculator
Derivative Calculator
SOAP RequestSOAP
RequestClient
Process(C#)
ClientProcess
(C#)
ClientProcess(Java)
ClientProcess(Java) Services
SOAP Response
SOAP Response
RuntimeRuntime
Copyright ©2000-9 CRS Enterprises Ltd 106
The Big Picture
SOAPServer
SOAPServer
TCP
HTTP
MQ
SOAPClient
SOAPClient
ClientProcess(Java)
ClientProcess(Java)
SOAP RequestSOAP
Request
SOAP Response
SOAP Response
Copyright ©2000-9 CRS Enterprises Ltd 107
<SOAP-ENV:Body>
</SOAP-ENV:Body>
<SOAP-ENV:Body>
</SOAP-ENV:Body>
<SOAP-ENV:Envelope xmlns:SOAP-ENV=http://schemas.xmlsoap.org/soap/envelope>
</SOAP-ENV:Envelope >
<SOAP-ENV:Envelope xmlns:SOAP-ENV=http://schemas.xmlsoap.org/soap/envelope>
</SOAP-ENV:Envelope >
SOAP message format
BodyBody
EnvelopeEnvelope
<CorpDirSearchRequest xmlns=http://saseo1/appmw/corpdir/>
<Criteria><EmployeeID>60877</EmployeeID>
</Criteria></CorpDirSearchRequest>
<CorpDirSearchRequest xmlns=http://saseo1/appmw/corpdir/>
<Criteria><EmployeeID>60877</EmployeeID>
</Criteria></CorpDirSearchRequest>
ActionAction
Copyright ©2000-9 CRS Enterprises Ltd 108
SOAP Envelope: Request
<SOAP-ENV:Envelope xmlns:SOAP-ENV=http://schemas.xmlsoap.org/soap/envelope/>
<SOAP-ENV:Header><RequestID>1234</RequestID><Principal mustUnderstand="1">sterns</Principal>
</SOAP-ENV:Header><SOAP-ENV:Body><CorpDirSearchRequest xmlns=http://saseo1/appmw/cor pdir/><Criteria>
<EmployeeID>60877</EmployeeID></Criteria>
</CorpDirSearchRequest></SOAP-ENV:Body>
</SOAP-ENV:Envelope>
<SOAP-ENV:Envelope xmlns:SOAP-ENV=http://schemas.xmlsoap.org/soap/envelope/>
<SOAP-ENV:Header><RequestID>1234</RequestID><Principal mustUnderstand="1">sterns</Principal>
</SOAP-ENV:Header><SOAP-ENV:Body ><CorpDirSearchRequest xmlns=http://saseo1/appmw/cor pdir/><Criteria>
<EmployeeID>60877</EmployeeID></Criteria>
</CorpDirSearchRequest></SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Copyright ©2000-9 CRS Enterprises Ltd 109
SOAP Envelope: Response
<SOAP-ENV:Envelope xmlns:SOAP-ENV=http://schemas.xmlsoap.org/soap/envelope/>
<SOAP-ENV:Header><RequestID>1234</RequestID><Principal mustUnderstand="1">sterns</Principal>
</SOAP-ENV:Header><SOAP-ENV:Body><CorpDirSearchResponse xmlns=http://saseo1/appmw/co rpdir/><Employee>
<FirstName>Stephen</FirstName><LastName>Stern</LastName>
</Employee></CorpDirSearchResponse>
</SOAP-ENV:Body></SOAP-ENV:Envelope>
<SOAP-ENV:Envelope xmlns:SOAP-ENV=http://schemas.xmlsoap.org/soap/envelope/>
<SOAP-ENV:Header><RequestID>1234</RequestID><Principal mustUnderstand="1">sterns</Principal>
</SOAP-ENV:Header><SOAP-ENV:Body ><CorpDirSearchResponse xmlns=http://saseo1/appmw/co rpdir/><Employee>
<FirstName>Stephen</FirstName><LastName>Stern</LastName>
</Employee></CorpDirSearchResponse>
</SOAP-ENV:Body></SOAP-ENV:Envelope>
Copyright ©2000-9 CRS Enterprises Ltd 110
SOAP Envelope: Fault
<SOAP-ENV:Envelope xmlns:SOAP-ENV=http://schemas.xmlsoap.org/soap/envelope/>
<SOAP-ENV:Header><RequestID>1234</RequestID>
</SOAP-ENV:Header><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Server</faultcode><faultstring>Could not connect to database</faultst ring><faultactor>Slashnservice</faultactor><detail>JDBC Error Code: 989</detail>
</SOAP-ENV:Fault></SOAP-ENV:Body>
</SOAP-ENV:Envelope>
<SOAP-ENV:Envelope xmlns:SOAP-ENV=http://schemas.xmlsoap.org/soap/envelope/>
<SOAP-ENV:Header><RequestID>1234</RequestID>
</SOAP-ENV:Header><SOAP-ENV:Body ><SOAP-ENV:Fault><faultcode>SOAP-ENV:Server</faultcode><faultstring>Could not connect to database</faultst ring><faultactor>Slashnservice</faultactor><detail>JDBC Error Code: 989</detail>
</SOAP-ENV:Fault></SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Copyright ©2000-9 CRS Enterprises Ltd 111
Disadvantages of SOAP?Verbose XML
bandwidth problem
Performance penalty for parsing XML…various solutions have been explored
including Tarari (hardware)implementing our own Binary XML
Copyright ©2000-9 CRS Enterprises Ltd 114
8. Clustering
Copyright ©2000-9 CRS Enterprises Ltd 115
Clustering
Copyright ©2000-9 CRS Enterprises Ltd 116
What is a Cluster?A Tomcat Server cluster consists of multiple Tomcat
Server instances running simultaneouslyworking together to provide increased scalability a nd reliability
A cluster appears to clients to be a single Tomcat Server instanceserver instances can run on the same machine or belocated on different machines
You can increase a cluster’s capacity by adding additional server instances to the cluster
You can have more than one clusterfront end for Web Appsback end for POJOs (Spring) or EJBs (using OpenEJB)
Copyright ©2000-9 CRS Enterprises Ltd 117
Benefits of ClusteringLoad Balancing
request can be balanced across servers in a clusterseveral load balancing algorithms are available
Fail Overif one server fails application fails over to anoth er server
Scalabilityif current configuration has limited throughput you can add extra servers
to the clusterthroughput is almost linearly proportional to numbe r of servers in the
cluster
Copyright ©2000-9 CRS Enterprises Ltd 118
What Components Can Be Clustered?Components that can be clustered
ServletsJSPsEJBsRMI objectsJMS destinationsJDBC connections
These components are usually deployed to all server s in the clusterbut you can deploy to part of a cluster
Copyright ©2000-9 CRS Enterprises Ltd 119
Cluster TopologyClusters spread across different machines
LAN, WAN or MANuse unicast or multicast to communicatecan have more than 1 server on a given machine
proxyserver
server1 server4
server3AdminServer
machine1 machine2 machine3
server2
Copyright ©2000-9 CRS Enterprises Ltd 120
Combined Tier
JSPServlet
EJB
JSPServlet
EJB
JSPServlet
EJB
JSPServlet
EJB
JSPServlet
EJB
JSPServlet
EJB
LoadBalancer
LoadBalancer
Firew
allF
irewall
Internet
Internet DatabaseDatabase
Presentation and Business tiers combined
Copyright ©2000-9 CRS Enterprises Ltd 121
Split TiersPresentation Tier Cluster at front endBusiness Tier Cluster at back end
JSPServlet
JSPServlet
JSPServlet
JSPServlet
JSPServlet
JSPServlet
LoadBalancer
LoadBalancer
Firew
allF
irewall
Internet
Internet DatabaseDatabase
EJBEJB
EJBEJB
EJBEJB
Copyright ©2000-9 CRS Enterprises Ltd 122
Proxy Front End
JSPServlet
EJB
JSPServlet
EJB
JSPServlet
EJB
JSPServlet
EJB
JSPServlet
EJB
JSPServlet
EJB
ProxyServer
ProxyServer
Firew
allF
irewall
Internet
Internet DatabaseDatabase
With Presentation and Business tiers combined
ApacheIIS
Copyright ©2000-9 CRS Enterprises Ltd 123
Proxy and Split TiersWith Split tiers
JSPServlet
JSPServlet
JSPServlet
JSPServlet
JSPServlet
JSPServlet
ProxyServer
ProxyServer
Firew
allF
irewall
Internet
Internet DatabaseDatabase
EJBEJB
EJBEJB
EJBEJB
ApacheIIS
Copyright ©2000-9 CRS Enterprises Ltd 124
Architecture RecommendationsPlace static web content on separate web server in DMZ
Apache or IIS
Use combined tier topologyunless business logic heavily outweighs presentatio n logicsimpler configurationless network hops
Use hardware load balancersmuch faster
Proxy using http and not httpstry to avoid https on back endslowermore certificates required
Copyright ©2000-9 CRS Enterprises Ltd 125
VirtualizationMany customers are considering using Virtualization
to cut costsimprove performance
Oracle WebLogic Server Virtual Edition allows you to run Oracle WebLogic Server directly o n a hypervisor (e.g.
VMware ESX) without a standard operating system
Runs on top of LiquidVMa light-weight, high-performance virtual machine containing a software layer that directly connects system-level calls from
Oracle JRockit JVM no general-purpose operating system or other proces ses are running
Copyright ©2000-9 CRS Enterprises Ltd 128
9. Performance Tuning
Copyright ©2000-9 CRS Enterprises Ltd 129
Performance Tuning
Copyright ©2000-9 CRS Enterprises Ltd 130
Tuning RoadmapOperating System Tuning
sockets
Java Virtual Machinesvendor (Sun, Oracle, IBM)GCmemory
Tomcat ServerthreadingHttpSessions
DataBase Tuningconnection pool
Copyright ©2000-9 CRS Enterprises Ltd 131
JConsoleMonitor Tomcat
memory, threads, classes, MBeans
Copyright ©2000-9 CRS Enterprises Ltd 132
JVisualVM ...
Copyright ©2000-9 CRS Enterprises Ltd 133
... JVisualVM
Copyright ©2000-9 CRS Enterprises Ltd 134
Profiler ToolsOptimizeIt Java Performance Profiler
A performance debugging tool for Solaris and NThttp://www.codework.com/optimize/product.html
Hewlett Packard JMeter A Hewlett Packard tool for analyzing profiling info rmation.http://jakarta.apache.org/jmeter/
JProbe Profiler with Memory DebuggerA family of products that provide the capability to detect performance
bottlenecks, perform code coverage and other metric shttp://www.sitraka.com/software/jprobe/
Mercury Interactive's Topazapplication performance management solutionhttp://www-heva.mercuryinteractive.com/products/
Copyright ©2000-9 CRS Enterprises Ltd 135
JMeterdownload from http://jakarta.apache.org/jmeter/
Copyright ©2000-9 CRS Enterprises Ltd 136
Tuning the O/SMost important tuning parameters are
TCP wait_time TCP queue sizecaused by the operating system’s failure to release old sockets from a
close_wait callcan lead to
connection refused on server-side too many open files on server-sideaddress in use: connect on the client-side
ndd -set /dev/tcp tcp_conn_req_max_q 16384ndd -set /dev/tcp tcp_conn_req_max_q 16384SolarisSolaris
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service s\Tcpip\Parameters key:MaxUserPort = dword:00004e20 (20,000 decimal)TcpTimedWaitDelay = dword:0000001e (30 decimal)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service s\Tcpip\Parameters key:MaxUserPort = dword:00004e20 (20,000 decimal)TcpTimedWaitDelay = dword:0000001e (30 decimal)
WindowsWindows
Copyright ©2000-9 CRS Enterprises Ltd 137
DatabaseMake sure database is not on the same machine as
Tomcatdatabase will hog the CPUTomcat tuning will be ineffective
TomcatServer
TomcatServer
TomcatServer
TomcatServer
Machine1
Machine2DatabaseDatabase
Machine3
Copyright ©2000-9 CRS Enterprises Ltd 138
DatabaseTomcat Server and Databases
deploy on different machines
Is the Database a bottleneck?typically requires 3-4 times as much resources
Exclusive Accessimproves performance considerablycan't be employed on a cluster
Copyright ©2000-9 CRS Enterprises Ltd 139
Garbage CollectionAutomatic detection and reclaiming of unused
heap memory
Advantagesreduces likelihood of memory leakreduces likelihood of crash due to premature freein g of memorygenerally simplifies code
Disadvantagesperformance overheadusually deals only with
memory, not otherresources
Copyright ©2000-9 CRS Enterprises Ltd 140
How a Garbage Collector WorksStart with a set of
"root" referencesperhaps global
variables
Determine "live"objects from theroot set
"reachability"
Conservative collectormay not find all unreachableobjects
may not be able to detect all object referencesmay be hard to differentiate between ref and int
Root Set
Copyright ©2000-9 CRS Enterprises Ltd 141
Mark and SweepMore accurate
Trace object graphfrom root reference
mark each objectas "reachable"
All non markedobjects may becollected
More performanceoverhead
two or more passes through the heapapplication paused while collector runs
Root Set
unreachable
Copyright ©2000-9 CRS Enterprises Ltd 142
Heap Fragmentation
Heap can become fragmented over time
Requests for memory may be refusedenough available memory but not contiguous
Free
Copyright ©2000-9 CRS Enterprises Ltd 143
Generational Garbage CollectionMost objects are short lived
"infant mortality"
Allocate new objects from one region of the heapuse fast garbage collector regularly
Move longer lived objects to another regiongarbage collector runs less often herecan use more effective (or slower) algorithm
longer lived objects
"new" region "old" region
Copyright ©2000-9 CRS Enterprises Ltd 144
Heap Organisation
Permanent section used for reflective dataclass, method objects
New Objects allocated from EdenSS1 and SS2 are used in for copying objects"Survival Spaces"
Optional incremental collection for old region
Perm Old SS1 SS2 Eden
64Mb Old New
JVM Tuneable
Total Heap Size
Copyright ©2000-9 CRS Enterprises Ltd 145
Collecting the New Region"Minor" collection
copy live objects to Survival Space
OldSS1 SS2 Eden
OldSS1 SS2 Eden
OldSS1 SS2 Eden
OldSS1 SS2 Eden
Copyright ©2000-9 CRS Enterprises Ltd 146
Collecting the Old RegionMajor Collection
mark and compactmuch slower than minor collection
OldSS1 SS2 Eden
OldSS1 SS2 Eden
Marked fordeletion
Copyright ©2000-9 CRS Enterprises Ltd 147
Monitoring GCDifferent applications have different object usage patterns
garbage collector may require tuning
Use the -verbose:gc flag when running programreports statistics on each run of the collector
[GC 707K[GC 707K[GC 707K[GC 707K---->432K(1984K), 0.0045157 secs]>432K(1984K), 0.0045157 secs]>432K(1984K), 0.0045157 secs]>432K(1984K), 0.0045157 secs]
[GC 944K[GC 944K[GC 944K[GC 944K---->943K(1984K), 0.0081382 secs]>943K(1984K), 0.0081382 secs]>943K(1984K), 0.0081382 secs]>943K(1984K), 0.0081382 secs]
[GC 1455K[GC 1455K[GC 1455K[GC 1455K---->1423K(1984K), 0.0078742 secs]>1423K(1984K), 0.0078742 secs]>1423K(1984K), 0.0078742 secs]>1423K(1984K), 0.0078742 secs]
[GC 1935K[GC 1935K[GC 1935K[GC 1935K---->1871K(2496K), 0.0068408 secs]>1871K(2496K), 0.0068408 secs]>1871K(2496K), 0.0068408 secs]>1871K(2496K), 0.0068408 secs]
[Full GC 1871K[Full GC 1871K[Full GC 1871K[Full GC 1871K---->600K(2496K), 0.0254038 secs]>600K(2496K), 0.0254038 secs]>600K(2496K), 0.0254038 secs]>600K(2496K), 0.0254038 secs]
[GC 1111K[GC 1111K[GC 1111K[GC 1111K---->1111K(1984K), 0.0064123 secs]>1111K(1984K), 0.0064123 secs]>1111K(1984K), 0.0064123 secs]>1111K(1984K), 0.0064123 secs]
[GC 1623K[GC 1623K[GC 1623K[GC 1623K---->1592K(2112K), 0.0070688 secs]>1592K(2112K), 0.0070688 secs]>1592K(2112K), 0.0070688 secs]>1592K(2112K), 0.0070688 secs]
[Full GC 1592K[Full GC 1592K[Full GC 1592K[Full GC 1592K---->686K(2112K), 0.0261748 secs]>686K(2112K), 0.0261748 secs]>686K(2112K), 0.0261748 secs]>686K(2112K), 0.0261748 secs]
............
[GC 707K[GC 707K[GC 707K[GC 707K---->432K(1984K), 0.0045157 secs]>432K(1984K), 0.0045157 secs]>432K(1984K), 0.0045157 secs]>432K(1984K), 0.0045157 secs]
[GC 944K[GC 944K[GC 944K[GC 944K---->943K(1984K), 0.0081382 secs]>943K(1984K), 0.0081382 secs]>943K(1984K), 0.0081382 secs]>943K(1984K), 0.0081382 secs]
[GC 1455K[GC 1455K[GC 1455K[GC 1455K---->1423K(1984K), 0.0078742 secs]>1423K(1984K), 0.0078742 secs]>1423K(1984K), 0.0078742 secs]>1423K(1984K), 0.0078742 secs]
[GC 1935K[GC 1935K[GC 1935K[GC 1935K---->1871K(2496K), 0.0068408 secs]>1871K(2496K), 0.0068408 secs]>1871K(2496K), 0.0068408 secs]>1871K(2496K), 0.0068408 secs]
[Full GC 1871K[Full GC 1871K[Full GC 1871K[Full GC 1871K---->600K(2496K), 0.0254038 secs]>600K(2496K), 0.0254038 secs]>600K(2496K), 0.0254038 secs]>600K(2496K), 0.0254038 secs]
[GC 1111K[GC 1111K[GC 1111K[GC 1111K---->1111K(1984K), 0.0064123 secs]>1111K(1984K), 0.0064123 secs]>1111K(1984K), 0.0064123 secs]>1111K(1984K), 0.0064123 secs]
[GC 1623K[GC 1623K[GC 1623K[GC 1623K---->1592K(2112K), 0.0070688 secs]>1592K(2112K), 0.0070688 secs]>1592K(2112K), 0.0070688 secs]>1592K(2112K), 0.0070688 secs]
[Full GC 1592K[Full GC 1592K[Full GC 1592K[Full GC 1592K---->686K(2112K), 0.0261748 secs]>686K(2112K), 0.0261748 secs]>686K(2112K), 0.0261748 secs]>686K(2112K), 0.0261748 secs]
............
Object spacebefore collection
Object spaceafter collection
Total sizeof availableheap
Time tocollect
MajorCollection
MinorCollection
Copyright ©2000-9 CRS Enterprises Ltd 148
Total Heap SizeHeap size varies between min and max value
to keep free space to live objects ratio within lim its
Default
----XX:MinHeapFreeRatioXX:MinHeapFreeRatioXX:MinHeapFreeRatioXX:MinHeapFreeRatio
----XmsXmsXmsXms
----XmxXmxXmxXmx
----XX:MinHeapFreeRatioXX:MinHeapFreeRatioXX:MinHeapFreeRatioXX:MinHeapFreeRatio
MinimumHeap Size
MaximumHeap Size
40
70
2m
64m
Option
MinimumFree Ratio
MaximumFree Ratio
Recommended