Re: First day - RE: PROPOSAL: Tomcat docs
On Sat, Jul 07, 2001 at 09:37:55AM -0700, Craig R. McClanahan wrote: We might not need to spend as much time on the generic how to build a web application stuff, now that other resources are available -- and focus on the stuff that is important for configuration, like all the stuff that goes into server.xml. I agree. There's already plenty of Servlets/Webapps documentation, including your App Dev Guide. I see the need for the following documents: Standalone Installation Guide Installation Behind a Web Server Guide Administrator's Guide Developing Tomcat Guide See my post DOC: Table of Contents for more details. (More details than you want, probably :-) -- Alex Chaffee mailto:[EMAIL PROTECTED] jGuru - Java News and FAQs http://www.jguru.com/alex/ Creator of Gamelan http://www.gamelan.com/ Founder of Purple Technology http://www.purpletech.com/ Curator of Stinky Art Collective http://www.stinky.com/
RE: First day - RE: PROPOSAL: Tomcat docs
See my post DOC: Table of Contents for more details. (More details than you want, probably :-) Not a lot of comments so far... I guess Monday morning =) - r
Re: First day - RE: PROPOSAL: Tomcat docs
Glenn Nielsen wrote: Antony Bowesman wrote: 8. Security How about 8.1 Concepts - Explanation of J2EE and Java 2 security models 8.2 Authentication with Realms 8.2.1 Simple realm 8.2.2 JDBC Realm 8.2.3 Custom realms 8.3 Authorization 8.3.1 J2EE role based In particular, it should try to explain in simpler terms than the API spec how J2EE roles are designed to work, covering the mapping from developer roles to deployment roles. 8.3.2 Java 2 security policy I would break the above into two sections. Access Control (for all the Realm based access control) and Server Security (for configuring and using Tomcat with the Java SecurityManager) These really are two completely different topics. And use of Realms isn't Security, it is Access Control. Not sure I'd agree with your removal of Java Security Manager from a chapter about access control. The first line of the JavaTM 2 Platform Security Introduced: document at http://java.sun.com/j2se/1.3/docs/guide/security/index.html says * Policy-based, easily-configurable, fine-grained access control Access control is one element of securing a server, as is authentication, encryption, non repudiation, SSL etc. Access control is performed by Java 2 security manager as well as J2EE and they compliment each other. JAAS (JDK1.3 extension) which extends the Java 2 model and which is now included in JDK1.4 extends the Java 2 security model to provide principal based access control on top of code source. So access control is firmly part of Java security. There should be additional sections on 'server security' that includes configuring the server for use with SSL. Antony
RE: First day - RE: PROPOSAL: Tomcat docs
11. Load-balancing No idea how to do load-balancing in Tomcat, what I know is that it can be done through mod_jserv and mod_jk mod_jserv support fault-tolerant and load-balancing mode. original mod_jk support only load-balancing but a recent patch (found in J-T-C) allow you to configure mod_jk in fault-tolerant only. ie when you have a cluster of tomcat be sure that all requests will goes to primary tomcat (worker) and backup tc will be use only in case of failure of the primary. I'm very happy to see how people respond to documentations and all this preliminary organisation. Question what about having a more detailed coverage of Tomcat's architecture ? ie: How to write TC 3.3 Interceptors, write 4.0 filters, writing realms. Final question will be who will be ready to participate in jakarta-tomcat-documentation (J-T-D). What about creating the jakarta-tomcat-documentation cvs and then vote for commiters on that CVS (and maybe only on that CVS) ?
Re: First day - RE: PROPOSAL: Tomcat docs
Antony Bowesman wrote: Glenn Nielsen wrote: Antony Bowesman wrote: 8. Security How about 8.1 Concepts - Explanation of J2EE and Java 2 security models 8.2 Authentication with Realms 8.2.1 Simple realm 8.2.2 JDBC Realm 8.2.3 Custom realms 8.3 Authorization 8.3.1 J2EE role based In particular, it should try to explain in simpler terms than the API spec how J2EE roles are designed to work, covering the mapping from developer roles to deployment roles. 8.3.2 Java 2 security policy I would break the above into two sections. Access Control (for all the Realm based access control) and Server Security (for configuring and using Tomcat with the Java SecurityManager) These really are two completely different topics. And use of Realms isn't Security, it is Access Control. Not sure I'd agree with your removal of Java Security Manager from a chapter about access control. The first line of the JavaTM 2 Platform Security Introduced: document at http://java.sun.com/j2se/1.3/docs/guide/security/index.html says * Policy-based, easily-configurable, fine-grained access control Access control is one element of securing a server, as is authentication, encryption, non repudiation, SSL etc. Access control is performed by Java 2 security manager as well as J2EE and they compliment each other. JAAS (JDK1.3 extension) which extends the Java 2 model and which is now included in JDK1.4 extends the Java 2 security model to provide principal based access control on top of code source. So access control is firmly part of Java security. There should be additional sections on 'server security' that includes configuring the server for use with SSL. I have seen the general term 'security' used instead of a more descriptive term like SSL Encryption, SecurityManager, or Access Control. My point is that these are very different things, and the documentation should be constructed so that users use those terms rather than the general term Security. Security Overview - types of security J2EE Security Model User Access Control (Realms roles) Java SecurityManager SSL Data Encryption Yes, JAAS can be used to control access for executing code based on what role the user is in. At this point there is no support in Tomcat for JAAS. There are two ways I see JAAS being used within Tomcat sometime in the future. 1. Policy based JAAS access control to Tomcat's manager or admin servlet. 2. Some Policy configuration tool for webapps that supports normal Java SecurityManager configuration and JAAS policy based access control. Regards, Glenn -- Glenn Nielsen [EMAIL PROTECTED] | /* Spelin donut madder| MOREnet System Programming | * if iz ina coment. | Missouri Research and Education Network | */ | --
Re: First day - RE: PROPOSAL: Tomcat docs
Glenn, Glenn Nielsen wrote: Antony Bowesman wrote: Glenn Nielsen wrote: Antony Bowesman wrote: 8. Security How about 8.1 Concepts - Explanation of J2EE and Java 2 security models 8.2 Authentication with Realms 8.2.1 Simple realm 8.2.2 JDBC Realm 8.2.3 Custom realms 8.3 Authorization 8.3.1 J2EE role based In particular, it should try to explain in simpler terms than the API spec how J2EE roles are designed to work, covering the mapping from developer roles to deployment roles. 8.3.2 Java 2 security policy I would break the above into two sections. Access Control (for all the Realm based access control) and Server Security (for configuring and using Tomcat with the Java SecurityManager) These really are two completely different topics. And use of Realms isn't Security, it is Access Control. Not sure I'd agree with your removal of Java Security Manager from a chapter about access control. The first line of the JavaTM 2 Platform Security Introduced: document at http://java.sun.com/j2se/1.3/docs/guide/security/index.html says * Policy-based, easily-configurable, fine-grained access control Access control is one element of securing a server, as is authentication, encryption, non repudiation, SSL etc. Access control is performed by Java 2 security manager as well as J2EE and they compliment each other. JAAS (JDK1.3 extension) which extends the Java 2 model and which is now included in JDK1.4 extends the Java 2 security model to provide principal based access control on top of code source. So access control is firmly part of Java security. There should be additional sections on 'server security' that includes configuring the server for use with SSL. I have seen the general term 'security' used instead of a more descriptive term like SSL Encryption, SecurityManager, or Access Control. My point is that these are very different things, and the documentation should be constructed so that users use those terms rather than the general term Security. Yes, I agree there are different elements of security, I don't agree that access control is different to security manager. The difference is that java 2 security, i.e. security manager, is different to J2EE role based access control. Security Overview - types of security J2EE Security Model User Access Control (Realms roles) Java SecurityManager SSL Data Encryption Yes, JAAS can be used to control access for executing code based on what role the user is in. At this point there is no support in Tomcat for JAAS. Not specifically, because the servlet API spec does not support it, however, JAAS is on the list for servlet API spec 2.4 (who knows when that might be!). However, I am currently using JAAS in Tomcat 3 and I know others have JAAS running with tomcat (e.g. Jboss/Tomcat integration) There are two ways I see JAAS being used within Tomcat sometime in the future. 1. Policy based JAAS access control to Tomcat's manager or admin servlet. 2. Some Policy configuration tool for webapps that supports normal Java SecurityManager configuration and JAAS policy based access control. I suspect that when the API spec supports JAAS there will be some kind of getUserSubject() method in the spec that gets the JAAS Subject and the getUserPrincipal() will be deprecated because JAAS supports more than a single Principal. However, as SecurityManager uses the Java 2 security Policy it effectively enable JAAS support as soon as JDK1.4 is released. Tomcat could therefore provide support for the JAAS Subject internally. However, I have seen other comments on this list that Tomcat is trying to support many early versions of JDK so requiring JDK1.4 support might be too difficult. Anyway, SUN are asking for feedback about how JAAS should be implemented in the servlet API spec, so send your comments there, I already have! Rgds Antony
Re: First day - RE: PROPOSAL: Tomcat docs
Question what about having a more detailed coverage of Tomcat's architecture ? ie: How to write TC 3.3 Interceptors, write 4.0 filters, writing realms. Yes, there needs to be a separate Developers' Guide. Here's my first pass at that. I'll be revising my whole TOC as soon as I get some coffee, so don't take this *too* seriously... :-) Part V: Tomcat Development Covers actually writing code for the Tomcat code base. 1. Tomcat 3.x vs 4.x 2. Overview of Tomcat code base 3. Downloading and Building the source code - Using CVS - Downloading - Building - Using Ant 4. Fixing Bugs 5. Developing Interceptors (Tomcat 3.x) 6. Developing Valves (Tomcat 4.x) 7. Developing Connectors - mod_jserv - mod_jk - mod_webapp 8. Using Tomcat Utility Classes Final question will be who will be ready to participate in jakarta-tomcat-documentation (J-T-D). What about creating the jakarta-tomcat-documentation cvs and then vote for commiters on that CVS (and maybe only on that CVS) ? I'm in. -- Alex Chaffee mailto:[EMAIL PROTECTED] jGuru - Java News and FAQs http://www.jguru.com/alex/ Creator of Gamelan http://www.gamelan.com/ Founder of Purple Technology http://www.purpletech.com/ Curator of Stinky Art Collective http://www.stinky.com/
RE: First day - RE: PROPOSAL: Tomcat docs
I'll help for mod_jk connector :) Count me on - Henri Gomez ___[_] EMAIL : [EMAIL PROTECTED](. .) PGP KEY : 697ECEDD...oOOo..(_)..oOOo... PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 -Original Message- From: Alex Chaffee [mailto:[EMAIL PROTECTED]] Sent: Friday, July 06, 2001 5:28 PM To: [EMAIL PROTECTED] Subject: Re: First day - RE: PROPOSAL: Tomcat docs Question what about having a more detailed coverage of Tomcat's architecture ? ie: How to write TC 3.3 Interceptors, write 4.0 filters, writing realms. Yes, there needs to be a separate Developers' Guide. Here's my first pass at that. I'll be revising my whole TOC as soon as I get some coffee, so don't take this *too* seriously... :-) Part V: Tomcat Development Covers actually writing code for the Tomcat code base. 1. Tomcat 3.x vs 4.x 2. Overview of Tomcat code base 3. Downloading and Building the source code - Using CVS - Downloading - Building - Using Ant 4. Fixing Bugs 5. Developing Interceptors (Tomcat 3.x) 6. Developing Valves (Tomcat 4.x) 7. Developing Connectors - mod_jserv - mod_jk - mod_webapp 8. Using Tomcat Utility Classes Final question will be who will be ready to participate in jakarta-tomcat-documentation (J-T-D). What about creating the jakarta-tomcat-documentation cvs and then vote for commiters on that CVS (and maybe only on that CVS) ? I'm in. -- Alex Chaffee mailto:[EMAIL PROTECTED] jGuru - Java News and FAQs http://www.jguru.com/alex/ Creator of Gamelan http://www.gamelan.com/ Founder of Purple Technology http://www.purpletech.com/ Curator of Stinky Art Collective http://www.stinky.com/
Re: First day - RE: PROPOSAL: Tomcat docs
On Wed, 4 Jul 2001, Rob S. wrote: 2) Web Application Developers' Guide - Things to know while developing with Tomcat. The web dev doesn't have to be an admin pro! One decision to be made when actually *writing* this thing is whether you consider the servlet spec to be a required reading prerequisite or not. I'd certainly vote for that, but you'll find that the current App Developer's Guide does cover quite a bit (but not all) of the material from the spec. Another decision is how Tomcat-specific you want to be here. Everything about creating a WAR should be (in theory) portable to *any* server, and we've also covered the admin stuff (i.e. changes to server.xml) in the previous section. Craig
Re: First day - RE: PROPOSAL: Tomcat docs
Antony Bowesman wrote: Punky Tse wrote: Rob, Please see below for rephrased version of Introduction and Administrator Guide. I combined the Introduction and Administrator's Guide to Administrator Guide. Actually this is my proposed TOC. And I believe that we need separate document for different Tomcat servers. e.g. 3.3 and 4.0. snip II. Server Administration 6. Configuring Server 7. Configuring Web Applications 8. Security How about 8.1 Concepts - Explanation of J2EE and Java 2 security models 8.2 Authentication with Realms 8.2.1 Simple realm 8.2.2 JDBC Realm 8.2.3 Custom realms 8.3 Authorization 8.3.1 J2EE role based In particular, it should try to explain in simpler terms than the API spec how J2EE roles are designed to work, covering the mapping from developer roles to deployment roles. 8.3.2 Java 2 security policy I would break the above into two sections. Access Control (for all the Realm based access control) and Server Security (for configuring and using Tomcat with the Java SecurityManager) These really are two completely different topics. And use of Realms isn't Security, it is Access Control. Regards, Glenn -- Glenn Nielsen [EMAIL PROTECTED] | /* Spelin donut madder| MOREnet System Programming | * if iz ina coment. | Missouri Research and Education Network | */ | --
Re: First day - RE: PROPOSAL: Tomcat docs
Rob Punky et al. - This is so cool! I've been working on a TOC on the side for a few weeks, but I see the time has come to let it out to play with the other TOCs :-) I have a few big-picture editorial comments before I do. The installation unit is the most crucial. I think there should be a chapter or series of chapters on installing Tomcat standalone, that covers *everything* or almost everything start-to-finish. Then we also need separate chapters for installing behind each Web server. Then come chapters on administration and advanced configuration issues. We should make it clear that it is *HIGHLY* recommended to install standalone first. This will help the users debug their setups. It will also help us organize the docs. Each behind chapter will assume you've read the standalone chapter(s). Developing Web Applications should be separate from Deploying Web Applications In Tomcat. There needs to be a strong division in the docs between User mode and Developer mode (as someone else mentioned). I'd like to organize this TOC as a little more abstract than a simple table of contents. Each section should be organized to contain not just our original documents, but also a list of other resources on that topic. This will be a good way to get a useful set of docs up and running quickly. In fact, I imagine that many of the chapters will remain unwritten for a while, since there may be existing documents, or articles, or FAQ entries that cover the topic (even if not exclusively). Once we get a list of the chapters we can also list whether the contents would differ between TC3 and TC4. I expect that there are more similarities than differences. For instance, in configuring connectors or deploying webapps or classpath organization. (On classpaths, even though TC4 has a different order of precedence, the explanatory paragraphs will be the same, as will the ones describing classloading inside a web app.) If this expectation bears out, it will be an argument in favor of merging the TC3 and TC4 docs into a single CVS project. In short, I propose that writing a TOC is a very important first step, and that this TOC should live a life of its own as a standalone document, containing links to other docs, and meta-information like links to other docs as well. Right now that doc is in text format, as Punky's rewrite of Rob's TOC. I'll integrate my organizational thoughts and post a revised version soon. I'll use the prefix DOC: in my subject line, which should help us keep these threads straight. - Alex -- Alex Chaffee mailto:[EMAIL PROTECTED] jGuru - Java News and FAQs http://www.jguru.com/alex/ Creator of Gamelan http://www.gamelan.com/ Founder of Purple Technology http://www.purpletech.com/ Curator of Stinky Art Collective http://www.stinky.com/
RE: PROPOSAL: Tomcat docs - was TC4 docs - can we end this?
For the record, I'm going to keep track of the different proposals in a separate doc. For the TC docs - what to include, the glue, etc. I'm no longer participating in the how do we store it or what format do we use discussion =) - r -Original Message- From: Martin van den Bemt [mailto:[EMAIL PROTECTED]] Sent: July 4, 2001 8:32 AM To: [EMAIL PROTECTED] Subject: PROPOSAL: Tomcat docs - was TC4 docs - can we end this? A very big +1, See feedback below.. So please, can we at least START some discussion about the contents of the docs other than we need to write them ? There's a lot of work to be done, and I would imagine that someone knows where a good place is to start. There are x main parts for the documentation : - Why use tomcat, what does it do and what doesn't it do? - Plain Installation and upgrades of the various tomcat versions (and maby jserv upgrade to tomcat) - Connectors and beyond ;-)) Why choose which connector and why don't use a certain connector? - Advanced configuration (what are all the entries for). In this case also some references to technical docs which explain how to start writing eg custom handlers, etc). - Feature list as from tomcat 3 and as from tomcat 4 (group together features and in which versions they appear/dissapear). - a tomcat programmers manual - a tips reference - a faq reference (would be nice if there is a reference to the version it's about or from what version the Question is valid. - An administrator guide for tomcat. Mvgr, Martin van den Bemt
RE: PROPOSAL: Tomcat docs
Has someone got any ideas of how we are gonna gather all the information? I have some things that come to mind, which can be forgotten tomorrow ;-). Maby by using the faq that was around in the jserv erra ;) and add entries there? Or is someone already gonna be a mail repository for this? Maby I can setup a mailinglist on my server for this, until we get things really running. Still fighting with the mailinglist a bit, but if the idea is welcomed, I'll make it a spare time top priority. Mvgr, Martin van den Bemt -Original Message- From: Thomas Bezdicek [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 04, 2001 4:11 PM To: [EMAIL PROTECTED] Subject: AW: PROPOSAL: Tomcat docs More refinements... if i didn't quote it, I agree with it =) BTW, what does AW in a subject line mean? I see it all the time... AW = Antwort which is pretty the same like RE=reply in english, except that it is in german :) Its done by outlock. 0) Introduction to the TC4 container ADD - Requirements (JDK versions, extra libs?, etc.) agree 1) User's Guide (or Administrator's) - Tomcat and different JDK Versions Moved this up to (0) agree 2) web app development w/Tomcat Can't think of a title =) ^ Tomcat Webdeveloper Guide I think we do need to separate out the fact that there are a group of people who will developing/embedding/extending Tomcat, and a group of people that will be developing web applications for Tomcat. As a web developer, I don't care a lot of about Tomcat's internals ;) Ok, but I think it is better to split the pure administrator stuff from what ever kind of developer stuff. developers who want to extend/embedd tomcat will be much more interessted in the api-docs and specs. normal webdevelopers arent interessted in that. 2) Tomcat Development Guide - Web developers - extending/embedding Tomcat 3) Tomcat Upgrade Guide I think this would equate to a lot of feature mapping from one container to another. The Admin's guide should suffice. REALLY all you need to do is drop a .WAR file in and change the port to get the container running standalone. ask someone who ported from jserv to tomcat :)) just the zone handling (which was a real crap in jserv) ... and for those upgrading from servlet api 2.2 to 2.3 there might also be some tiny changes which might result in a major problem ... and even the what is a .war file would be much help for beginners. 4) Appendix Suggest that we move this all up into (0). I'd like people to know these things asap =) With the history of doc reading, I dunno anyone would make it this far! hmm, I do. (like me) tom
RE: PROPOSAL: Tomcat docs
How about (Web?) Application Developers' Guide, to more closely map to the servlet spec terminology. For the other bit, maybe Container Architecture Guide. I think we should avoid the phrase Tomcat Developer since, as this mailing list proves, many application developers think that since they are developing on Tomcat, they are Tomcat developers. Agreed on all counts. As a side-rant, tomcat-dev is really a bad name for this list (and as a pattern for the other Jakarta lists), since a Windows Developer generally is someone who develops for rather than implements the Windows platform, ditto Java Developer, etc. tomcat-contrib, struts-contrib, etc. would be much more intuitive. I won't get into this ;) - r
First day - RE: PROPOSAL: Tomcat docs
Shown below are the results of today's content and organizational suggestions. It's still extreeemely rough, but this is the kind of stuff I like. We're making progress! =) - r 0) Introduction - Why use tomcat, what does it do and what doesn't it do? - Feature list as from tomcat 3 and as from tomcat 4 (group together features and in which versions they appear/dissapear). - Requirements (JDK versions, extra libs?, etc.) - How-to submit a bug - How-to subscribe to tomcat-user/-dev how-to UNSUBSCRIBE :) - Interesting links (api-spec, etc) 1) Administrator's Guide - Quick install (VERY short and simple) - Detailed installation? Not a nice name... - Connectors and beyond. Why choose which connector and why don't use a certain connector? - Tomcat standalone - Apache - IIS - Netscape - Tomcat SSL - Tips - (versioned?) Mini-FAQ - Advanced configuration - Complete server.xml reference - Heavy Load Guide (Loadbalancing) 2) Web Application Developers' Guide - Things to know while developing with Tomcat. The web dev doesn't have to be an admin pro! 3) Container Architecture Guide - In this case also some references to technical docs which explain how to start writing eg custom handlers, etc).
Re: First day - RE: PROPOSAL: Tomcat docs
Rob S. wrote: Shown below are the results of today's content and organizational suggestions. It's still extreeemely rough, but this is the kind of stuff I like. We're making progress! =) - r 0) Introduction - Why use tomcat, what does it do and what doesn't it do? - Feature list as from tomcat 3 and as from tomcat 4 (group together features and in which versions they appear/dissapear). - Requirements (JDK versions, extra libs?, etc.) - How-to submit a bug - How-to subscribe to tomcat-user/-dev how-to UNSUBSCRIBE :) - Interesting links (api-spec, etc) - Comparisons with other containers 1) Administrator's Guide - Quick install (VERY short and simple) - Detailed installation? Not a nice name... - In Depth Installation? - Connectors and beyond. Why choose which connector and why don't use a certain connector? - Tomcat standalone - Apache - IIS - Netscape - Domino ;-) - Tomcat SSL - Tips - Style recommendations - Where to put JARs in different scenarios - (versioned?) Mini-FAQ - Advanced configuration - Complete server.xml reference - Heavy Load Guide (Loadbalancing) - Route map -- what lives where (server.xml/web.xml) 2) Web Application Developers' Guide - Things to know while developing with Tomcat. The web dev doesn't have to be an admin pro! - Links to other servlet/jsp resources I'm guessing that we only want Tomcat specific stuff in here, so general servlet topics might not be appropriate, but for the sake of completeness a couple of worked examples of servlets and jsps might not be out of place. 3) Container Architecture Guide - In this case also some references to technical docs which explain how to start writing eg custom handlers, etc). -- Andy Armstrong, Tagish
Re: First day - RE: PROPOSAL: Tomcat docs
Rob, Please see below for rephrased version of Introduction and Administrator Guide. 0) Introduction - Why use tomcat, what does it do and what doesn't it do? - Feature list as from tomcat 3 and as from tomcat 4 (group together features and in which versions they appear/dissapear). - Requirements (JDK versions, extra libs?, etc.) - How-to submit a bug - How-to subscribe to tomcat-user/-dev how-to UNSUBSCRIBE :) - Interesting links (api-spec, etc) 1) Administrator's Guide - Quick install (VERY short and simple) - Detailed installation? Not a nice name... - Connectors and beyond. Why choose which connector and why don't use a certain connector? - Tomcat standalone - Apache - IIS - Netscape - Tomcat SSL - Tips - (versioned?) Mini-FAQ - Advanced configuration - Complete server.xml reference - Heavy Load Guide (Loadbalancing) I combined the Introduction and Administrator's Guide to Administrator Guide. Actually this is my proposed TOC. And I believe that we need separate document for different Tomcat servers. e.g. 3.3 and 4.0. I. Getting Started 1. Introduction 1.1 What is Tomcat 1.3 About Jakarta Project 1.2 About Apache 2. Installing Tomcat 2.1 Installation Guide 2.2 Supported Platfrom 2.3 Advanced Installation Guide 2.4 Troubleshooting 3. Tomcat Basics 3.1 Overview 3.2 Features 3.3 Directory Structures 4. Running Tomcat 4.1 Startup 4.2 Testing 4.3 Shutdown 5. Web Application 5.1 Installing 5.2 Testing 5.2 Trobleshooting 5.3 Advanced Topics II. Server Administration 6. Configuring Server 7. Configuring Web Applications 8. Security III. Advanced Topics 9. Web Servers and HTTP Connectors 9.1 Apache 9.1.1 mod_jk 9.1.2 mod_jserv 9.1.3 mod_webapp (for Tomcat 4.0) 9.2 IIS 9.3 iPlanet 9.4 Netware 9.5 Lotus Domino 10. Performance Tuning 11. Load-balancing No idea how to do load-balancing in Tomcat, what I know is that it can be done through mod_jserv and mod_jk 12. Using SSL May be under Section 6: Configuring Server? 13. Realms No idea: or should it be under Security? 14. Building from Source 14.1 Getting Source Code 14.2 Compiling 14.3 CVS Repository 15. Get Involved 15.1 How to Contribute 15.2 Guidelines 15.3. Bug Reports 15.3.1 Bug Database 15.3.2 Submitting Bug Reports IV. Appendices A. server.xml reference B. web.xml reference C. Resources C.1 Mailing Lists C.2 Links D. License E. Acknowledgements Credits 2) Web Application Developers' Guide - Things to know while developing with Tomcat. The web dev doesn't have to be an admin pro! 3) Container Architecture Guide - In this case also some references to technical docs which explain how to start writing eg custom handlers, etc). I think this two guides should be separated into two other documents. Comparing the user base and developer base, I think almost all users (administrators) will complain about documentation. So Administrator Guide is the 1st priority I believe. But a introduction section for webapp development should be in the Administrator Guide so that the webapp developers are able to install their webapps to tomcat. While the Webapp developer guides documents some advanced topics. Please advise if anybody get any idea. Regards, Punky
Re: First day - RE: PROPOSAL: Tomcat docs
Punky Tse wrote: Rob, Please see below for rephrased version of Introduction and Administrator Guide. I combined the Introduction and Administrator's Guide to Administrator Guide. Actually this is my proposed TOC. And I believe that we need separate document for different Tomcat servers. e.g. 3.3 and 4.0. snip II. Server Administration 6. Configuring Server 7. Configuring Web Applications 8. Security How about 8.1 Concepts - Explanation of J2EE and Java 2 security models 8.2 Authentication with Realms 8.2.1 Simple realm 8.2.2 JDBC Realm 8.2.3 Custom realms 8.3 Authorization 8.3.1 J2EE role based In particular, it should try to explain in simpler terms than the API spec how J2EE roles are designed to work, covering the mapping from developer roles to deployment roles. 8.3.2 Java 2 security policy III. Advanced Topics 9. Web Servers and HTTP Connectors 9.1 Apache 9.1.1 mod_jk 9.1.2 mod_jserv 9.1.3 mod_webapp (for Tomcat 4.0) 9.2 IIS 9.3 iPlanet 9.4 Netware 9.5 Lotus Domino 10. Performance Tuning 11. Load-balancing No idea how to do load-balancing in Tomcat, what I know is that it can be done through mod_jserv and mod_jk 12. Using SSL May be under Section 6: Configuring Server? 13. Realms No idea: or should it be under Security? Don't think realms should be 'advanced'. It should be convered in security. However, maybe there should be an advanced security section covering 13. Security 13.1 Using Tomcat authentication with Webservers 13.1.1 Apache 13.1.2 IIS 13.1.3 iPlanet 13.1.4 Netware 13.1.5 Lotus Domino Antony