Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Tomcat, Undertow, Jetty, Nginx Unit: pros and cons

Geraldo Netto
Geraldo Netto

A quick comparison between Tomcat, Undertow, Jetty, Nginx Unit regarding features, performance, scalability, security, maintainability and extensibility

1 of 33
Tomcat, Undertow, Jetty, Nginx Unit Pros and cons 1
• Features • Performance • Maintainability • Security • Extensibility • Summary 2 Agenda
• The following Java specifications were considered for this analysis: • Servlet (JSR 369) • JSP (JSR 152) • Expression Language (JSR 341) • Web Sockets (JSR 356) • Java NIO/NIO.2 (JSR 203) • HTTP 2 (JEP 110) 3 Features
Features 4 Click to edit Tomcat Undertow Jetty Nginx Unit Servlet 4.0 4.0 4.0 3.1 JSP 2.3 2.3 2.3 2.3 Expression Language 3.0 3.0 3.0 3.0 Web Sockets 1.1 1.1 1.1 1.1 Java NIO/NIO.2 ✅ ✅ ✅ C backend HTTP 2 ✅ ✅ ✅ ❌
• What is Performance? • What is Scalability? • Horizontal/Vertical Scalability • Summary 5 Performance
• There are several definitions for performance In here, the throughput definition used 6 What is Performance? “Premature optimization is the root of all evil.” - Donald Knuth “Throughput is the rate of production or the rate at which something is processed.” - Wikipedia on Throughput
• Any system is a network of queues 7 What is Performance?
8 What is Scalability? “Scalability is the property of a system to handle a growing amount of work by adding resources to the system.” - Wikipedia on Scalability
9 Horizontal/Vertical Scalability “Horizontal scaling means that you scale by adding more machines into your pool of resources whereas Vertical scaling means that you scale by adding more power (CPU, RAM) to an existing machine.” - Stack Overflow answer on Scalability
• In general, they have the same performance • Nginx Unit is still in beta stage as in November 2019 • But it is very promising (multiple programming languages, DPDK, …) • Jetty, Undertow and Tomcat have some minor performance differences, but configuration can mitigate it 10 Performance Summary Tomcat Undertow Jetty Nginx Unit Keep Tomcat if already using it Always configure NIO.2 Use Undertow/WildFly (JBoss) if your webapp requires full JEE support Use Jetty when hardware resources are limited Not enough data to recommend
• What is software maintainability? • Used metrics • Documentation • Lines of code • Test coverage • Summary 11 Maintainability
“The ease with which a software system or component can be modified to correct faults, improve performance or other attributes, or adapt to a changed environment.” - IEEE Glossary of Software Eng. 12 What is Software Maintainability? “The maintainability of software depends on a few different factors. In general, it must be easy to understand the software (how it works, what it does, and why it does it the way it does), easy to find what needs to be change, easy to make changes and easy to check that the changes have not introduced any bugs.” - UK Software Sustainability Institute
• All projects are well documented • Tomcat is the winner here once it is the most popular web application server with many years of documented troubleshooting including Undertow/Wildfly 13 Documentation
• Lines of code is a classic maintainability metric 14 Lines of Code Total Lines of Code Tomcat (9.0.27) Undertow (Wildfly 18.0.0) Jetty (9.4.22) Nginx Unit (master branch 20191023) 430.507 820.318 (contains JEE apis too) 565.122 94.925 “All code is technical debt; Some code just has a higher interest rate.” - Paul McMahon
• Tomcat and Nginx Unit does not follow the maven project structure • Undertow and Jetty are maven projects with a cleaner structure and code base • Test Coverage could not be checked because each web application server has a different approach on test • Tomcat has many tests against regressions • Nginx Unit has many tests against java specifications (the JSR-XXX) • Undertow and Jetty use standard maven for most of the components that are covered but not all (as in 2019-10-23) 15 Test Coverage
16 Maintainability Summary • Tomcat has more documentation on troubleshooting • Undertow, Jetty and Nginx Unit have a much cleaner code case with more coverage
• OWASP has several general and specific recommendations • Common Vulnerabilities and Exposures (CVE) are considered here 17 Security
Tomcat Vulnerabilities 18 Click to editYear # of Vulnerabiliti es DoS Code Execution Overflow XSS Directory Traversal Http Response Splitting Bypass something Gain Information Gain Privileges CSRF 2016 12 2 1 2 5 1 3 1 2017 22 1 3 1 1 1 5 7 2 2018 8 1 1 2019 4 1 1 % Of All 16.4 4.1 3.5 13.5 7.0 0.0 20.5 18.7 4.1 2.3 Source: https://www.cvedetails.com/product/887/Apache-Tomcat.html
WildFly Vulnerabilities 19 Click to editYear # of Vulnerabiliti es DoS Code Execution Overflow XSS Directory Traversal Http Response Splitting Bypass something Gain Information Gain Privileges CSRF 2016 2 1 1 2017 1 1 2018 2 1 1 2019 (N/A) % Of All 22.2 0.0 11.1 0.0 11.1 11.1 0.0 22.2 0.0 11.1 Source: https://www.cvedetails.com/product/27107/Redhat-Jboss-Wildfly-Application-Server.html
Jetty Vulnerabilities 20 Click to editYear # of Vulnerabiliti es DoS Code Execution Overflow XSS Directory Traversal Http Response Splitting Bypass something Gain Information Gain Privileges CSRF 2016 1 1 2017 2 1 1 2018 5 1 2 1 2019 4 1 1 2 % Of All 8.3 0.0 8.3 8.3 0.0 0.0 25.0 41.7 0.0 0.0 Source: https://www.cvedetails.com/product/34824/Eclipse-Jetty.html
21 Security Summary • There are no CVE data regarding Nginx Unit (as in November 2019) • Once it’s written in C, we can infer it may have a greater number of vulnerabilities than a pure java-based web application server • Tomcat is clearly more vulnerable than the others • Jetty comes next • Undertow/Wildfly is the least vulnerable but there is not data for 2019
• Servlet Filter • Application/Container wide Filter • Tomcat Valve • Undertow HttpHandler • Jetty Handler • Nginx Unit Routes 22 Extensibility
23 Servlet Filter What is a filter? “A filter is a reusable piece of code that can transform the content of HTTP requests, responses, and header information. Filters do not generally create a response or respond to a request as servlets do, rather they modify or adapt the requests for a resource, modify or adapt responses from a resource.” - Java Servlet 4.0 specification
24 Tomcat Valve What is a Tomcat Valve? “A Valve element represents a component that will be inserted into the request processing pipeline for the associated Catalina container (Engine, Host, or Context). Individual Valves have distinct processing capabilities (…)” - Tomcat documentation
25 Undertow HttpHandler Undertow HttpHandler Behaviour “Handlers are generally chained together by explicitly specifying the next handler at construction time, there is no pipeline concept, which means that a handler can pick the next handler to invoke based on the current request.” - Undertow documentation
26 Jetty Handler Jetty Handler Behaviour “The Handler is the Jetty component that deals with HTTP requests and responses.” - Jetty documentation
Nginx Unit Routes Behaviour “Nginx Unit configuration offers a routes object to enable elaborate internal routing between listeners and apps. Listeners pass requests to routes or directly to apps. Requests are matched against route step conditions; a request matching all conditions of a step is passed to the app or the route that the step specifies.” - Nginx Unit documentation 27 Nginx Unit Routes
28 Extensibility Summary • Nginx Unit is a clear winner once the route configuration forces the web application decoupling • Tomcat, Undertow, Jetty are equivalent on extensibility but their architecture are very different
29 Summary Tomcat Undertow Jetty Nginx Unit Features Tomcat, Undertow and Jetty are equivalent Use Undertow if JEE support is required Still in development Performance Keep Tomcat if you already have it Undertow has an equivalent performance with Tomcat Use Jetty for resource constrained environments such as cloud Not enough data to recommend Maintainability Tomcat wins on documentation and troubleshooting Undertow, Jetty and Unit are pretty much equivalent on maintainability with a much cleaner code base Security Tomcat has more vulnerabilities than the others Undertow is the least vulnerable but there is no data for 2019 Jetty is the second most vulnerable No CVEs for Unit Extensibility Tomcat, Undertow and Jetty are equivalent Unit has a better approach by proposing decouple web applications to talk to each other with routes
• JSR 152: JavaServer Pages Specification • JSR 203: Java NIO/NIO.2 • JSR 341: Expression Language • JSR 356: Java API for WebSocket • JSR 369: Java Servlet Specification • JSR 372: JavaServer Faces Specification • JEP 110: HTTP/2 Client 30 References
• Apache Tomcat • Undertow • Jetty • Nginx Unit • Tomcat vs. Jetty vs. Undertow: Comparison of Spring Boot Embedded Servlet Containers • Top Java Application Servers: Tomcat vs. Jetty vs. GlassFish vs. WildFly • JBoss vs. Tomcat: Choosing A Java Application Server • Tomcat vs Jetty vs Wildfly runtime comparision 31 References
• Low level programming Igor Zhirkov Apress • Systems Performance – enterprise and the cloud Brendan Gregg Prentice Hall • Performance modeling and design of computer systems Mor Harchol-Balter Cambridge University Press • Operating System Concepts Silberschatz, Gagne, Galvin John Wiley & Sons 32 References
33 Thank you! Geraldo Netto geraldo.netto@gmail.com

Recommended

Java Performance Analysis on Linux with Flame Graphs
Java Performance Analysis on Linux with Flame GraphsJava Performance Analysis on Linux with Flame Graphs
Java Performance Analysis on Linux with Flame Graphs
Brendan Gregg
 
From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.
Taras Matyashovsky
 
Monitoring Microservices
Monitoring MicroservicesMonitoring Microservices
Monitoring Microservices
Weaveworks
 
Secrets of Performance Tuning Java on Kubernetes
Secrets of Performance Tuning Java on KubernetesSecrets of Performance Tuning Java on Kubernetes
Secrets of Performance Tuning Java on Kubernetes
Bruno Borges
 
[Outdated] Secrets of Performance Tuning Java on Kubernetes
[Outdated] Secrets of Performance Tuning Java on Kubernetes[Outdated] Secrets of Performance Tuning Java on Kubernetes
[Outdated] Secrets of Performance Tuning Java on Kubernetes
Bruno Borges
 
Kvm performance optimization for ubuntu
Kvm performance optimization for ubuntuKvm performance optimization for ubuntu
Kvm performance optimization for ubuntu
Sim Janghoon
 
Windows IOCP vs Linux EPOLL Performance Comparison
Windows IOCP vs Linux EPOLL Performance ComparisonWindows IOCP vs Linux EPOLL Performance Comparison
Windows IOCP vs Linux EPOLL Performance Comparison
Seungmo Koo
 
Using eBPF for High-Performance Networking in Cilium
Using eBPF for High-Performance Networking in CiliumUsing eBPF for High-Performance Networking in Cilium
Using eBPF for High-Performance Networking in Cilium
ScyllaDB
 
HotSpot Synchronization, A Peek Under the Hood [JavaOne 2015 CON7570]
HotSpot Synchronization, A Peek Under the Hood [JavaOne 2015 CON7570]HotSpot Synchronization, A Peek Under the Hood [JavaOne 2015 CON7570]
HotSpot Synchronization, A Peek Under the Hood [JavaOne 2015 CON7570]
David Buck
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting router
Shu Sugimoto
 
Performance Tuning EC2 Instances
Performance Tuning EC2 InstancesPerformance Tuning EC2 Instances
Performance Tuning EC2 Instances
Brendan Gregg
 
Apache Knox setup and hive and hdfs Access using KNOX
Apache Knox setup and hive and hdfs Access using KNOXApache Knox setup and hive and hdfs Access using KNOX
Apache Knox setup and hive and hdfs Access using KNOX
Abhishek Mallick
 
InnoDB Locking Explained with Stick Figures
InnoDB Locking Explained with Stick FiguresInnoDB Locking Explained with Stick Figures
InnoDB Locking Explained with Stick Figures
Karwin Software Solutions LLC
 
A Java Microservices Spring Boot and Docker case study.
A Java Microservices Spring Boot and Docker case study.A Java Microservices Spring Boot and Docker case study.
A Java Microservices Spring Boot and Docker case study.
Subramanyam Vemala
 
Introduction to Storm
Introduction to Storm Introduction to Storm
Introduction to Storm
Chandler Huang
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
Eueung Mulyana
 
Apache tomcat
Apache tomcatApache tomcat
Apache tomcat
Shashwat Shriparv
 
Scalability, Availability & Stability Patterns
Scalability, Availability & Stability PatternsScalability, Availability & Stability Patterns
Scalability, Availability & Stability Patterns
Jonas Bonér
 
Twitter - Architecture and Scalability lessons
Twitter - Architecture and Scalability lessonsTwitter - Architecture and Scalability lessons
Twitter - Architecture and Scalability lessons
Aditya Rao
 
为啥别读HotSpot VM的源码(2012-03-03)
为啥别读HotSpot VM的源码(2012-03-03)为啥别读HotSpot VM的源码(2012-03-03)
为啥别读HotSpot VM的源码(2012-03-03)
Kris Mok
 
Integrating microservices with apache camel on kubernetes
Integrating microservices with apache camel on kubernetesIntegrating microservices with apache camel on kubernetes
Integrating microservices with apache camel on kubernetes
Claus Ibsen
 
Empowering Your Java Applications with Quarkus. A New Era of Fast, Efficient,...
Empowering Your Java Applications with Quarkus. A New Era of Fast, Efficient,...Empowering Your Java Applications with Quarkus. A New Era of Fast, Efficient,...
Empowering Your Java Applications with Quarkus. A New Era of Fast, Efficient,...
Ivelin Yanev
 
Intrinsic Methods in HotSpot VM
Intrinsic Methods in HotSpot VMIntrinsic Methods in HotSpot VM
Intrinsic Methods in HotSpot VM
Kris Mok
 
DevOps - CI/CD 알아보기
DevOps - CI/CD 알아보기DevOps - CI/CD 알아보기
DevOps - CI/CD 알아보기
SeungYong Baek
 
High Concurrency Architecture and Laravel Performance Tuning
High Concurrency Architecture and Laravel Performance TuningHigh Concurrency Architecture and Laravel Performance Tuning
High Concurrency Architecture and Laravel Performance Tuning
Albert Chen
 
차곡차곡 쉽게 알아가는 Elasticsearch와 Node.js
차곡차곡 쉽게 알아가는 Elasticsearch와 Node.js차곡차곡 쉽게 알아가는 Elasticsearch와 Node.js
차곡차곡 쉽게 알아가는 Elasticsearch와 Node.js
HeeJung Hwang
 
Understanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring BootUnderstanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring Boot
Kashif Ali Siddiqui
 
Scylla Summit 2022: Scylla 5.0 New Features, Part 1
Scylla Summit 2022: Scylla 5.0 New Features, Part 1Scylla Summit 2022: Scylla 5.0 New Features, Part 1
Scylla Summit 2022: Scylla 5.0 New Features, Part 1
ScyllaDB
 
Introduction to Apache Tomcat 7 Presentation
Introduction to Apache Tomcat 7 PresentationIntroduction to Apache Tomcat 7 Presentation
Introduction to Apache Tomcat 7 Presentation
Tomcat Expert
 
Jetty Vs Tomcat
Jetty Vs TomcatJetty Vs Tomcat
Jetty Vs Tomcat
Tomoaki Sawada
 

More Related Content

What's hot (20)

HotSpot Synchronization, A Peek Under the Hood [JavaOne 2015 CON7570]
HotSpot Synchronization, A Peek Under the Hood [JavaOne 2015 CON7570]HotSpot Synchronization, A Peek Under the Hood [JavaOne 2015 CON7570]
HotSpot Synchronization, A Peek Under the Hood [JavaOne 2015 CON7570]
David Buck
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting router
Shu Sugimoto
 
Performance Tuning EC2 Instances
Performance Tuning EC2 InstancesPerformance Tuning EC2 Instances
Performance Tuning EC2 Instances
Brendan Gregg
 
Apache Knox setup and hive and hdfs Access using KNOX
Apache Knox setup and hive and hdfs Access using KNOXApache Knox setup and hive and hdfs Access using KNOX
Apache Knox setup and hive and hdfs Access using KNOX
Abhishek Mallick
 
InnoDB Locking Explained with Stick Figures
InnoDB Locking Explained with Stick FiguresInnoDB Locking Explained with Stick Figures
InnoDB Locking Explained with Stick Figures
Karwin Software Solutions LLC
 
A Java Microservices Spring Boot and Docker case study.
A Java Microservices Spring Boot and Docker case study.A Java Microservices Spring Boot and Docker case study.
A Java Microservices Spring Boot and Docker case study.
Subramanyam Vemala
 
Introduction to Storm
Introduction to Storm Introduction to Storm
Introduction to Storm
Chandler Huang
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
Eueung Mulyana
 
Apache tomcat
Apache tomcatApache tomcat
Apache tomcat
Shashwat Shriparv
 
Scalability, Availability & Stability Patterns
Scalability, Availability & Stability PatternsScalability, Availability & Stability Patterns
Scalability, Availability & Stability Patterns
Jonas Bonér
 
Twitter - Architecture and Scalability lessons
Twitter - Architecture and Scalability lessonsTwitter - Architecture and Scalability lessons
Twitter - Architecture and Scalability lessons
Aditya Rao
 
为啥别读HotSpot VM的源码(2012-03-03)
为啥别读HotSpot VM的源码(2012-03-03)为啥别读HotSpot VM的源码(2012-03-03)
为啥别读HotSpot VM的源码(2012-03-03)
Kris Mok
 
Integrating microservices with apache camel on kubernetes
Integrating microservices with apache camel on kubernetesIntegrating microservices with apache camel on kubernetes
Integrating microservices with apache camel on kubernetes
Claus Ibsen
 
Empowering Your Java Applications with Quarkus. A New Era of Fast, Efficient,...
Empowering Your Java Applications with Quarkus. A New Era of Fast, Efficient,...Empowering Your Java Applications with Quarkus. A New Era of Fast, Efficient,...
Empowering Your Java Applications with Quarkus. A New Era of Fast, Efficient,...
Ivelin Yanev
 
Intrinsic Methods in HotSpot VM
Intrinsic Methods in HotSpot VMIntrinsic Methods in HotSpot VM
Intrinsic Methods in HotSpot VM
Kris Mok
 
DevOps - CI/CD 알아보기
DevOps - CI/CD 알아보기DevOps - CI/CD 알아보기
DevOps - CI/CD 알아보기
SeungYong Baek
 
High Concurrency Architecture and Laravel Performance Tuning
High Concurrency Architecture and Laravel Performance TuningHigh Concurrency Architecture and Laravel Performance Tuning
High Concurrency Architecture and Laravel Performance Tuning
Albert Chen
 
차곡차곡 쉽게 알아가는 Elasticsearch와 Node.js
차곡차곡 쉽게 알아가는 Elasticsearch와 Node.js차곡차곡 쉽게 알아가는 Elasticsearch와 Node.js
차곡차곡 쉽게 알아가는 Elasticsearch와 Node.js
HeeJung Hwang
 
Understanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring BootUnderstanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring Boot
Kashif Ali Siddiqui
 
Scylla Summit 2022: Scylla 5.0 New Features, Part 1
Scylla Summit 2022: Scylla 5.0 New Features, Part 1Scylla Summit 2022: Scylla 5.0 New Features, Part 1
Scylla Summit 2022: Scylla 5.0 New Features, Part 1
ScyllaDB
 
HotSpot Synchronization, A Peek Under the Hood [JavaOne 2015 CON7570]
HotSpot Synchronization, A Peek Under the Hood [JavaOne 2015 CON7570]HotSpot Synchronization, A Peek Under the Hood [JavaOne 2015 CON7570]
HotSpot Synchronization, A Peek Under the Hood [JavaOne 2015 CON7570]
David Buck
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting router
Shu Sugimoto
 
Performance Tuning EC2 Instances
Performance Tuning EC2 InstancesPerformance Tuning EC2 Instances
Performance Tuning EC2 Instances
Brendan Gregg
 
Apache Knox setup and hive and hdfs Access using KNOX
Apache Knox setup and hive and hdfs Access using KNOXApache Knox setup and hive and hdfs Access using KNOX
Apache Knox setup and hive and hdfs Access using KNOX
Abhishek Mallick
 
InnoDB Locking Explained with Stick Figures
InnoDB Locking Explained with Stick FiguresInnoDB Locking Explained with Stick Figures
InnoDB Locking Explained with Stick Figures
Karwin Software Solutions LLC
 
A Java Microservices Spring Boot and Docker case study.
A Java Microservices Spring Boot and Docker case study.A Java Microservices Spring Boot and Docker case study.
A Java Microservices Spring Boot and Docker case study.
Subramanyam Vemala
 
Introduction to Storm
Introduction to Storm Introduction to Storm
Introduction to Storm
Chandler Huang
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
Eueung Mulyana
 
Apache tomcat
Apache tomcatApache tomcat
Apache tomcat
Shashwat Shriparv
 
Scalability, Availability & Stability Patterns
Scalability, Availability & Stability PatternsScalability, Availability & Stability Patterns
Scalability, Availability & Stability Patterns
Jonas Bonér
 
Twitter - Architecture and Scalability lessons
Twitter - Architecture and Scalability lessonsTwitter - Architecture and Scalability lessons
Twitter - Architecture and Scalability lessons
Aditya Rao
 
为啥别读HotSpot VM的源码(2012-03-03)
为啥别读HotSpot VM的源码(2012-03-03)为啥别读HotSpot VM的源码(2012-03-03)
为啥别读HotSpot VM的源码(2012-03-03)
Kris Mok
 
Integrating microservices with apache camel on kubernetes
Integrating microservices with apache camel on kubernetesIntegrating microservices with apache camel on kubernetes
Integrating microservices with apache camel on kubernetes
Claus Ibsen
 
Empowering Your Java Applications with Quarkus. A New Era of Fast, Efficient,...
Empowering Your Java Applications with Quarkus. A New Era of Fast, Efficient,...Empowering Your Java Applications with Quarkus. A New Era of Fast, Efficient,...
Empowering Your Java Applications with Quarkus. A New Era of Fast, Efficient,...
Ivelin Yanev
 
Intrinsic Methods in HotSpot VM
Intrinsic Methods in HotSpot VMIntrinsic Methods in HotSpot VM
Intrinsic Methods in HotSpot VM
Kris Mok
 
DevOps - CI/CD 알아보기
DevOps - CI/CD 알아보기DevOps - CI/CD 알아보기
DevOps - CI/CD 알아보기
SeungYong Baek
 
High Concurrency Architecture and Laravel Performance Tuning
High Concurrency Architecture and Laravel Performance TuningHigh Concurrency Architecture and Laravel Performance Tuning
High Concurrency Architecture and Laravel Performance Tuning
Albert Chen
 
차곡차곡 쉽게 알아가는 Elasticsearch와 Node.js
차곡차곡 쉽게 알아가는 Elasticsearch와 Node.js차곡차곡 쉽게 알아가는 Elasticsearch와 Node.js
차곡차곡 쉽게 알아가는 Elasticsearch와 Node.js
HeeJung Hwang
 
Understanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring BootUnderstanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring Boot
Kashif Ali Siddiqui
 
Scylla Summit 2022: Scylla 5.0 New Features, Part 1
Scylla Summit 2022: Scylla 5.0 New Features, Part 1Scylla Summit 2022: Scylla 5.0 New Features, Part 1
Scylla Summit 2022: Scylla 5.0 New Features, Part 1
ScyllaDB
 

Similar to Tomcat, Undertow, Jetty, Nginx Unit: pros and cons (20)

Introduction to Apache Tomcat 7 Presentation
Introduction to Apache Tomcat 7 PresentationIntroduction to Apache Tomcat 7 Presentation
Introduction to Apache Tomcat 7 Presentation
Tomcat Expert
 
Jetty Vs Tomcat
Jetty Vs TomcatJetty Vs Tomcat
Jetty Vs Tomcat
Tomoaki Sawada
 
Apache Tomcat 7 by Filip Hanik
Apache Tomcat 7 by Filip HanikApache Tomcat 7 by Filip Hanik
Apache Tomcat 7 by Filip Hanik
Edgar Espina
 
JDK 8 and JDK 8 Updates in OpenJDK
JDK 8 and JDK 8 Updates in OpenJDKJDK 8 and JDK 8 Updates in OpenJDK
JDK 8 and JDK 8 Updates in OpenJDK
Wolfgang Weigend
 
Ebs performance tuning session feb 13 2013---Presented by Oracle
Ebs performance tuning session feb 13 2013---Presented by OracleEbs performance tuning session feb 13 2013---Presented by Oracle
Ebs performance tuning session feb 13 2013---Presented by Oracle
Akash Pramanik
 
Performance of Microservice frameworks on different JVMs
Performance of Microservice frameworks on different JVMsPerformance of Microservice frameworks on different JVMs
Performance of Microservice frameworks on different JVMs
Maarten Smeets
 
Fastest Servlets in the West
Fastest Servlets in the WestFastest Servlets in the West
Fastest Servlets in the West
Stuart (Pid) Williams
 
JDK 10 Java Module System
JDK 10 Java Module SystemJDK 10 Java Module System
JDK 10 Java Module System
Wolfgang Weigend
 
Session 41 - Struts 2 Introduction
Session 41 - Struts 2 IntroductionSession 41 - Struts 2 Introduction
Session 41 - Struts 2 Introduction
PawanMM
 
Struts 2 - Introduction
Struts 2 - Introduction Struts 2 - Introduction
Struts 2 - Introduction
Hitesh-Java
 
Performance of Microservice Frameworks on different JVMs
Performance of Microservice Frameworks on different JVMsPerformance of Microservice Frameworks on different JVMs
Performance of Microservice Frameworks on different JVMs
Maarten Smeets
 
Weblogic 101 for dba
Weblogic 101 for dbaWeblogic 101 for dba
Weblogic 101 for dba
Osama Mustafa
 
Arun Gupta: London Java Community: Java EE 6 and GlassFish 3
Arun Gupta: London Java Community: Java EE 6 and GlassFish 3 Arun Gupta: London Java Community: Java EE 6 and GlassFish 3
Arun Gupta: London Java Community: Java EE 6 and GlassFish 3
Skills Matter
 
Java EE 6 & GlassFish 3: Light-weight, Extensible, and Powerful @ JAX London ...
Java EE 6 & GlassFish 3: Light-weight, Extensible, and Powerful @ JAX London ...Java EE 6 & GlassFish 3: Light-weight, Extensible, and Powerful @ JAX London ...
Java EE 6 & GlassFish 3: Light-weight, Extensible, and Powerful @ JAX London ...
Arun Gupta
 
Overview of Java EE 6 by Roberto Chinnici at SFJUG
Overview of Java EE 6 by Roberto Chinnici at SFJUGOverview of Java EE 6 by Roberto Chinnici at SFJUG
Overview of Java EE 6 by Roberto Chinnici at SFJUG
Marakana Inc.
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And Beyond
VMware Tanzu
 
Comparison between zookeeper, etcd 3 and other distributed coordination systems
Comparison between zookeeper, etcd 3 and other distributed coordination systemsComparison between zookeeper, etcd 3 and other distributed coordination systems
Comparison between zookeeper, etcd 3 and other distributed coordination systems
Imesha Sudasingha
 
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...
Frank Munz
 
Cloud compiler - Minor Project by students of CBPGEC
Cloud compiler - Minor Project by students of CBPGEC Cloud compiler - Minor Project by students of CBPGEC
Cloud compiler - Minor Project by students of CBPGEC
vipin kumar
 
Java EE 6 & GlassFish = Less Code + More Power at CEJUG
Java EE 6 & GlassFish = Less Code + More Power at CEJUGJava EE 6 & GlassFish = Less Code + More Power at CEJUG
Java EE 6 & GlassFish = Less Code + More Power at CEJUG
Arun Gupta
 
Introduction to Apache Tomcat 7 Presentation
Introduction to Apache Tomcat 7 PresentationIntroduction to Apache Tomcat 7 Presentation
Introduction to Apache Tomcat 7 Presentation
Tomcat Expert
 
Jetty Vs Tomcat
Jetty Vs TomcatJetty Vs Tomcat
Jetty Vs Tomcat
Tomoaki Sawada
 
Apache Tomcat 7 by Filip Hanik
Apache Tomcat 7 by Filip HanikApache Tomcat 7 by Filip Hanik
Apache Tomcat 7 by Filip Hanik
Edgar Espina
 
JDK 8 and JDK 8 Updates in OpenJDK
JDK 8 and JDK 8 Updates in OpenJDKJDK 8 and JDK 8 Updates in OpenJDK
JDK 8 and JDK 8 Updates in OpenJDK
Wolfgang Weigend
 
Ebs performance tuning session feb 13 2013---Presented by Oracle
Ebs performance tuning session feb 13 2013---Presented by OracleEbs performance tuning session feb 13 2013---Presented by Oracle
Ebs performance tuning session feb 13 2013---Presented by Oracle
Akash Pramanik
 
Performance of Microservice frameworks on different JVMs
Performance of Microservice frameworks on different JVMsPerformance of Microservice frameworks on different JVMs
Performance of Microservice frameworks on different JVMs
Maarten Smeets
 
Fastest Servlets in the West
Fastest Servlets in the WestFastest Servlets in the West
Fastest Servlets in the West
Stuart (Pid) Williams
 
JDK 10 Java Module System
JDK 10 Java Module SystemJDK 10 Java Module System
JDK 10 Java Module System
Wolfgang Weigend
 
Session 41 - Struts 2 Introduction
Session 41 - Struts 2 IntroductionSession 41 - Struts 2 Introduction
Session 41 - Struts 2 Introduction
PawanMM
 
Struts 2 - Introduction
Struts 2 - Introduction Struts 2 - Introduction
Struts 2 - Introduction
Hitesh-Java
 
Performance of Microservice Frameworks on different JVMs
Performance of Microservice Frameworks on different JVMsPerformance of Microservice Frameworks on different JVMs
Performance of Microservice Frameworks on different JVMs
Maarten Smeets
 
Weblogic 101 for dba
Weblogic 101 for dbaWeblogic 101 for dba
Weblogic 101 for dba
Osama Mustafa
 
Arun Gupta: London Java Community: Java EE 6 and GlassFish 3
Arun Gupta: London Java Community: Java EE 6 and GlassFish 3 Arun Gupta: London Java Community: Java EE 6 and GlassFish 3
Arun Gupta: London Java Community: Java EE 6 and GlassFish 3
Skills Matter
 
Java EE 6 & GlassFish 3: Light-weight, Extensible, and Powerful @ JAX London ...
Java EE 6 & GlassFish 3: Light-weight, Extensible, and Powerful @ JAX London ...Java EE 6 & GlassFish 3: Light-weight, Extensible, and Powerful @ JAX London ...
Java EE 6 & GlassFish 3: Light-weight, Extensible, and Powerful @ JAX London ...
Arun Gupta
 
Overview of Java EE 6 by Roberto Chinnici at SFJUG
Overview of Java EE 6 by Roberto Chinnici at SFJUGOverview of Java EE 6 by Roberto Chinnici at SFJUG
Overview of Java EE 6 by Roberto Chinnici at SFJUG
Marakana Inc.
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And Beyond
VMware Tanzu
 
Comparison between zookeeper, etcd 3 and other distributed coordination systems
Comparison between zookeeper, etcd 3 and other distributed coordination systemsComparison between zookeeper, etcd 3 and other distributed coordination systems
Comparison between zookeeper, etcd 3 and other distributed coordination systems
Imesha Sudasingha
 
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...
Frank Munz
 
Cloud compiler - Minor Project by students of CBPGEC
Cloud compiler - Minor Project by students of CBPGEC Cloud compiler - Minor Project by students of CBPGEC
Cloud compiler - Minor Project by students of CBPGEC
vipin kumar
 
Java EE 6 & GlassFish = Less Code + More Power at CEJUG
Java EE 6 & GlassFish = Less Code + More Power at CEJUGJava EE 6 & GlassFish = Less Code + More Power at CEJUG
Java EE 6 & GlassFish = Less Code + More Power at CEJUG
Arun Gupta
 

Recently uploaded (20)

Transform Your Future with Front-End Development Training
Transform Your Future with Front-End Development TrainingTransform Your Future with Front-End Development Training
Transform Your Future with Front-End Development Training
Vtechlabs
 
Why Ivalua: A Relational Acquisition Model (RAM 2025) Comparison
Why Ivalua: A Relational Acquisition Model (RAM 2025) ComparisonWhy Ivalua: A Relational Acquisition Model (RAM 2025) Comparison
Why Ivalua: A Relational Acquisition Model (RAM 2025) Comparison
Jon Hansen
 
UiPath Automation Developer Associate Training Series 2025 - Session 2
UiPath Automation Developer Associate Training Series 2025 - Session 2UiPath Automation Developer Associate Training Series 2025 - Session 2
UiPath Automation Developer Associate Training Series 2025 - Session 2
DianaGray10
 
Endpoint Backup: 3 Reasons MSPs Ignore It
Endpoint Backup: 3 Reasons MSPs Ignore ItEndpoint Backup: 3 Reasons MSPs Ignore It
Endpoint Backup: 3 Reasons MSPs Ignore It
MSP360
 
MIND Revenue Release Quarter 4 2024 - Finacial Presentation
MIND Revenue Release Quarter 4 2024 - Finacial PresentationMIND Revenue Release Quarter 4 2024 - Finacial Presentation
MIND Revenue Release Quarter 4 2024 - Finacial Presentation
MIND CTI
 
Technology use over time and its impact on consumers and businesses.pptx
Technology use over time and its impact on consumers and businesses.pptxTechnology use over time and its impact on consumers and businesses.pptx
Technology use over time and its impact on consumers and businesses.pptx
kaylagaze
 
30B Images and Counting: Scaling Canva's Content-Understanding Pipelines by K...
30B Images and Counting: Scaling Canva's Content-Understanding Pipelines by K...30B Images and Counting: Scaling Canva's Content-Understanding Pipelines by K...
30B Images and Counting: Scaling Canva's Content-Understanding Pipelines by K...
ScyllaDB
 
[Webinar] Scaling Made Simple: Getting Started with No-Code Web Apps
[Webinar] Scaling Made Simple: Getting Started with No-Code Web Apps[Webinar] Scaling Made Simple: Getting Started with No-Code Web Apps
[Webinar] Scaling Made Simple: Getting Started with No-Code Web Apps
Safe Software
 
Bridging the Gap from Telco to Techco with Agile Architecture
Bridging the Gap from Telco to Techco with Agile ArchitectureBridging the Gap from Telco to Techco with Agile Architecture
Bridging the Gap from Telco to Techco with Agile Architecture
BATbern
 
Formal Methods: Whence and Whither? [Martin Fränzle Festkolloquium, 2025]
Formal Methods: Whence and Whither? [Martin Fränzle Festkolloquium, 2025]Formal Methods: Whence and Whither? [Martin Fränzle Festkolloquium, 2025]
Formal Methods: Whence and Whither? [Martin Fränzle Festkolloquium, 2025]
Jonathan Bowen
 
A Framework for Model-Driven Digital Twin Engineering
A Framework for Model-Driven Digital Twin EngineeringA Framework for Model-Driven Digital Twin Engineering
A Framework for Model-Driven Digital Twin Engineering
Daniel Lehner
 
ScyllaDB: 10 Years and Beyond by Dor Laor
ScyllaDB: 10 Years and Beyond by Dor LaorScyllaDB: 10 Years and Beyond by Dor Laor
ScyllaDB: 10 Years and Beyond by Dor Laor
ScyllaDB
 
Brave Browser Crack 1.45.133 Activated 2025
Brave Browser Crack 1.45.133 Activated 2025Brave Browser Crack 1.45.133 Activated 2025
Brave Browser Crack 1.45.133 Activated 2025
kherorpacca00126
 
Integrated Operating Window - A Gateway to PM
Integrated Operating Window - A Gateway to PMIntegrated Operating Window - A Gateway to PM
Integrated Operating Window - A Gateway to PM
Farhan Tariq
 
Cisco Duo 2024 Cisco Duo 2024 Cisco Duo 2024
Cisco Duo 2024 Cisco Duo 2024 Cisco Duo 2024Cisco Duo 2024 Cisco Duo 2024 Cisco Duo 2024
Cisco Duo 2024 Cisco Duo 2024 Cisco Duo 2024
MichaelLee15927
 
SMART SENTRY CYBER THREAT INTELLIGENCE IN IIOT
SMART SENTRY CYBER THREAT INTELLIGENCE IN IIOTSMART SENTRY CYBER THREAT INTELLIGENCE IN IIOT
SMART SENTRY CYBER THREAT INTELLIGENCE IN IIOT
TanmaiArni
 
Early Adopter's Guide to AI Moderation (Preview)
Early Adopter's Guide to AI Moderation (Preview)Early Adopter's Guide to AI Moderation (Preview)
Early Adopter's Guide to AI Moderation (Preview)
nick896721
 
UiPath NY AI Series: Session 1: Introduction to Agentic AI with UiPath
UiPath NY AI Series: Session 1: Introduction to Agentic AI with UiPathUiPath NY AI Series: Session 1: Introduction to Agentic AI with UiPath
UiPath NY AI Series: Session 1: Introduction to Agentic AI with UiPath
DianaGray10
 
Automated Minutes - Redefining Capturing & Creating Minutes
Automated Minutes - Redefining Capturing & Creating MinutesAutomated Minutes - Redefining Capturing & Creating Minutes
Automated Minutes - Redefining Capturing & Creating Minutes
OnBoard
 
CFD Studio Credentials – Branding, Design & Development
CFD Studio Credentials – Branding, Design & DevelopmentCFD Studio Credentials – Branding, Design & Development
CFD Studio Credentials – Branding, Design & Development
trannghia2018
 
Transform Your Future with Front-End Development Training
Transform Your Future with Front-End Development TrainingTransform Your Future with Front-End Development Training
Transform Your Future with Front-End Development Training
Vtechlabs
 
Why Ivalua: A Relational Acquisition Model (RAM 2025) Comparison
Why Ivalua: A Relational Acquisition Model (RAM 2025) ComparisonWhy Ivalua: A Relational Acquisition Model (RAM 2025) Comparison
Why Ivalua: A Relational Acquisition Model (RAM 2025) Comparison
Jon Hansen
 
UiPath Automation Developer Associate Training Series 2025 - Session 2
UiPath Automation Developer Associate Training Series 2025 - Session 2UiPath Automation Developer Associate Training Series 2025 - Session 2
UiPath Automation Developer Associate Training Series 2025 - Session 2
DianaGray10
 
Endpoint Backup: 3 Reasons MSPs Ignore It
Endpoint Backup: 3 Reasons MSPs Ignore ItEndpoint Backup: 3 Reasons MSPs Ignore It
Endpoint Backup: 3 Reasons MSPs Ignore It
MSP360
 
MIND Revenue Release Quarter 4 2024 - Finacial Presentation
MIND Revenue Release Quarter 4 2024 - Finacial PresentationMIND Revenue Release Quarter 4 2024 - Finacial Presentation
MIND Revenue Release Quarter 4 2024 - Finacial Presentation
MIND CTI
 
Technology use over time and its impact on consumers and businesses.pptx
Technology use over time and its impact on consumers and businesses.pptxTechnology use over time and its impact on consumers and businesses.pptx
Technology use over time and its impact on consumers and businesses.pptx
kaylagaze
 
30B Images and Counting: Scaling Canva's Content-Understanding Pipelines by K...
30B Images and Counting: Scaling Canva's Content-Understanding Pipelines by K...30B Images and Counting: Scaling Canva's Content-Understanding Pipelines by K...
30B Images and Counting: Scaling Canva's Content-Understanding Pipelines by K...
ScyllaDB
 
[Webinar] Scaling Made Simple: Getting Started with No-Code Web Apps
[Webinar] Scaling Made Simple: Getting Started with No-Code Web Apps[Webinar] Scaling Made Simple: Getting Started with No-Code Web Apps
[Webinar] Scaling Made Simple: Getting Started with No-Code Web Apps
Safe Software
 
Bridging the Gap from Telco to Techco with Agile Architecture
Bridging the Gap from Telco to Techco with Agile ArchitectureBridging the Gap from Telco to Techco with Agile Architecture
Bridging the Gap from Telco to Techco with Agile Architecture
BATbern
 
Formal Methods: Whence and Whither? [Martin Fränzle Festkolloquium, 2025]
Formal Methods: Whence and Whither? [Martin Fränzle Festkolloquium, 2025]Formal Methods: Whence and Whither? [Martin Fränzle Festkolloquium, 2025]
Formal Methods: Whence and Whither? [Martin Fränzle Festkolloquium, 2025]
Jonathan Bowen
 
A Framework for Model-Driven Digital Twin Engineering
A Framework for Model-Driven Digital Twin EngineeringA Framework for Model-Driven Digital Twin Engineering
A Framework for Model-Driven Digital Twin Engineering
Daniel Lehner
 
ScyllaDB: 10 Years and Beyond by Dor Laor
ScyllaDB: 10 Years and Beyond by Dor LaorScyllaDB: 10 Years and Beyond by Dor Laor
ScyllaDB: 10 Years and Beyond by Dor Laor
ScyllaDB
 
Brave Browser Crack 1.45.133 Activated 2025
Brave Browser Crack 1.45.133 Activated 2025Brave Browser Crack 1.45.133 Activated 2025
Brave Browser Crack 1.45.133 Activated 2025
kherorpacca00126
 
Integrated Operating Window - A Gateway to PM
Integrated Operating Window - A Gateway to PMIntegrated Operating Window - A Gateway to PM
Integrated Operating Window - A Gateway to PM
Farhan Tariq
 
Cisco Duo 2024 Cisco Duo 2024 Cisco Duo 2024
Cisco Duo 2024 Cisco Duo 2024 Cisco Duo 2024Cisco Duo 2024 Cisco Duo 2024 Cisco Duo 2024
Cisco Duo 2024 Cisco Duo 2024 Cisco Duo 2024
MichaelLee15927
 
SMART SENTRY CYBER THREAT INTELLIGENCE IN IIOT
SMART SENTRY CYBER THREAT INTELLIGENCE IN IIOTSMART SENTRY CYBER THREAT INTELLIGENCE IN IIOT
SMART SENTRY CYBER THREAT INTELLIGENCE IN IIOT
TanmaiArni
 
Early Adopter's Guide to AI Moderation (Preview)
Early Adopter's Guide to AI Moderation (Preview)Early Adopter's Guide to AI Moderation (Preview)
Early Adopter's Guide to AI Moderation (Preview)
nick896721
 
UiPath NY AI Series: Session 1: Introduction to Agentic AI with UiPath
UiPath NY AI Series: Session 1: Introduction to Agentic AI with UiPathUiPath NY AI Series: Session 1: Introduction to Agentic AI with UiPath
UiPath NY AI Series: Session 1: Introduction to Agentic AI with UiPath
DianaGray10
 
Automated Minutes - Redefining Capturing & Creating Minutes
Automated Minutes - Redefining Capturing & Creating MinutesAutomated Minutes - Redefining Capturing & Creating Minutes
Automated Minutes - Redefining Capturing & Creating Minutes
OnBoard
 
CFD Studio Credentials – Branding, Design & Development
CFD Studio Credentials – Branding, Design & DevelopmentCFD Studio Credentials – Branding, Design & Development
CFD Studio Credentials – Branding, Design & Development
trannghia2018
 

Tomcat, Undertow, Jetty, Nginx Unit: pros and cons

  • 1. Tomcat, Undertow, Jetty, Nginx Unit Pros and cons 1
  • 2. • Features • Performance • Maintainability • Security • Extensibility • Summary 2 Agenda
  • 3. • The following Java specifications were considered for this analysis: • Servlet (JSR 369) • JSP (JSR 152) • Expression Language (JSR 341) • Web Sockets (JSR 356) • Java NIO/NIO.2 (JSR 203) • HTTP 2 (JEP 110) 3 Features
  • 4. Features 4 Click to edit Tomcat Undertow Jetty Nginx Unit Servlet 4.0 4.0 4.0 3.1 JSP 2.3 2.3 2.3 2.3 Expression Language 3.0 3.0 3.0 3.0 Web Sockets 1.1 1.1 1.1 1.1 Java NIO/NIO.2 ✅ ✅ ✅ C backend HTTP 2 ✅ ✅ ✅ ❌
  • 5. • What is Performance? • What is Scalability? • Horizontal/Vertical Scalability • Summary 5 Performance
  • 6. • There are several definitions for performance In here, the throughput definition used 6 What is Performance? “Premature optimization is the root of all evil.” - Donald Knuth “Throughput is the rate of production or the rate at which something is processed.” - Wikipedia on Throughput
  • 7. • Any system is a network of queues 7 What is Performance?
  • 8. 8 What is Scalability? “Scalability is the property of a system to handle a growing amount of work by adding resources to the system.” - Wikipedia on Scalability
  • 9. 9 Horizontal/Vertical Scalability “Horizontal scaling means that you scale by adding more machines into your pool of resources whereas Vertical scaling means that you scale by adding more power (CPU, RAM) to an existing machine.” - Stack Overflow answer on Scalability
  • 10. • In general, they have the same performance • Nginx Unit is still in beta stage as in November 2019 • But it is very promising (multiple programming languages, DPDK, …) • Jetty, Undertow and Tomcat have some minor performance differences, but configuration can mitigate it 10 Performance Summary Tomcat Undertow Jetty Nginx Unit Keep Tomcat if already using it Always configure NIO.2 Use Undertow/WildFly (JBoss) if your webapp requires full JEE support Use Jetty when hardware resources are limited Not enough data to recommend
  • 11. • What is software maintainability? • Used metrics • Documentation • Lines of code • Test coverage • Summary 11 Maintainability
  • 12. “The ease with which a software system or component can be modified to correct faults, improve performance or other attributes, or adapt to a changed environment.” - IEEE Glossary of Software Eng. 12 What is Software Maintainability? “The maintainability of software depends on a few different factors. In general, it must be easy to understand the software (how it works, what it does, and why it does it the way it does), easy to find what needs to be change, easy to make changes and easy to check that the changes have not introduced any bugs.” - UK Software Sustainability Institute
  • 13. • All projects are well documented • Tomcat is the winner here once it is the most popular web application server with many years of documented troubleshooting including Undertow/Wildfly 13 Documentation
  • 14. • Lines of code is a classic maintainability metric 14 Lines of Code Total Lines of Code Tomcat (9.0.27) Undertow (Wildfly 18.0.0) Jetty (9.4.22) Nginx Unit (master branch 20191023) 430.507 820.318 (contains JEE apis too) 565.122 94.925 “All code is technical debt; Some code just has a higher interest rate.” - Paul McMahon
  • 15. • Tomcat and Nginx Unit does not follow the maven project structure • Undertow and Jetty are maven projects with a cleaner structure and code base • Test Coverage could not be checked because each web application server has a different approach on test • Tomcat has many tests against regressions • Nginx Unit has many tests against java specifications (the JSR-XXX) • Undertow and Jetty use standard maven for most of the components that are covered but not all (as in 2019-10-23) 15 Test Coverage
  • 16. 16 Maintainability Summary • Tomcat has more documentation on troubleshooting • Undertow, Jetty and Nginx Unit have a much cleaner code case with more coverage
  • 17. • OWASP has several general and specific recommendations • Common Vulnerabilities and Exposures (CVE) are considered here 17 Security
  • 18. Tomcat Vulnerabilities 18 Click to editYear # of Vulnerabiliti es DoS Code Execution Overflow XSS Directory Traversal Http Response Splitting Bypass something Gain Information Gain Privileges CSRF 2016 12 2 1 2 5 1 3 1 2017 22 1 3 1 1 1 5 7 2 2018 8 1 1 2019 4 1 1 % Of All 16.4 4.1 3.5 13.5 7.0 0.0 20.5 18.7 4.1 2.3 Source: https://www.cvedetails.com/product/887/Apache-Tomcat.html
  • 19. WildFly Vulnerabilities 19 Click to editYear # of Vulnerabiliti es DoS Code Execution Overflow XSS Directory Traversal Http Response Splitting Bypass something Gain Information Gain Privileges CSRF 2016 2 1 1 2017 1 1 2018 2 1 1 2019 (N/A) % Of All 22.2 0.0 11.1 0.0 11.1 11.1 0.0 22.2 0.0 11.1 Source: https://www.cvedetails.com/product/27107/Redhat-Jboss-Wildfly-Application-Server.html
  • 20. Jetty Vulnerabilities 20 Click to editYear # of Vulnerabiliti es DoS Code Execution Overflow XSS Directory Traversal Http Response Splitting Bypass something Gain Information Gain Privileges CSRF 2016 1 1 2017 2 1 1 2018 5 1 2 1 2019 4 1 1 2 % Of All 8.3 0.0 8.3 8.3 0.0 0.0 25.0 41.7 0.0 0.0 Source: https://www.cvedetails.com/product/34824/Eclipse-Jetty.html
  • 21. 21 Security Summary • There are no CVE data regarding Nginx Unit (as in November 2019) • Once it’s written in C, we can infer it may have a greater number of vulnerabilities than a pure java-based web application server • Tomcat is clearly more vulnerable than the others • Jetty comes next • Undertow/Wildfly is the least vulnerable but there is not data for 2019
  • 22. • Servlet Filter • Application/Container wide Filter • Tomcat Valve • Undertow HttpHandler • Jetty Handler • Nginx Unit Routes 22 Extensibility
  • 23. 23 Servlet Filter What is a filter? “A filter is a reusable piece of code that can transform the content of HTTP requests, responses, and header information. Filters do not generally create a response or respond to a request as servlets do, rather they modify or adapt the requests for a resource, modify or adapt responses from a resource.” - Java Servlet 4.0 specification
  • 24. 24 Tomcat Valve What is a Tomcat Valve? “A Valve element represents a component that will be inserted into the request processing pipeline for the associated Catalina container (Engine, Host, or Context). Individual Valves have distinct processing capabilities (…)” - Tomcat documentation
  • 25. 25 Undertow HttpHandler Undertow HttpHandler Behaviour “Handlers are generally chained together by explicitly specifying the next handler at construction time, there is no pipeline concept, which means that a handler can pick the next handler to invoke based on the current request.” - Undertow documentation
  • 26. 26 Jetty Handler Jetty Handler Behaviour “The Handler is the Jetty component that deals with HTTP requests and responses.” - Jetty documentation
  • 27. Nginx Unit Routes Behaviour “Nginx Unit configuration offers a routes object to enable elaborate internal routing between listeners and apps. Listeners pass requests to routes or directly to apps. Requests are matched against route step conditions; a request matching all conditions of a step is passed to the app or the route that the step specifies.” - Nginx Unit documentation 27 Nginx Unit Routes
  • 28. 28 Extensibility Summary • Nginx Unit is a clear winner once the route configuration forces the web application decoupling • Tomcat, Undertow, Jetty are equivalent on extensibility but their architecture are very different
  • 29. 29 Summary Tomcat Undertow Jetty Nginx Unit Features Tomcat, Undertow and Jetty are equivalent Use Undertow if JEE support is required Still in development Performance Keep Tomcat if you already have it Undertow has an equivalent performance with Tomcat Use Jetty for resource constrained environments such as cloud Not enough data to recommend Maintainability Tomcat wins on documentation and troubleshooting Undertow, Jetty and Unit are pretty much equivalent on maintainability with a much cleaner code base Security Tomcat has more vulnerabilities than the others Undertow is the least vulnerable but there is no data for 2019 Jetty is the second most vulnerable No CVEs for Unit Extensibility Tomcat, Undertow and Jetty are equivalent Unit has a better approach by proposing decouple web applications to talk to each other with routes
  • 30. • JSR 152: JavaServer Pages Specification • JSR 203: Java NIO/NIO.2 • JSR 341: Expression Language • JSR 356: Java API for WebSocket • JSR 369: Java Servlet Specification • JSR 372: JavaServer Faces Specification • JEP 110: HTTP/2 Client 30 References
  • 31. • Apache Tomcat • Undertow • Jetty • Nginx Unit • Tomcat vs. Jetty vs. Undertow: Comparison of Spring Boot Embedded Servlet Containers • Top Java Application Servers: Tomcat vs. Jetty vs. GlassFish vs. WildFly • JBoss vs. Tomcat: Choosing A Java Application Server • Tomcat vs Jetty vs Wildfly runtime comparision 31 References
  • 32. • Low level programming Igor Zhirkov Apress • Systems Performance – enterprise and the cloud Brendan Gregg Prentice Hall • Performance modeling and design of computer systems Mor Harchol-Balter Cambridge University Press • Operating System Concepts Silberschatz, Gagne, Galvin John Wiley & Sons 32 References