Skip to content

Update embedded tomcat from 9.0.102 to 9.0.113 #9122

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mbien merged 1 commit into from
Jan 4, 2026
Merged

Update embedded tomcat from 9.0.102 to 9.0.113 #9122

mbien merged 1 commit into from
Jan 4, 2026

Conversation

@mbien
Copy link
Member

@mbien mbien commented Jan 3, 2026

@mbien mbien added this to the NB29 milestone Jan 3, 2026
@mbien mbien added Java [ci] enable extra Java tests (java.completion, java.source.base, java.hints, refactoring.java, form) Upgrade Library Library (Dependency) Upgrade enterprise [ci] enable enterprise job ci:dev-build [ci] produce a dev-build zip artifact (7 days expiration, see link on workflow summary page) labels Jan 3, 2026
@lkishalmi
Copy link
Contributor

lkishalmi commented Jan 3, 2026

Do we need to embed Tomcat at all? Can't we just use the HTTP Server in the JVM?

@mbien
Copy link
Member Author

mbien commented Jan 3, 2026
edited
Loading

that would have to wait for the JDK 21 bump which would be NB 30, assuming the JDK internal http server covers all use cases. But in theory I don't see why not.

@mbien
Copy link
Member Author

mbien commented Jan 3, 2026

that would have to wait for the JDK 21 bump which would be NB 30

sorry I looked at the wrong JEP which only added CLI support. The com.sun.net.httpserver.HttpServer was already there before. So there would be no need to wait for NB 30.

matthiasblaesing
matthiasblaesing approved these changes Jan 4, 2026
View reviewed changes
Copy link
Contributor

@matthiasblaesing matthiasblaesing left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only eyeballed this, but tomcat releases are stable to my experience and I'm not aware of reflective access to tomcat apis. So this should be good.

@matthiasblaesing
Copy link
Contributor

matthiasblaesing commented Jan 4, 2026
edited
Loading

Do we need to embed Tomcat at all? Can't we just use the HTTP Server in the JVM?

We need to have a look once Tomcat 9 goes end of life (as the old servlet API (javax.servlet). As far as I remember, the server does two thinks:

  1. It exposes resources from inside the VM (see https://github.com/apache/netbeans/blob/master/ide/httpserver/src/org/netbeans/modules/httpserver/WrapperServlet.java)
  2. It allows to call servlets deployed inside the IDE from the outside. (I think the XSLT support does that). (see

    netbeans/ide/httpserver/src/org/netbeans/modules/httpserver/HttpServerModule.java

    Lines 256 to 272 in 805323a

    sw.setServlet(new HttpServlet() {
    @Override
    protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    String className = classFromPath((HttpServletRequest) request);
    LOG.log(Level.FINE, "Servlet class name: {0}", className);
    if (className != null) {
    try {
    Class<?> clazz = Class.forName(className, true, ctx.getParentClassLoader());
    Tomcat.addServlet(ctx, className, (Servlet) clazz.getConstructor().newInstance());
    ctx.addServletMappingDecoded("/servlet/" + className + "/*", className);
    request.getRequestDispatcher(request.getRequestURI()).forward(request, response);
    } catch (ReflectiveOperationException | SecurityException | IllegalArgumentException ex) {
    LOG.log(Level.WARNING, null, ex);
    }
    }
    }
    });
    )

Both things should go away. The HTTP Server of the VM can be part of the solution, but the problem set is bigger.

Edit: Added references to the dispatchers

@mbien mbien merged commit 57fc9ac into apache:master Jan 4, 2026
69 of 70 checks passed
@mbien
Copy link
Member Author

mbien commented Jan 4, 2026

thanks for the review / comments!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matthiasblaesing matthiasblaesing matthiasblaesing approved these changes

Assignees

No one assigned

Labels

ci:dev-build [ci] produce a dev-build zip artifact (7 days expiration, see link on workflow summary page) enterprise [ci] enable enterprise job Java [ci] enable extra Java tests (java.completion, java.source.base, java.hints, refactoring.java, form) Upgrade Library Library (Dependency) Upgrade

Projects

None yet

Milestone

NB29

Development

Successfully merging this pull request may close these issues.

3 participants

@mbien @lkishalmi @matthiasblaesing