Liam writes "Tomcat is a subproject of the Apache Software Foundation's Jakarta project, its purpose being to serve Java Servlets and JavaServer Pages. It's a complex piece of software and though the documentation is very comprehensive, it helps to have a good reference work to hand. There aren't many books on the subject to choose from, so a publisher could make a fast buck putting out an incomplete work lacking in depth. Fortunately Wrox Press has done a great job with its new publication Professional Apache Tomcat." Read on for the rest of Liam's review.
The book covers every aspect of installing and configuring Tomcat in a great deal of depth, detailing its every aspect. From standalone use (where Tomcat is used as a general web server as well as for serving Java content), to integration with the leading web servers Apache (both Unix and Windows versions) and Microsoft's Internet Information Services, nothing appears to have been left out (however, integration with Netscape's Enterprise Server is mentioned in passing early on, but doesn't appear again).
Being only a month old, it's pretty much bang up to date, covering Tomcat 3.x, 4.0.x and 4.1.x with Apache 1.3.x and 2.0.x and IIS 4 and 5.
The book starts with an introduction to the Apache project, and Tomcat's place in the wider scheme of things. The historical progression in serving dynamic web content from CGI to Servlets and JSP is charted, and there's an overview of JSP tags and general web application architecture. This is interesting enough and useful as background, but as this book is intended for administrators, it's covered quickly in the first two chapters, and the main business of installing Tomcat gets underway in chapter 3.
Installation is discussed with both Windows and Linux users in mind, from both binary and source distributions. As the Tomcat source is usually built with Ant, build and installation of this tool is also discussed (Ant and Log4j, both also part of Jakarta, get chapters of their own later in the book). From there, basic configuration of the standalone server followed by detailed examinations of the components that make up Tomcat's architecture fills the next 200 or so pages.
Serious users of Tomcat will wish to employ Tomcat with an existing web server, and four chapters concentrate on this job. There is more emphasis on Apache than IIS, though given Apache's dominance of the web server field, this is understandable. There is inevitably a certain amount of detail aimed at Apache and IIS configuration, and a basic knowledge of both is assumed throughout. However, any necessary information is included in detail; for example the (Apache) connector modules mod_webapp and mod_jk/jk2 are given a thorough treatment, describing their use from source installation to configuration, together with the pros and cons of the various connectors available. Beyond that, we learn how to design larger-scale setups, with an explanation of load balancing techniques and scaling of the system, and performance testing with JMeter, yet another Jakarta project component.
As ever, security is a major concern and gets a lot of emphasis. Before client authentication and the use of SSL are discussed, there's an overview of basic system security with Unix and Windows. This should be teaching granny to suck eggs for a book aimed at administrators, but it's only a few pages and completes the subject. More interesting are the sections on security realms and user/client authentication. We are presented with examples of authenticating against a MySQL database with JDBC (database connectivity with JDBC is a big enough subject in its own right, and so gets a separate chapter too), and digest authentication. We then move on to encryption with SSL: using Tomcat itself with the JSSE and PureTLS Java SSL implementations, then later with Apache and SSL (setting up mod_ssl with Apache gets a very useful appendix of its own, taken from Professional Apache 2.0, another Wrox book). Again, there's lots of detail, right down to how to get hold of signed certificates for your server. Here the book's general emphasis on Apache over IIS is most apparent, as SSL with IIS is not discussed at all. However, I have no experience with IIS, so I can't say for sure how serious this omission might be.
There's a very brief appendix on setting up Apache's Axis SOAP toolkit, but without any mention of SOAP appearing elsewhere in the book. As other concepts are introduced so well, it's a curious addition.
With nine co-authors (though only four got onto the cover photograph - I wonder if they drew straws?), one might expect wildly different styles throughout the book, but each chapter is consistently and clearly laid out with diagrams and relevant configuration file fragments where necessary. There's little levity and it's all written in a very business-like manner, but then this is hardly a subject you'd choose for holiday reading.
Professional Apache Tomcat is surely the definitive book on the subject. I recently used it to integrate Tomcat 4 with an existing Apache 2 installation, and everything went very smoothly. More than just a set of tutorials, it offers a thorough description of the whole architecture, and makes an excellent companion to either of Wrox's Professional Apache books.
You can purchase Professional Apache Tomcat from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.