异步处理

在servlet中service方法中

        // 获得异步操作的上下文环境
        AsyncContext asyncContext = req.startAsync();
        // 设置异步操作超时时间
        asyncContext.setTimeout(5000);
        // new HeavyWorkHandler(asyncContext).handle();
        // 添加异步监听器
        asyncContext.addListener(new AsyncListener() {
            
            @Override
            public void onTimeout(AsyncEvent arg0) throws IOException {         
            }
            
            @Override
            public void onStartAsync(AsyncEvent arg0) throws IOException {          
            }
            
            @Override
            public void onError(AsyncEvent arg0) throws IOException {       
            }
            
            @Override
            public void onComplete(AsyncEvent arg0) throws IOException {    
            }
        });

        // 启动异步上下文进行异步操作
        asyncContext.start(() -> {
            ServletRequest request = asyncContext.getRequest();
            ServletResponse response = asyncContext.getResponse();
            // 执行耗时间的操作
            // 耗时间操作完成之后要么结束异步上下文
            asyncContext.complete();
            // 要么将请求派发到某个页面上
            asyncContext.dispatch("page.jsp");
        });

好处:
将耗时间的操作放在异步上下文中执行主要的好处是：
不影响Tomcat单位时间接入的用户请求的数量。如果没有异步环境Tomcat默认的200个线程用完了之后，其他的请求就必须排队等待Tomcat接入，这样的话越靠后的请求等待时间越长，甚至有可能半分钟时间都无法正常接入

创建一个类来处理异步操作

public class HeavyWorkHandler {
    private AsyncContext context;
    
    public HeavyWorkHandler (AsyncContext context) {
        this.context = context;
    }
    
    public void handle() {
        ServletRequest request = context.getRequest();
        ServletResponse response = context.getResponse();
        
        context.start(new Runnable() {
            
            @Override
            public void run() {
                
            }
        });
    }
}

安全性

在tomcat-user.xml配置

    <role rolename="authorizedUser" />
    <role rolename="admin" />
    <role rolename="manager" />
    <role rolename="emp" />
    <user username="jack" password="123456" roles="admin,manager" />

在web.xml配置

  <!-- 配置安全性约束 -->
  <security-constraint>
    <!-- 指定需要安全约束的资源 -->
    <web-resource-collection>
        <web-resource-name>protected</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>manager</role-name>
    </auth-constraint>
  </security-constraint>
  
  <login-config>
    <auth-method>DIGEST</auth-method>
    <realm-name>protected</realm-name>
  </login-config>

AA

AA - Authentication / Authorization

• What you konw?
• What you have?
• Whom you are?

客户端证书验证

SSL
创建密钥 keytool -genkey -alias tomcat -keyalg RSA
keytool - certreq -alias tomcat -file tomcat.csr
keytool -importcert -alias tomcat -file tomcat.cer