tomcat做web服务
虚拟主机示例
1,定义2个虚拟主机
# 在server.xml中,找到默认的localhost虚拟主机,在其上面位置,即engine下一层,定义2个虚拟主机
# pc 网页目录放在webapps/pc之下,采用相对路径,相对<prefix>/webapps/目录,本例是在/usr/local/tomcat/webapps/pc目录下
# pc和bbs都定义了2个context,类比:nginx的location
# 定义valve,valve类比nginx的指令;AccessLogValve类比:nginx的log_format,access_log的指令,还定义了日志的格式,日志文件位置,前缀,后缀;
# appBase定义了虚拟主机的网页文件根目录
# path对应了uri的路径
# docBase定义了每个context即uri对应的网页文件存放在文件系统的路径
# 均可采用相对路径,绝对路径,相对路径相对于<prefix>/webapps,绝对路径注意权限问题;
# 日志路径,采用相对路径,<prefix>/logs
# bbs 网页目录放在单独的/www/bbs之下,不在默认的webapps目录下,需注意权限问题;
[root@host2 conf]# cat server.xml
<Host name="www.pc.com" appBase="webapps/pc"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="" reloadable="true"/>
<Context path="/img" docBase="img" reloadable="true"/>
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="pc_access_log" sufffix=".txt"
pattern="%h %l %t "%r" %s %b" />
</Host>
<Host name="www.bbs.com" appBase="/www/bbs"
unpackWARs="true" autoDeply="true">
<Context path="" docBase="" reloadable="true"/>
<Context path="/img" docBase="img" reloadable="true"/>
# path类比nginx的uri路径;
# docbase类比nginx中的uri对应的文件系统路径
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="bbs_access_log" sufffix=".txt"
pattern="%h %l %t "%r" %s %b" />
</Host>
# 语法测试
[root@host2 conf]# catalina.sh configtest
2,创建对应网页文件目录,并写入不同的.jsp网页文件
[root@host2 conf]# mkdir -pv /www/bbs/img
mkdir: created directory ‘/www’
mkdir: created directory ‘/www/bbs’
mkdir: created directory ‘/www/bbs/img’
[root@host2 conf]# mkdir -pv /usr/local/tomcat/webapps/pc/img
mkdir: created directory ‘/usr/local/tomcat/webapps/pc’
mkdir: created directory ‘/usr/local/tomcat/webapps/pc/img’
# 写入不同网页文件
[root@host2 conf]# vim /www/bbs/index.jsp
[root@host2 conf]# vim /www/bbs/img/index.jsp
[root@host2 conf]# vim /usr/local/tomcat/webapps/pc/index.jsp
[root@host2 conf]# vim /usr/local/tomcat/webapps/pc/img/index.jsp
# 如下jsp文件,只是把println输出改为不同内容,用于稍后区分;
# 分别改为:
bbs root index
bbs img index
pc root index
pc img index
[root@host2 conf]# cat /usr/local/tomcat/webapps/pc/img/index.jsp
<%@ page language="java" %>
<%@ page import="java.util.*" %>
<html>
<body>
<% out.println("pc img index"); %>
</body>
</html>
3,语法测试,重启
[root@host2 conf]# catalina.sh configtest
[root@host2 conf]# catalina.sh stop
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME: /usr/java/latest
Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
[root@host2 conf]# catalina.sh start
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME: /usr/java/latest
Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
Tomcat started.
# 查看对应的日志生成
[root@host2 logs]# pwd
/usr/local/tomcat/logs
[root@host2 logs]# ll
-rw-r----- 1 root root 290 Sep 3 16:04 pc_access_log.2020-09-03
-rw-r----- 1 root root 290 Sep 3 16:04 bbs_access_log.2020-09-03
4,访问测试如下:2个虚拟主机的2个主页都生效;
tomcat体系结构
下图为2张tomcat体系结构图
tomcat组件功用
- server:对应tomcat实例
- service:逻辑组件,封装多个connector和一个engine
- container:逻辑组件,engine,host,context,wrapper是四类容器组件
- connector:
- 监听套接字
- 和客户端建立连接
- protoctolHandler处理协议信息,如http,或ajp,发给自己的engine
- 接收响应数据,传回客户端
- engine:
- service内唯一
- 从connector处接收客户端请求,
- 分析客户端请求并传给对应的虚拟主机,层级上类似nginx的http
- engine处,可指定默认的虚拟主机
- host:
- 定义虚拟主机,每个host都是一个虚拟主机,
- context:
- 通过docbase 和path匹配对应的请求的uri,并交给内部的wrapper处理
- wrapper:
- context内部唯一,一般context内部不配置,采用默认的wrapper处理请求
- excutor:
- 为service组件提供线程池,确切的说是:为service内部的engine提供线程池
客户端请求处理流程
client(发请求)->connector(接收建立连接,分析协议请求,发给engine)->engine(转发给对应的虚拟主机)->host(匹配对应的context)-context(被匹配到的context交给其内wrapper处理)->wrapper(构建响应数据)->connector(加上响应头)->clinet(客户端接收到数据)
tomcat和nginx层次结构对比
# tomcat
<server>
<service>
<connector>
</connector>
<engine>
<host name="xx" appBase="xx">
<context path="xx" docBase="xx"/>
</host>
</engine>
</service>
</server>
# nginx
server { # server类比host
listen 80; # 类比connector,指定监听端口
server_name www.pc.com; # host的name属性,指定主机名
location / { # location类比context,/类比path,root或alias指令类比docBase
root /data/pc; # valve类比nginx的各种指令,提供各种功能配置,如日志配置,认证配置等;
}
location /img {
root /data/pc/img;
}
}
appBase、docBase
一个context是一个webapp
[root@host2 logs]# ll /usr/local/tomcat/webapps/
total 4
drwxr-x--- 16 root root 4096 Sep 2 14:56 docs
drwxr-x--- 6 root root 83 Sep 2 14:56 examples
drwxr-x--- 5 root root 87 Sep 2 14:56 host-manager
drwxr-x--- 5 root root 103 Sep 2 14:56 manager
drwxr-x--- 3 root root 283 Sep 2 14:56 ROOT
# 默认虚拟主配置
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
</Host>
# 默认的虚拟主机localhost的appbase是<prefix>/webapps
# 那其下每个目录docs host-manager manager...都是一个context了,都是一个webapp,
# 类比nginx一个虚拟主机搭建多个lnmp应用,http://www.bbs.com/wordpress是wordpress,../upload是discuz
# tomcat一个虚拟主机多个webapp应用,http://www.bbs.com:8080/manager 是一个,../examples也是一个
0,appBase和docBase定义
<host name="www.pc.com" appBase="webapps/pc">
<context path=“” docBase=""/>
</host>
<context path=“” docBase=""/>
等同于nginx的
location / {
}
#定义的是访问虚拟主机的默认主页
没有<context path=“” docBase=""/>这行时,访问的默认主页路径会是appBase/ROOT/index.jsp
有的话,访问的默认主页路径会是appBase/index.jsp
1,定义2个不同路径index.jsp;appBase都是/www/bbs
[root@host2 conf]# cat /www/bbs/index.jsp
<%@ page language="java" %>
<%@ page import="java.util.*" %>
<html>
<body>
<% out.println("/www/bbs/index.jsp"); %>
</body>
</html>
---
[root@host2 conf]# cat /www/bbs/ROOT/index.jsp
<%@ page language="java" %>
<%@ page import="java.util.*" %>
<html>
<body>
<% out.println("/www/bbs/ROOt/index.jsp"); %>
</body>
</html>
[root@ho
2,注释掉path=""的context,重启访问,访问的是/www/bbs/ROOT/index.jsp
<Host name="www.bbs.com" appBase="/www/bbs"
unpackWARs="true" autoDeply="true">
<!-- <Context path="" docBase="" reloadable="true"/> -->
<Context path="/img" docBase="img" reloadable="true"/>
3,取消注释,重启访问,访问的是/www/bbs/index.jsp
<Host name="www.bbs.com" appBase="/www/bbs"
unpackWARs="true" autoDeply="true">
<Context path="" docBase="" reloadable="true"/>
<Context path="/img" docBase="img" reloadable="true"/>
webapp目录结构
官方示例
1,下载war包到webapps目录下,重启tomcat,会自动展开war包为目录
# 下载
[root@host2 webapps]# wget https://tomcat.apache.org/tomcat-8.5-doc/appdev/sample/sample.war
# 重启
[root@host2 webapps]# catalina.sh stop
[root@host2 webapps]# catalina.sh start
# 展开后目录为sample
[root@host2 webapps]# ll
total 12
drwxr-x--- 16 root root 4096 Sep 2 14:56 docs
drwxr-x--- 6 root root 83 Sep 2 14:56 examples
drwxr-x--- 5 root root 87 Sep 2 14:56 host-manager
drwxr-x--- 5 root root 103 Sep 2 14:56 manager
drwxr-xr-x 3 root root 34 Sep 3 11:24 pc
drwxr-x--- 3 root root 283 Sep 2 14:56 ROOT
drwxr-x--- 5 root root 86 Sep 3 18:33 sample
-rw-r--r-- 1 root root 4606 May 1 2018 sample.war
2,浏览器访问
一般目录结构
- /WEB-INF,该webapp下私有资源目录,浏览器无法访问,通常包含web.xml
- /WEB-INF/classes,该webapp自有类
- /WEB-INF/lib,该webapp能打包成jar格式的类
- /META-INF,非标准webapp目录,可以有自定义的context.xml
[root@host2 webapps]# ll sample
total 8
-rw-r----- 1 root root 376 Jul 30 2007 hello.jsp
drwxr-x--- 2 root root 24 Sep 3 18:33 images
-rw-r----- 1 root root 636 Jul 30 2007 index.html
drwxr-x--- 2 root root 44 Sep 3 18:33 META-INF
drwxr-x--- 4 root root 47 Sep 3 18:33 WEB-INF
# sample例子的展开后目录结构,
[root@host2 webapps]# ll sample/WEB-INF/
total 4
drwxr-x--- 3 root root 23 Sep 3 18:33 classes
drwxr-x--- 2 root root 6 Sep 3 18:33 lib
-rw-r----- 1 root root 813 Jul 30 2007 web.xml
# 类和jar包目录 web.xml
部署webapp方式
-
将打好的war包,防止webapps目录下,重启tomcat,war包会自动展开(因为unpackWARs="true"配置)
-
在webapps下,根据目录结构创建对应的目录文件
-
[root@host2 webapps]# ls pc/ img index.jsp [root@host2 webapps]# mkdir pc/WEB-INF/{classes,lib} -pv mkdir: created directory ‘pc/WEB-INF’ mkdir: created directory ‘pc/WEB-INF/classes’ mkdir: created directory ‘pc/WEB-INF/lib’ [root@host2 webapps]# tree pc pc ├── img │ └── index.jsp ├── index.jsp └── WEB-INF ├── classes └── lib img为实验时目录
-
server.xml配置文件
官方配置文档:
http://tomcat.apache.org/tomcat-8.5-doc/config/index.html
tomcat配置都是xml文件,
catalina_home与catalina_base
单tomcat实例时,两者一致
多实例时,区别参见http://tomcat.apache.org/tomcat-8.5-doc/RUNNING.txt
默认配置
[root@host2 conf]# cat server.xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
# 定义管理端口,定义关闭指令
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
# 在server之下,定义多个listener
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
# 用户管理页认证相关
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
# 定义一个catalina的service
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation. The default
SSLImplementation will depend on the presence of the APR/native
library and the useOpenSSL attribute of the
AprLifecycleListener.
Either JSSE or OpenSSL style configuration may be used regardless of
the SSLImplementation selected. JSSE style configuration is used below.
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />
</SSLHostConfig>
</Connector>
# 上面在catalina的service内,定义了3个connector
-->
<!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the APR/native implementation which always uses
OpenSSL for TLS.
Either JSSE or OpenSSL style configuration may be used. OpenSSL style
configuration is used below.
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
certificateFile="conf/localhost-rsa-cert.pem"
certificateChainFile="conf/localhost-rsa-chain.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
# 又定义个ssl的connector
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<!--
<Connector protocol="AJP/1.3"
address="::1"
port="8009"
redirectPort="8443" />
-->
# 定义ajp的connector
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
# 定义一个engine
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
# 定义个虚拟主机,localhost,appBase定义网页目录的位置,uppackwars是否自动解压war包,autoDeploy是否自动部署
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
# 定义单点登陆sso相关的valve
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
# 日志相关valve
</Host> # 一个engine内部多个host
</Engine> # 一个service内部唯一的engine
# service内部,定义多个connector和唯一的engine
</Service> # 一个server内可以有多个service
</Server> #定义server,一个tomcat实例
server
<Server port="8005" shutdown="SHUTDOWN">
...
</Server>
# 定义8005为管理端口;
# 关闭信号对应字符串为SHUTDOWN,telnet连接后可发送该字串关闭tomcat
# 向下,可以有多个service
# 一些属性
className,实现server的类,没写就是默认的org.apache.catalina.core.StandardServer
service
<Service name="Catalina">
...
<Service>
# 定义一个service,名为Catalina,向下,可以封装多个connector和一个engine
# 一些属性
className,实现service的类,没写就是默认的org.apache.catalina.core.StandardService
name 是名字
excutor
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
# 在service下一级,位置在connector之上,方便connector引用
# connector可以自己定义线程池
# 给service内部其他组件,提供线程池
# 默认没有写明,
# 默认配置如上
一些属性:
className 实现excutor的类名
默认是org.apache.catalina.core.StandardThreadExecutor
name 该线程池名字,其他组件用名字引用
threadPriority 线程优先级,默认5
daemon 线程是否daemon方式运行
namePrefix 线程的名称前缀,线程名:namePrefix+线程序号
maxThreads 最大线程数
minSpareThreads
maxIdleTime 空闲超过该时间的线程会被杀掉
maxQueueSize 可执行任务最大队列
prestartminSpareThreads 启动excutor是否立刻创建最小空闲个数的线程,默认为false,即需要时创建
# connector中引用上步线程池
<Connector executor="tomcatThreadPoll" .../>
connector
- 一个engine内部可以有多个connector
- 如http1.1 http2 ajp,都定义一个connector
- 通过connector接收请求,并返回
- ajp通信协议 专用于前端是apache做web的情况
- tomcat可以同时担当静态web和动态应用服务器
- 但为了效率,一般只处理动态,静态交给前端的静态web服务器
一、定义http1.1的connector
详细连接器属性见官网:http://tomcat.apache.org/tomcat-8.5-doc/config/http.html
定义该connector表示tomcat可以接收http的web请求,每个请求由一个独立线程服务,并发超过maxtreads时,会排队,超过acceptCount指定的值后会拒绝
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="200000" redirectPort="8443" />
常用的http连接器属性:
- address 监听地址,默认为所有地址
- maxThreads 最大并发数,因为一个并发请求占用一个线程
- acceptCount 等待队列最大长度,所有线程繁忙时,再发的请求会放在队列等候
- port 监听端口
- protocol 默认http1.1
- redirectport,请求是https流量,就转发到改端口
- connectionTimeout 连接超时时间
- keepAliveTimeout 长连接超时时间
- enableLookups 是否反解出客户端主机名,默认true,应为false,没必要
- compression 是否压缩
- usesendfile 是否启用sendfile
二、启用ssl属性的连接器
<Connector port="8443"
maxThreads="150" minSpareThreads="25" enableLookups="false" ... scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />
engine
engine属于容器类,是分析协议的引擎,通过一个或多个connector接收请求,转发给对应的虚拟主机,并最终返回响应数据给connector,由connector转给客户端
一个service只能由一个engine,需定义在connector后面
1,示例
<Engine name="Catalina" defaultHost="localhost" jvmRoute="tomcat1">
</Engine>
#定义了而ngine的名字,和默认的虚拟主机
2,常用属性
- className 实现engine的类,默认为org.apache.catalina.core.StandardEngine
- defaultHost 指定默认虚拟主机
- name engine的名字
- jvmRoute 多个tomcat组成负载均衡集群时,该属性指定了该tomcat的标识符,会追加在session尾部,前端通过该标识符转发到对应的tomcat实例上,需在tomcat实例之间具有唯一性
host
一个engine之下,可以定义多个host,每个host就是一个虚拟主机,被匹配到的host从engine处接收请求,进行处理;必须定义一个默认虚拟主机,其名字和engine里defaultHost指定的名字一致
1、示例
<Host name="www.pc.com" appBase="/www/pc" unpackWARs="true" autoDeploy="true">
<Alias> pc.com </Alias> # 主机名别名
...
</Host>
2、常用属性
- className 实现host容器的类,默认org.apache.catalina.core.StandardHost
- name 虚拟主机主机名,支持通配符*
- appBase 此虚拟主机的webapps存放目录
- autoDeploy 是否自动部署程序包
- unpackWARS 是否展开war包
- workDir 该虚拟主机的临时工作目录
context
注:一个context就是一个webapp!
webapp部署方式:1、打成war包;2、依据目录结构创建对应目录
在一个虚拟主机中,必须有一个path=""的context,代表了该虚拟主机的默认webapp,
<Host name="www.pc.com" appBase="/www/pc">
<Context path="" docBase=""/>
# 有该context,访问www.pc.com时,响应的是/www/pc/index.jsp
# 无该context时,访问www.pc.com时,响应的是/www/pc/ROOT/index.jsp
<Context .../>
</Host>
常见属性
- className:实现context的类,
- cookies:启用cookie标识session
- path:请求的uri,类似nginx的location后的路径
- docBase:该webapp的所在目录
嵌套类realm
定义的是如何验证用户和组的身份,常见的实现有:
- JAASRealm:基于java authintication and authorization service实现
- JDBCRealm:基于jdbc访问某关系型数据库实现用户认证
- UserDatabaseRealm:基于userdatabase文件实现用户认证,一般是tomcat-user.xml
- ...
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
# 默认定义的realm为userdatabase
嵌套类valve
官方:http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html
valve意为阀门,类比nginx的指令,通过配置valve可以实现像nginx指令类似的日志定义,访问控制,并发限制等
常用的valve:
- AccessLogValve 访问日志相关
- JDBCAccessLogValve 将日志通过jdbc发送到数据库
- RemoteAddrValve 基于远程主机的访问控制
- RemoteHostValve 基于主机名的访问控制
- SingleSingOn 单点登陆相关
- ...
remoteaddrvalve示例:
<Context privileges="true" path="/pc" docBase="pc">
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.0\.0\.1"/>
</Context>
默认的日志valve示例
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
# 定义了日志的路径、格式、前缀,后缀