Comparing Apache Tomcat and TomEE

We downloaded Tomcat 7.0.27 and TomEE 1.0.0 and did a quick comparison. Here are the differences we found. The distributions being compared are apache-tomcat-7.0.27.tar.gz and apache-tomee-1.0.0-webprofile.tar.gz.

1. Tomcat is 7,467 KB. TomEE is 27,702 KB.

2. TomEE catalina.bat/catalina.sh has added the OpenEJB javaagent.

3. TomEE server.xml has the extra listener org.apache.tomee.catalina.ServerListener.

4. Tomcat has a lot more MIME mappings. We are not sure why. Could this simply have been overlooked?

5. TomEE has removed

lib/annotations-api.jar
lib/el-api.jar
webapp/examples/

6. TomEE has added

bin/service*
bin/tomee.*
conf/system.properties
conf/tomee.xml
webapp/tomee/

7. TomEE has added the following libraries. We suggest you review these new libaries to make sure it doesn’t create conflicts with your existing application.

endorsed/annotation-api.jar
endorsed/jaxb-*.jar
lib/bval-*.jar
lib/commons-*.jar
lib/geronimo-*.jar
lib/gson-2.1.jar
lib/howl-1.0.1-1.jar
lib/hsqldb-2.2.4.jar
lib/javaee-api-6.0-3-tomcat.jar
lib/javassist-3.15.0-GA.jar
lib/jaxb-impl-2.2.5.jar
lib/kahadb-5.5.1.jar
lib/mbean-annotation-api-4.0.0.jar
lib/myfaces-*.jar
lib/openejb-*.jar
lib/openjpa-asm-shaded-2.2.0.jar
lib/openwebbeans-*.jar
lib/quartz-2.1.3.jar
lib/scannotation-1.0.2.jar
lib/serp-1.13.1.jar
lib/slf4j-*.jar
lib/swizzle-stream-1.6.1.jar
lib/tomee-*.jar
lib/wsdl4j-1.6.2.jar
lib/xbean-*.jar

Here’s the screenshot of the differences using Araxis Merge.

Java Service Restart Script

Here’s a Bash script that can stop and start a Java service.

#/bin/bash

PID=$(cat app.pid)
kill $PID
java -jar app.jar &
echo $! > app.pid

The file app.jar is an executable jar file.

jQuery Ajax Timeouts with Spring Security

Here’s how we handled Ajax timeouts with Spring Security.

In your login controller, set response status to 401.

	@RequestMapping(value = "login", method = RequestMethod.GET)
	public void login(HttpServletResponse response) {
		...

		response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
	}

In your Ajax error callback, check for the 401 code and redirect to a page that is not the login page. If we redirect to the login page, Spring Security might go to Ajax request right after login. You can redirect to a secure page to effectively get the login page.

	$.post(url, $('#id'))
	.success(function(result) {
		...
	})
	.error(function(xhr) {
		if (xhr.status == 401) {
			window.location = 'home';
		} else {
			...
		}
	});