Tomcat container structure and pipeline mechanism-How far can we go series (13)

How far can we go series (13)

Nonsense:

If I have the opportunity to spend some time, I will watch the TV program of my previous job. I personally think it is more helpful than other entertainment programs. My main concern is people's values, because only by understanding others' values, that is, what others want, can they communicate with them better to achieve their goals. I think everyone has heard of it,InspirationalNiu Ren said: He wants someone to give you what he wants and talk about what he wants.

Sometimes, "Shen Yan" is a good habit of listening more and observing more, just like the lines in "smell a girl": day we stop looking, is the day we die.

Subject:

It seems a little abrupt to directly learn about Tomcat's valve, so we should first understand a core component of Tomcat, container.
The container receives the parsed internal request from the connector of the previous component and performs a series of logical operations based on the request until it calls the requested servlet, assembles the response, and returns it to the Clint.
The entire process is clear. After all, we probably know about the input and output of Tomcat and can also guess some necessary operations in it.

Let's take a look at the container classification:
Engine
Host
Context
Wrapper
Their respective implementation classes are standardengine, standardhost, standardcontext, and standardwrapper. They are all under the org. Apache. Catalina. core package of Tomcat.

The relationship between them can be viewed in Tomcat server. XML (based on the parent-child relationship between nodes ),This is a metaphor: Except for the minimum wrapper, it cannot contain other container. There can be zero or multiple wrapper in the context, and zero or multiple hosts in the host, the engine can have zero to multiple hosts.

In tomcat6, the standard container directly inherits the abstract class:Org. Apache. Catalina. Core. containerbase:

 

SlaveContainerbaseSome method names in this class can be used to see how the operations included and included between containers are implemented. These are the methods provided by container:

Public VoidAddchild (container child)PublicContainer findchild (string name)PublicContainer [] findchildren ()PublicObjectname [] getchildren ()PublicContainer getparent ()PublicObjectname getparentname ()Public VoidRemovechild (container child)
 

Of course, the implementation of a container is complicated. Skip it first and you will have a chance to come back and learn it in the future.

Pipeline mechanism:

Its structure and implementation are worth learning and learning.

Let's take a look at the flowchart from the Network (a good figure ):

A good figure. You can see about the Tomcat running status from a single view. Haha.

First, you must understand that each type of iner has its own standardvalve
The four containers correspond to the following:
Standardenginevalve
Standardcontextvalve
Standardhostvalve
Standardwrappervalve

Some people compare vavle to filter, while pipeline to filter chain.In fact, it is quite appropriate. Here is my understanding:

Start:
In the service method of coyoteadapter, the following sentence enters the container.
Connector. getcontainer (). getpipeline (). getfirst (). Invoke (request, response );
Yes, this is the door to the iner maze. Welcome to container.

Pipeline (note the line of the pipeline shown above ):

Pipeline is like a production line in a factory. It is responsible for allocating the locations of the Workers (valve), while valve is responsible for different operations on the production line.
Two steps are required to complete a production line:
1. Transport raw materials to workers
2. workers complete their own responsibilities

The pipeline Implementation of Tomcat is as follows:
1. After the first worker on the production line obtains the raw materials for production, the worker will give the next worker without saying anything. The next worker will give the next worker the same way as the first worker until the last worker, the last worker was scheduled to run the standardvalve mentioned above to deliver the production data to the pipeline of its own iner.
2. Four containers are equivalent to four production lines (pipeline). The four pipelines do this until the final standardwrappervalve gets the resource and starts to call the servlet. After the operation is complete, the valve step by step is executed in reverse order according to the order in which the raw materials are lost. This completes the pipeline mechanism of Tomcat.

End:

After all the vavle operations are completed, the entire response is complete.

For pipeline, let's look at the source code:

A standardvalve

From org. Apache. Catalina. Core. standardenginevalveInvokeMethod:

 Public   Final   Void  Invoke (request, response) Throws  Ioexception, servletexception {  //  Get the host Host host = Request. gethost ();  If (Host = Null  ) {Response. senderror (httpservletresponse. SC _bad_request, Sm. getstring ( "Standardengine. nohost" , Request. getservername ()));  Return  ;} //  The last worker on his own pipeline is responsible for transporting raw materials to a pipeline.  //  This is the key to concatenating all pipelines.  Host. getpipeline (). getfirst (). Invoke (request, response );} 

A common valve

From org. Apache. Catalina. Valves. errorreportvalveInvokeMethod:

 Public   Void  Invoke (request, response)  Throws  Ioexception, servletexception {  // The raw material is discarded to the next vavle for execution. This is the key to concatenating all vavle into a pipeline.  Getnext (). Invoke (request, response );  //  Wait until all the above valve has been executed to start your real work: Throwable = (Throwable) request. getattribute (globals. exception_attr );  If  (Response. iscommitted ()){  Return  ;}  If (Throwable! = Null  ){ //  The response is an error  Response. seterror ();  //  Reset the response (if possible)              Try  {Response. Reset ();}  Catch  (Illegalstateexception e) {;} response. senderror (httpservletresponse. SC _internal_server_error);} response. setsuincluded (  False  );  Try {Report (request, response, throwable );}  Catch  (Throwable TT ){;}} 

 

The above describes the pipeline mechanism. I wonder if you have any questions (I have it): whether the vavle is executed before or after the servlet, the example of the source code above seems to be executed later? Not necessarily,Taking remoteaddrvalve as an example:

Remoteaddrvalve can be accessed Based on IP addresses.ArticleSome network configuration steps are attached.

Remoteaddrvalve source code:

 Package  Org. Apache. Catalina. valves;  Import  Java. Io. ioexception;  Import Javax. servlet. servletexception;  Import  Org. Apache. Catalina. connector. request;  Import  Org. Apache. Catalina. connector. response;  Public   Final   Class  Remoteaddrvalve  Extends  Requestfiltervalve {  //  ----------------------------------------------------- Instance variables      /** * The descriptive information related to this implementation.  */      Private   Static   Final String info = "org. Apache. Catalina. Valves. remoteaddrvalve/1.0" ;  //  --------------------------------------------------------------- Properties      /**  * Return descriptive information about this valve implementation.  */      Public String getinfo (){  Return  (Info );}  //  ----------------------------------------------------------- Public methods      /**  * The invoke method is called.  */      Public   Void  Invoke (request, response)  Throws  Ioexception, servletexception {  // After calling the process method of the parent class, let's look at the situation of the parent class.  Process (request. getrequest (). getremoteaddr (), request, response );}} 

The parent classProcess Method:

Protected VoidProcess (string property, request, response)ThrowsIoexception, servletexception {//In the next valve, the isallowed (property) method is used to restrict the IP address.If(Isallowed (property) {getnext (). Invoke (request, response );Return;}//Access is restricted and errors are reported.Response. senderror (httpservletresponse. SC _forbidden );}
 

 

Only the specified host or IP address can access applications deployed in Tomcat. Tomcat provides two parameters for you to configure: remotehostvalve and remoteaddrvalve. The former is used to restrict host names, and the latter is used to restrict IP addresses.

By configuring these two parameters, you can filter the requested host or IP address and allow or deny the Host IP addresses.

1. Global settings, effective for all applications under Tomcat

Add the following line to server. xml and restart the server:

 
<ValveClassname= "Org. Apache. Catalina. Valves. remoteaddrvalve"Allow= "192.168.1 .*"Deny= ""/>
 

Note: This row is placed before

Example:

1. Only access from 192.168.1.10 is allowed:

<Valve Classname= "Org. Apache. Catalina. Valves. remoteaddrvalve"Allow= "192.168.1.10"Deny= ""/>
 

2. Only access from 192.168.1. * network segment is allowed:

 
<ValveClassname= "Org. Apache. Catalina. Valves. remoteaddrvalve"Allow= "192.168.1 .*"Deny= ""/>
 

3. Only access from 192.168.1.10 and 192.168.1.30 is allowed:

<ValveClassname= "Org. Apache. Catalina. Valves. remoteaddrvalve"Allow= "192.168.1.10, 192.168.1.30"Deny= ""/>
 

4. restrictions based on the host name:

 
<ValveClassname= "Org. Apache. Catalina. Valves. remotehostvalve"Allow= "Abc.com"Deny= ""/>
 

2. Set local settings only for specific applications based on the project Configuration:

1. Use the XML file in the conf directory to configure $ {tomcat_root} \ conf \ proj_1.xml
2. directly set $ {tomcat_root} \ conf \ Server. XML in server. xml.
Add the following line before </context> of the project corresponding to the preceding file:

 
<ValveClassname= "Org. Apache. Catalina. Valves. remoteaddrvalve"Allow= "192.168.1 .*"Deny= ""/>
 

Summary:

1. The pipeline mechanism is like a configurable queue, similar to the implementation method of the linked list. Useful and reliable.

2. The valve configuration is also a specific part of Tomcat configuration and is of practical value.

 

Let's move on

----------------------------------------------------------------------

 

the effort may fail, but the failure will certainly fail.
mutual encouragement