Shulou(Shulou.com)06/01 Report--

How to analyze Tomcat Manager in depth, many novices are not very clear about this, in order to help you solve this problem, the following small series will explain in detail for everyone, there are people who need this can learn, I hope you can gain something.

Friends who care about Tomcat and have used Tomcat must have used its management application, which is manager under the webapps directory.

After starting Tomcat by default, for versions before Tomcat 7.0, you can enter the manager application by clicking the link on the left side of the Tomcat ROOT application main interface. After Tomcat 7.0, the interface changes to the following. You can access the manager app by clicking on the Manager app.

Regardless of the version, there is one prerequisite for using the manager app:

It requires a username and password.

Because the manager app sets the BASIC login authentication method, you need to configure the conf/tomcat-users.xml file before using it.

Add the following:

The username and password can be changed at will. The roles are used to set which role the user belongs to. If you want to use the manager application, you need to assign the manager-gui role to it.

Why this role?

Look here:

Located in the webapps/manager/WEB-INF/web.xml file, it has the following definition:

BASIC

Tomcat Manager Application

manager-gui

That is, we mentioned above that the verification method used is BASIC, and the specific role definition is manager-gui.

Once you have configured the users and roles in tomcat-users.xml, you can use it to manage Tomcat.

Go to manager app, enter the list of apps in sight

You can control the start, stop, reload, and unload of your app. Session can be disabled etc.

A good practice we can learn from Tomcat developers here is

It can be used to operate applications at the management level of the deployed application lifecycle. By default, it is not allowed to be used. Only configured users can use it, so as to avoid some online applications being hacked. We can imagine that if the default can be used freely, then if this configuration has not changed, the situation is not optimistic.

Below the list block are modules for application deployment

Two forms of deployment are supported here

Deploy directly using profiles

Deployment by selecting specific WAR files

Further down are interfaces for system analysis and for obtaining Server information

Let's pick a section of source code and analyze the manager application.

The source code for the manager application is located under the org.apache.catalina.manager package of the Tomcat source code.

The main class is ManagerServlet. Taking all deployed applications as an example, let's look at the specific implementation

Since the default output is html content, the final class to be directed to is HTMLManagerServlet, a subclass of ManagerServet.

The code for outputting the application list is as follows:

// Apps Row Section

// Create sorted map of deployed applications by context name.

Container children[] = host.findChildren();

String contextNames[] = new String[children.length];

for (int i = 0; i < children.length; i++)

contextNames[i] = children[i].getName();

Arrays.sort(contextNames);

for (String contextName : contextNames) {

Context ctxt = (Context) host.findChild(contextName);

if (ctxt != null) {

// Bugzilla 34818, alternating row colors

String contextPath = ctxt.getPath();

String displayPath = contextPath;

if (displayPath.equals("")) {

displayPath = "/";

} }}

Note the red lines of code, manager application is through the Host component, to obtain all the application information under the component, first obtain the name of all applications, and then through the name, and then obtain the corresponding specific information, and connect it into HTML content output.

From the above code, we can learn a good practice with Tomcat developers, is to modify the BUG corresponding to the label and code, in other people maintain the system, can be more convenient.

When deploying an application, you first need to check whether the prefix (ContextRoot) of the application already exists, because it is not allowed to have duplicate names in the application. This name detection is based on JMX implementation.

The code is as follows:

/**

* Invoke the isDeployed method on the deployer.

*/

protected boolean isDeployed(String name)

throws Exception {

String[] params = { name };

String[] signature = { "java.lang.String" };

Boolean result =

(Boolean) mBeanServer.invoke(oname, "isDeployed", params, signature);

return result.booleanValue();

Did reading the above help you? If you still want to have further understanding of related knowledge or read more related articles, please pay attention to the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.