September 6, 2022

Tomcat 9 Overview: Key Features and Considerations

Tomcat

Although Tomcat 9 is not the most recent major release — Tomcat 10 became available in July of 2022 — it's still supported by the Tomcat community and is not yet end of life.

First introduced in 1999, Apache Tomcat is a web server and Java servlet container that many enterprises rely on as a critical infrastructure tool. Tomcat is a popular alternative to proprietary software among Java teams because it's developer-friendly and lightweight, and can be deployed for basically anything that is user-facing.

In this blog, we'll look at how Tomcat 9 differs from both earlier and later Tomcat releases and what to consider before migrating.

About the Apache Tomcat 9 Release
Tomcat 9 Notable Changes and Additions
Migration Considerations for Tomcat 9
Final Thoughts on Tomcat 9

About the Apache Tomcat 9 Release

Tomcat 9 Release Date

Apache Tomcat 9.0.1 was released on October 4, 2017. The current version available is 9.0.65, which was released on July 20, 2022.

End of Life

The average lifetime for a Tomcat release is about 10 years, but this is always subject to change and nothing is written in stone yet for Tomcat 9.x.

Before You Upgrade to Tomcat 9

One of the biggest things to consider when upgrading to a newer branch of Tomcat is that you cannot copy over configuration files from the previous version. Tomcat insists that you start fresh with the new configuration file and adjust accordingly. Java 8 is required, but you can certainly use newer versions of Java to help future-proof your Tomcat environment.

Tomcat 9 Notable Changes and Additions

Like many open source producers, Tomcat provides major branch upgrades as well as new features that are incorporated into the package. When Tomcat 9 was released, there were several notable upgrades and requirements (like Java 8) that merited a whole new version numbering.

Bundled APIs

When it comes to the specification APIs, Tomcat 9 includes upgrades to the servlet, JSP, EL, and WebSocket versioning. There is now support for Servlet 4.0, Java Server Pages 2.3, Java Unified Expression Language 3.0, and Java API for WebSocket 1.0. For Servlet 4.0 APIs, pages using wildcard import syntax with the new classes added to Servlet API may conflict with ones in web apps. Here's the complete list from the release notes:

annotations-api.jar (Annotations package)
catalina.jar (Tomcat Catalina implementation)
catalina-ant.jar (Tomcat Catalina Ant tasks)
catalina-ha.jar (High availability package)
catalina-ssi.jar (Server-side Includes module)
catalina-storeconfig.jar (Generation of XML configuration from current state)
catalina-tribes.jar (Group communication)
ecj-4.20.jar (Eclipse JDT Java compiler)
el-api.jar (EL 3.0 API)
jasper.jar (Jasper 2 Compiler and Runtime)
jasper-el.jar (Jasper 2 EL implementation)
jsp-api.jar (JSP 2.3 API)
servlet-api.jar (Servlet 4.0 API)
tomcat-api.jar (Interfaces shared by Catalina and Jasper)
tomcat-coyote.jar (Tomcat connectors and utility classes)
tomcat-dbcp.jar (package renamed database connection pool based on Commons DBCP 2)
tomcat-jdbc.jar (Tomcat's database connection pooling solution)
tomcat-jni.jar (Interface to the native component of the APR/native connector)
tomcat-util.jar (Various utilities)
tomcat-websocket.jar (Websocket 1.1 implementation)
websocket-api.jar (Websocket 1.1 API)

Support for HTTP/2

Full HTTP/2 support is available for the first time in Tomcat 9. This version is significantly faster than HTTP/1.1, allowing you to serve content directly to a web browser and bypass the need for an actual web server entirely. An SSL/TLS certificate is required for this to work as a prerequisite, and the following line of code will enable HTTP/2 in your Tomcat SSL configuration:

<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />

A more complete example might look like the following code block:

<Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol"
               maxThreads="150" SSLEnabled="true" >
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeyFile="conf/key.pem"
                         certificateFile="conf/cert.pem"
                         certificateChainFile="conf/chain.pem"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>

Support for OpenSSL for TLS

As mentioned previously, the biggest advantage of using Tomcat with TLS/SSL is that Tomcat can be run as a standalone server, reducing the amount of infrastructure needed in your environment. When used primarily as a Servlet/JSP container behind a web server such as Apache HTTPd, it is typically necessary to configure the primary web server to handle TLS/SSL. This web server negotiates authentication and then passes or proxies requests back to Tomcat. Because of Java’s capabilities through JCE/JCA, Java can provide cryptographic functions itself using JSSE. The built in SunJCE includes support for various SSL/TLS versions.

Migration Considerations for Tomcat 9

When deciding whether to upgrade your Tomcat deployment, there are several factors to consider based on your particular circumstances and environment.

Tomcat 9 vs. Tomcat 8

If you are stuck using JDK 7 now, the requirement of Java 8 or later would prevent you from upgrading to Tomcat 9. Or if your infrastructure is somewhat fragile, it might make sense to use the years left in the life cycle of Tomcat 8 to plan your migration out in detail as well as prepare for the worst-case scenarios.

Tomcat 9 vs. Tomcat 10

With the additional features and options found in Tomcat 10, there is naturally some variant overhead that may or may not impact performance, and it may not be particularly imperative to upgrade to the latest and greatest right now. Perhaps you don’t need the new features just yet, or you need more time to test out the configuration changes between 9 and 10. Thankfully, while there is an eventual need to move to Tomcat 10 once 9 has become end of life, the community is still willing to support Tomcat 9.

Final Thoughts on Tomcat 9

As discussed in my blog about Tomcat 10, the biggest consideration for upgrading is doing proper testing in dev of your old configuration settings with the new configuration files for Tomcat 9. It’s not feasible to copy over your old working configuration into the new Tomcat 9 configuration, so as always, test, test, test. Upgrading to a newer version of Java can come with similar complications, so make sure your application meets the requirements of both Tomcat 9 and Java 8, respectively. I also recommend checking out this Tomcat migration tool created by Apache before upgrading to Tomcat 9.

Get Dependable Support for Your Tomcat Deployment
OpenLogic provides award-winning, SLA-backed technical support and services for Apache Tomcat. Our experienced enterprise architects can quickly diagnose and solve even the trickiest Tomcat issues.
See Tomcat Support Options

Additional Resources

Resource Hub - Apache Tomcat Overview
White Paper - Enterprise Guide to Apache Tomcat
Blog - Beginner's Guide to Tomcat Memory Configuration
Blog - Tomcat Configuration Tips and Tricks
Blog - 5 Apache Tomcat Performance Best Practices
Blog - Apache Tomcat Clustering: The Ultimate Guide
Blog - Tomcat vs. TomEE: Comparing Specifications and Use Cases
Blog - Preparing for Your Next Tomcat Upgrade
Blog - What Is Apache Tomcat?
Blog - Apache Tomcat 7: EOL Dates and Considerations
Blog - Apache Tomcat 8: Overview, Clustering, and More
Blog - Apache Tomcat 10: Key Considerations for Deployment
Blog - Apache Tomcat Security Best Practices
Blog - How Performance Testing is Changing in 2022

CentOS Guide for Enterprise