Package org.apache.tomcat.core



Interface Summary
ContextInterceptor Notifications for all context events.
FacadeManager Control for facades - this is the only "gate" between servlets and tomcat.
RequestInterceptor Provide a mechanism to customize the request processing.
ServerConnector This is the adapter between the servlet world and the protocol implementation.
ServletLoader Handle servlet and resource reloading

Class Summary
BufferedServletInputStream Default implementation use RequestAdapter to read data.
BufferedServletOutputStream Works only if you extend ResponseImpl and override doWrite() - all other implementations of Response should provide their own Stream
Container A group of resources, with some common properties.
Context Context represent a Web Application as specified by Servlet Specs.
ContextManager ContextManager is the entry point and "controler" of the servlet execution.
Handler The class that will generate the actual response.
ServletWrapper Class used to represent a servlet inside a Context.

Exception Summary
TomcatException General Tomcat exception

Package org.apache.tomcat.core Description


Internal representations, containing various attributes associated with the request during processing.
Request processing involves several stages - parsing, matching using url patterns, authentication and authorization, calling the handler and various callbacks before, after and during the handler. An interceptor defines callbacks ( or hooks ) for one or several actions and is able to alter that function. In fact, most of the processing logic is implemented as interceptor callbacks, in an event-based system.
Context, Container
Container represents a group of URLs sharing common properties like handler, security, normal properties. Context is a particular case that is associated with a web application and keeps all the properties defined in the spec. We are slowly moving toward use of Container, it can also represent group of contexts, virtual hosts, etc. It is not a good idea to introduce sub-classes for every type of group, the isA property is not allways clearly cut.
A normal servlet or JSP, plus all the surounding logic.
For every object exposed in the servlet specification tomcat use a Facade. It have few important advantages:

Authentication and Authorization

Required steps:

  1. Find if the request needs authorization.
  2. Check if the request have the right credentials - if not generate 401 unauthorized.
  3. The normal error processing takes place: we can register special 401 error handler that will implement the desired auth method

The model we used is JAAS - the authenticator is a separate module that will find if enough credentials are available. We use a "normal" tomcat module to "glue" between an auth API ( like JAAS or memoryRealm or catalina Realm if needed ) and tomcat's internal representation of request. ( no "callbacks" yet - just static util functions to extract credentials from request. )

We provide a simple implementation for standalone tomcat.:

In "production" mode we expect tomcat to be integrated with various systems. Most web servers are using a similar mechanism - as long as the server is handling the static files we need to let him deal with authorization/authentication. The only special case is Form based login, where the connector should forward the request to tomcat. ( no complete implementation yet ).

Copyright 2000 Apache Software Foundation. All Rights Reserved.