Tomcat 7#


Tomcat upgrade to release

Let's play a bit with Tomcat 7 and see if my apps are still working......


Download the usual way from

Split manager role#

If you are using conf/tomcat-users.xml, then split up the manager role in 4 roles:

  <role rolename="manager"/>
  <role rolename="manager-gui"/>
  <role rolename="manager-script"/>
  <role rolename="manager-jmx"/>
  <role rolename="manager-status"/>

lib directory#

new are:

  • ecj-3.6.jar (we use the Eclipse JDT compiler for JSP compilation, so we no longer require a full JDK, but a JRE insteed)
  • tomcat-api.jar ((Interfaces shared by Catalina and Jasper)) :
metskem@gneisenau:/usr/local/tomcat/lib$ jar -tf tomcat-api.jar 

We don't copy the old mysql-connector-java-5.1.7-bin.jar, but download a fresh mysql-connector-java-5.1.13-bin.jar from to the lib directory.


  • (if necessary) create keystore : keytool -genkey -alias tomcat -keystore keystore.jks
  • Update server.xml with ssl, add keystoreFile="${catalina.home}/conf/keystore" keystorePass="password" to ssl connector.
  • Update server.xml with prefix="access." suffix=".log" pattern="common"
  • Update server.xml with URIEncoding="UTF-8"
  • Update context.xml, uncomment manager pathname... to disable session persistence
  • Copy conf/keystore from old tomcat version (this has the SSL certificate we need for the https connector)

Starting up#

First remove *.bat from the bin directory (we don't need these for sure on linux).
The fire up the bin/ :

metskem@gneisenau:/usr/local/tomcat/bin$ ./ 
Using CATALINA_BASE:   /usr/local/tomcat
Using CATALINA_HOME:   /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME:        /usr
Using CLASSPATH:       /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
metskem@gneisenau:/usr/local/tomcat/bin$ Oct 8, 2010 3:30:29 PM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jvm/java-6-sun-
Oct 8, 2010 3:30:29 PM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Oct 8, 2010 3:30:29 PM org.apache.coyote.ajp.AjpProtocol init
INFO: Initializing Coyote AJP/1.3 on ajp-8009
Oct 8, 2010 3:30:29 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 737 ms
Oct 8, 2010 3:30:29 PM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Oct 8, 2010 3:30:29 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.2
Oct 8, 2010 3:30:29 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory host-manager
Oct 8, 2010 3:30:30 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory manager
Oct 8, 2010 3:30:30 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory examples
Oct 8, 2010 3:30:30 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory docs
Oct 8, 2010 3:30:30 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory ROOT
Oct 8, 2010 3:30:30 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Oct 8, 2010 3:30:30 PM org.apache.coyote.ajp.AjpProtocol start
INFO: Starting Coyote AJP/1.3 on ajp-8009
Oct 8, 2010 3:30:30 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 887 ms

Nice !

Configuring Tomcat in Eclipse#

SSL and users/roles#

See the WTP_Tomcat_FAQ

Open the server config and "Open launch configuration" :


Pick up the CATALINA_HOME and modify the server.xml there with something like :

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
   maxThreads="150" scheme="https" secure="true" URIEncoding="UTF-8" 
   clientAuth="false" sslProtocol="TLS" 
   keystoreFile="${catalina.home}/conf/keystore.jks" keystorePass="tomcat"/>

In the same location you can change your tomcat-users.xml !

Tomcat JDBCRealm#

Store your userids, passwords and roles in an SQL database.
See the tomcat docs for all reference information.

Create the database and tables#

Note: If you want to use digested passwords, you need varchar(32) for the user_pass column (instead of varchar(15))
create database tomcatuserDB;

create user 'tomcatuser'@'localhost' identified by "tomcatpassword";

use tomcatuserDB;

create table users (
  user_name         varchar(15) not null primary key,
  user_pass         varchar(32) not null

create table user_roles (
  user_name         varchar(15) not null,
  role_name         varchar(15) not null,
  primary key (user_name, role_name)

grant all privileges on tomcatuserDB.* to 'tomcatuser'@'localhost';

Now we have to insert a user/password, but we want to use digested passwords. Therefore we first have to generate an (md5) generated password (testpassword)(:

metskem@gneisenau:/usr/local/tomcat/lib$ java -cp catalina.jar:../bin/tomcat-juli.jar:tomcat-util.jar org.apache.catalina.realm.RealmBase -a md5 -e utf-8 testpassword

Then insert the row, and also insert a role row :

insert into users(user_name,user_pass) values('testuser','e16b2ab8d12314bf4efbd6203906ea6c');
insert into user_roles(user_name,role_name) values('testuser','manager-gui');

Setup Realm in server.xml#

The following is added to conf/server.xml :

      <Realm className="org.apache.catalina.realm.LockOutRealm">
       <Realm className="org.apache.catalina.realm.JDBCRealm"
              userTable="users" userNameCol="user_name" userCredCol="user_pass"
          userRoleTable="user_roles" roleNameCol="role_name"

Add new attachment

In order to upload a new attachment to this page, please use the following box to find the file, then click on “Upload”.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
tomcat-ssl.png 77.2 kB 1 14-Oct-2010 19:15 Harry Metske
« This page (revision-15) was last changed on 27-Oct-2010 18:12 by Harry Metske  
G’day (anonymous guest) User Preferences
Uptime8d, 16h 47m 41s
Number of pages256

Referenced by

JSPWiki v2.10.2-svn-32