The Apache Tomcat Servlet/JSP Container

Apache Tomcat 7

Version 7.0.103, Mar 16 2020
Apache Logo

Links

Top Level Elements

Executors

Connectors

Containers

Nested Components

Cluster Elements

web.xml

Other

System Properties

Table of Contents
Introduction

The following sections list the system properties that may be set to modify the default Tomcat behaviour.

Property replacements
PropertyDescription
org.apache.tomcat.util.digester. PROPERTY_SOURCE

Set this to a fully qualified name of a class that implements org.apache.tomcat.util.IntrospectionUtils.PropertySource. Required to have a public constructor with no arguments.

Use this to add a property source, that will be invoked when ${parameter} denoted parameters are found in the XML files that Tomcat parses.

org.apache.tomcat.util.digester.EnvironmentPropertySource can be used to replace parameters from the process' environment variables, e.g. injected ConfigMaps or Secret objects in container based systems like OpenShift or Kubernetes.

Clustering
PropertyDescription
org.apache.catalina. tribes.dns_lookups

If true, the clustering module will attempt to use DNS to resolve any host names provided in the cluster configuration.

If not specified, the default value of false will be used.

Expression Language
PropertyDescription
org.apache.el.BeanELResolver. CACHE_SIZE

The number of javax.el.BeanELResolver.BeanProperties objects that will be cached by the EL Parser.

If not specified, the default of 1000 will be used.

org.apache.el.ExpressionBuilder. CACHE_SIZE

The number of parsed EL expressions that will be cached by the EL Parser.

If not specified, the default of 5000 will be used.

org.apache.el.parser. COERCE_TO_ZERO

If true, when coercing expressions to numbers "" and null will be coerced to zero as required by the specification.

If not specified, the default value of true will be used.

org.apache.el.parser. SKIP_IDENTIFIER_CHECK

If true, when parsing expressions, identifiers will not be checked to ensure that they conform to the Java Language Specification for Java identifiers.

If not specified, the default value of false will be used.

Jasper
PropertyDescription
org.apache.jasper.compiler. Generator.POOL_TAGS_WITH_EXTENDS

By default, JSPs that use their own base class via the extends attribute of the page directive, will have Tag pooling disabled since Jasper cannot guarantee that the necessary initialisation will have taken place. This can have a negative impact on performance. Providing the alternative base class calls _jspInit() from Servlet.init(), setting this property to true will enable pooling with an alternative base class. If the alternative base class does not call _jspInit() and this property is true, NPEs will occur when attempting to use tags.

If not specified, the default value of false will be used.

org.apache.jasper.compiler. Generator.STRICT_GET_PROPERTY

If true, the requirement to have the object referenced in jsp:getProperty action to be previously "introduced" to the JSP processor, as specified in the chapter JSP.5.3 of JSP 2.0 and later specifications, is enforced.

If not specified, the specification compliant default of true will be used.

org.apache.jasper.compiler. Generator.VAR_EXPRESSIONFACTORY

The name of the variable to use for the expression language expression factory.

If not specified, the default value of _el_expressionfactory will be used.

org.apache.jasper.compiler. Generator.VAR_INSTANCEMANAGER

The name of the variable to use for the instance manager factory.

If not specified, the default value of _jsp_instancemanager will be used.

org.apache.jasper.compiler. Parser.STRICT_QUOTE_ESCAPING

If false the requirements for escaping quotes in JSP attributes will be relaxed so that an unescaped quote will not cause an error.

If not specified, the specification compliant default of true will be used.

org.apache.jasper.compiler. Parser.STRICT_WHITESPACE

If false the requirements for whitespace before an attribute name will be relaxed so that the lack of whitespace will not cause an error.

If not specified, the specification compliant default of true will be used.

org.apache.jasper.runtime. BodyContentImpl.BUFFER_SIZE

The size (in characters) to use when creating a tag buffer.

If not specified, the default value of org.apache.jasper.Constants.DEFAULT_TAG_BUFFER_SIZE (512) will be used.

org.apache.jasper.runtime. BodyContentImpl.LIMIT_BUFFER

If true, any tag buffer that expands beyond org.apache.jasper.runtime.BodyContentImpl.BUFFER_SIZE will be destroyed and a new buffer created.

If not specified, the default value of false will be used.

org.apache.jasper.runtime. JspFactoryImpl.USE_POOL

If true, a ThreadLocal PageContext pool will be used.

If not specified, the default value of true will be used.

org.apache.jasper.runtime. JspFactoryImpl.POOL_SIZE

The size of the ThreadLocal PageContext.

If not specified, the default value of 8 will be used.

org.apache.jasper.Constants. JSP_SERVLET_BASE

The base class of the Servlets generated from the JSPs.

If not specified, the default value of org.apache.jasper.runtime.HttpJspBase will be used.

org.apache.jasper.Constants. SERVICE_METHOD_NAME

The name of the service method called by the base class.

If not specified, the default value of _jspService will be used.

org.apache.jasper.Constants. SERVLET_CLASSPATH

The name of the ServletContext attribute that provides the classpath for the JSP.

If not specified, the default value of org.apache.catalina.jsp_classpath will be used.

org.apache.jasper.Constants. JSP_FILE

The name of the request attribute for <jsp-file> element of a servlet definition. If present on a request, this overrides the value returned by request.getServletPath() to select the JSP page to be executed.

If not specified, the default value of org.apache.catalina.jsp_file will be used.

Deprecated: This will be removed in Tomcat 9.0.x onwards. It is replaced by the use of the jspFile servlet initialisation parameter

org.apache.jasper.Constants. PRECOMPILE

The name of the query parameter that causes the JSP engine to just pregenerate the servlet but not invoke it.

If not specified, the default value of jsp_precompile will be used, as defined by JSP specification (JSP.11.4.2).

org.apache.jasper.Constants. JSP_PACKAGE_NAME

The default package name for compiled jsp pages.

If not specified, the default value of org.apache.jsp will be used.

org.apache.jasper.Constants. TAG_FILE_PACKAGE_NAME

The default package name for tag handlers generated from tag files.

If not specified, the default value of org.apache.jsp.tag will be used.

org.apache.jasper.Constants. ALT_DD_ATTR

The servlet context attribute under which the alternate deployment descriptor for this web application is stored.

If not specified, the default value of org.apache.catalina.deploy.alt_dd will be used.

org.apache.jasper.Constants. TEMP_VARIABLE_NAME_PREFIX

Prefix to use for generated temporary variable names.

If not specified, the default value of _jspx_temp will be used.

org.apache.jasper.Constants. USE_INSTANCE_MANAGER_FOR_TAGS

If true, the instance manager is used to obtain tag handler instances.

If not specified, the default value of false will be used.

Security
PropertyDescription
org.apache.catalina.connector. RECYCLE_FACADES

If this is true or if a security manager is in use a new facade object will be created for each request.

If not specified, the default value of false will be used.

org.apache.catalina.connector. CoyoteAdapter.ALLOW_BACKSLASH

If this is true the '\' character will be permitted as a path delimiter.

If not specified, the default value of false will be used.

org.apache.tomcat.util.buf. UDecoder.ALLOW_ENCODED_SLASH

If this is true '%2F' and '%5C' will be permitted as path delimiters.

If not specified, the default value of false will be used.

Specification
PropertyDescription
org.apache.catalina. STRICT_SERVLET_COMPLIANCE

The default value of this system property is false.

If this is true the default values will be changed for:

  • org.apache.catalina.core.
    ApplicationContext.GET_RESOURCE_REQUIRE_SLASH
  • org.apache.catalina.core.
    ApplicationDispatcher.WRAP_SAME_OBJECT
  • org.apache.catalina.core.
    StandardHostValve.ACCESS_SESSION
  • org.apache.catalina.session.
    StandardSession.ACTIVITY_CHECK
  • org.apache.catalina.session.
    StandardSession.LAST_ACCESS_AT_START
  • org.apache.tomcat.util.http.
    ServerCookie.ALWAYS_ADD_EXPIRES
  • org.apache.tomcat.util.http.
    ServerCookie.FWD_SLASH_IS_SEPARATOR
  • org.apache.tomcat.util.http.
    ServerCookie.PRESERVE_COOKIE_HEADER
  • org.apache.tomcat.util.http.
    ServerCookie.STRICT_NAMING
  • The resourceOnlyServlets attribute of any Context element.
  • The tldValidation attribute of any Context element.
  • The useRelativeRedirects attribute of any Context element.
  • The xmlNamespaceAware attribute of any Context element.
  • The xmlValidation attribute of any Context element.

Note that changing a number of the above defaults is likely to break the majority of systems as some browsers are unable to correctly handle the cookie headers that result from a strict adherence to the specifications. Defaults, regardless of whether or not they have been changed by setting org.apache.catalina.STRICT_SERVLET_COMPLIANCE can always be overridden by explicitly setting the appropriate system property or element attribute.

org.apache.catalina.connector. Response.ENFORCE_ENCODING_IN_GET_WRITER

If this is true then a call to Response.getWriter() if no character encoding has been specified will result in subsequent calls to Response.getCharacterEncoding() returning ISO-8859-1 and the Content-Type response header will include a charset=ISO-8859-1 component. (SRV.15.2.22.1)

If not specified, the default specification compliant value of true will be used.

org.apache.catalina.core.ApplicationContext .GET_RESOURCE_REQUIRE_SLASH

If this is true then the path passed to ServletContext.getResource() or ServletContext.getResourceAsStream() must start with "/". If false, code like getResource("myfolder/myresource.txt") will work.

If org.apache.catalina.STRICT_SERVLET_COMPLIANCE is set to true, the default of this setting will be true, else the default value will be false.

org.apache.catalina.core. ApplicationDispatcher.WRAP_SAME_OBJECT

If this is true then any wrapped request or response object passed to an application dispatcher will be checked to ensure that it has wrapped the original request or response.

If org.apache.catalina.STRICT_SERVLET_COMPLIANCE is set to true, the default of this setting will be true, else the default value will be false.

org.apache.tomcat.util.http. ServerCookie.ALLOW_EQUALS_IN_VALUE

If this is true Tomcat will allow '=' characters when parsing unquoted cookie values. If false, cookie values containing '=' will be terminated when the '=' is encountered and the remainder of the cookie value will be dropped.

If not specified, the default value specification compliant value of false will be used.

org.apache.tomcat.util.http. ServerCookie.ALLOW_HTTP_SEPARATORS_IN_V0

If this is true Tomcat will allow HTTP separators in cookie names and values.

If not specified, the default specification compliant value of false will be used.

org.apache.tomcat.util.http. ServerCookie.ALLOW_NAME_ONLY

If this is false then the requirements of the cookie specifications that cookies must have values will be enforced and cookies consisting only of a name but no value will be ignored.

If not specified, the default specification compliant value of false will be used.

org.apache.tomcat.util.http. ServerCookie.ALWAYS_ADD_EXPIRES

If this is true Tomcat will always add an expires parameter to a SetCookie header even for cookies with version greater than zero. This is to work around a known IE6 and IE7 bug that causes IE to ignore the Max-Age parameter in a SetCookie header.

If org.apache.catalina.STRICT_SERVLET_COMPLIANCE is set to true, the default of this setting will be false, else the default value will be true.

org.apache.tomcat.util.http. ServerCookie.FWD_SLASH_IS_SEPARATOR

If this is true then the / (forward slash) character will be treated as a separator. Note that this character is frequently used in cookie path attributes and some browsers will fail to process a cookie if the path attribute is quoted as is required by a strict adherence to the specifications. This is highly likely to break session tracking using cookies.

If org.apache.catalina.STRICT_SERVLET_COMPLIANCE is set to true, the default of this setting will be true, else the default value will be false.

org.apache.tomcat.util.http. ServerCookie.PRESERVE_COOKIE_HEADER

If this is true Tomcat will ensure that cookie processing does not modify cookie header returned by HttpServletRequest.getHeader().

If org.apache.catalina.STRICT_SERVLET_COMPLIANCE is set to true, the default of this setting will be true, else the default value will be false.

org.apache.tomcat.util.http. ServerCookie.STRICT_NAMING

If this is true then the requirements of the Servlet specification that Cookie names must adhere to RFC2109 (no use of separators) will be enforced.

If org.apache.catalina.STRICT_SERVLET_COMPLIANCE is set to true, the default of this setting will be true, else the default value will be false.

Sessions
PropertyDescription
org.apache.catalina.authenticator. Constants.SSO_SESSION_COOKIE_NAME

An alternative name for the single sign on session cookie. Defaults to JSESSIONIDSSO.

org.apache.catalina.core. StandardHostValve.ACCESS_SESSION

If this is true, every request that is associated with a session will cause the session's last accessed time to be updated regardless of whether or not the request explicitly accesses the session.

If org.apache.catalina.STRICT_SERVLET_COMPLIANCE is set to true, the default of this setting will be true, else the default value will be false.

org.apache.catalina.session. StandardSession.ACTIVITY_CHECK

If this is true, Tomcat will track the number of active requests for each session. When determining if a session is valid, any session with at least one active request will always be considered valid.

If org.apache.catalina.STRICT_SERVLET_COMPLIANCE is set to true, the default of this setting will be true, else the default value will be false.

org.apache.catalina.session. StandardSession.LAST_ACCESS_AT_START

If this is true, the last accessed time for sessions will be calculated from the beginning of the previous request. If false, the last accessed time for sessions will be calculated from the end of the previous request. This also affects how the idle time is calculated.

If org.apache.catalina.STRICT_SERVLET_COMPLIANCE is set to true, the default of this setting will be true, else the default value will be false.

Logging
PropertyDescription
org.apache.juli.formatter

If no logging configuration file is specified and no logging configuration class is specified using the java.util.logging.config.class and java.util.logging.config.file properties the default logging framework org.apache.juli will use the default java.util.logging.SimpleFormatter for all console output. To simply override the console output formatter, one can use the described property. Example: -Dorg.apache.juli.formatter=org.apache.juli.OneLineFormatter

org.apache.juli. AsyncOverflowDropType

When the memory limit of records has been reached the system needs to determine what action to take. Currently there are three actions that can be taken:

  • int OVERFLOW_DROP_LAST = 1 - the record that caused the overflow will be dropped and not logged
  • int OVERFLOW_DROP_FIRST = 2 - the record that is next in line to be logged will be dropped to make room for the latest record on the queue
  • int OVERFLOW_DROP_FLUSH = 3 - suspend the thread while the queue empties out and flushes the entries to the write buffer
  • int OVERFLOW_DROP_CURRENT = 4 - drop the current log entry

The default value is 1 (OVERFLOW_DROP_LAST).

org.apache.juli. AsyncMaxRecordCount

The max number of log records that the async logger will keep in memory. When this limit is reached and a new record is being logged by the JULI framework the system will take an action based on the org.apache.juli.AsyncOverflowDropType setting.

The default value is 10000 records. This number represents the global number of records, not on a per handler basis.

org.apache.juli. AsyncLoggerPollInterval

The poll interval in milliseconds for the asynchronous logger thread in milliseconds. If the log queue is empty, the async thread will issue a poll(poll interval) in order to not wake up too often.

The default value is 1000 milliseconds.

org.apache.juli.logging. UserDataHelper.CONFIG

The type of logging to use for errors generated by invalid input data. The options are: DEBUG_ALL, INFO_THEN_DEBUG, INFO_ALL and NONE. When INFO_THEN_DEBUG is used, the period for which errors are logged at DEBUG rather than INFO is controlled by the system property org.apache.juli.logging.UserDataHelper.SUPPRESSION_TIME.

The default value is INFO_THEN_DEBUG.

The errors currently logged using this system are:

  • invalid cookies;
  • invalid parameters;
  • too many headers, too many parameters (hitting maxHeaderCount or maxParameterCount limits of a connector).
  • invalid host names

Other errors triggered by invalid input data may be added to this system in later versions.

org.apache.juli.logging. UserDataHelper.SUPPRESSION_TIME

When using INFO_THEN_DEBUG for org.apache.juli.logging.UserDataHelper.CONFIG this system property controls how long messages are logged at DEBUG after a message has been logged at INFO. Once this period has elapsed, the next message will be logged at INFO followed by a new suppression period where messages are logged at DEBUG and so on. The value is measured in seconds.

A value of 0 is equivalent to using INFO_ALL for org.apache.juli.logging.UserDataHelper.CONFIG.

A negative value means an infinite suppression period.

The default value is 86400 (24 hours).

JAR Scanning
PropertyDescription
tomcat.util.scan. DefaultJarScanner.jarsToSkip

The comma-separated list of file name patterns of JARs that Tomcat will not scan for configuration information when using the JarScanner functionality. The file name pattern syntax is described in JarScanner documentation. Note that there are additional system properties that enable JARs to be excluded from specific scans rather than all scans.

The coded default is that no JARs are skipped however the system property is set in a default Tomcat installation via the $CATALINA_BASE/conf/catalina.properties file.

org.apache.catalina.startup. ContextConfig.jarsToSkip

The comma-separated list of additional filenames of JARs that Tomcat will not scan for Servlet 3.0 pluggability features.

The coded default is that no JARs are skipped however the system property is set in a default Tomcat installation via the $CATALINA_BASE/conf/catalina.properties file.

org.apache.catalina.startup. TldConfig.jarsToSkip

The comma-separated list of additional filenames of JARs that Tomcat will not scan for TLDs.

The coded default is that no JARs are skipped however the system property is set in a default Tomcat installation via the $CATALINA_BASE/conf/catalina.properties file.

Websockets
PropertyDescription
org.apache.tomcat .websocket.ALLOW_UNSUPPORTED_EXTENSIONS

If true, allow unknown extensions to be declared by the user.

The default value is false.

org.apache.tomcat. websocket.DEFAULT_ORIGIN_HEADER_VALUE

Default value of the origin header that will be sent by the client during the upgrade handshake.

The default is null so that no origin header is sent.

org.apache.tomcat. websocket.DEFAULT_PROCESS_PERIOD

The number of periodic ticks between periodic processing which involves in particular session expiration checks.

The default value is 10 which corresponds to 10 seconds.

org.apache.tomcat. websocket.DISABLE_BUILTIN_EXTENSIONS

If true, disable all built-in extensions provided by the server, such as message compression.

The default value is false.

Other
PropertyDescription
org.apache.coyote. USE_CUSTOM_STATUS_MSG_IN_HEADER

If this is true, custom HTTP status messages will be used within HTTP headers. If a custom message is specified that is not valid for use in an HTTP header (as defined by RFC2616) then the custom message will be ignored and the default message used.

If not specified, the default value of false will be used.

catalina.useNaming

If this is false it will override the useNaming attribute for all Context elements.

javax.sql.DataSource.Factory

The class name of the factory to use to create resources of type javax.sql.DataSource. If not specified the default of org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory is used which is a package renamed (to avoid conflicts) copy of Apache Commons DBCP 1.x.

javax.mail.Session.Factory

The class name of the factory to use to create resources of type javax.mail.Session. If not specified the default of org.apache.naming.factory.MailSessionFactory is used.

jvmRoute

Provides a default value for the jvmRoute attribute of the Engine element. It does not override the value configured on the Engine element.

catalina.config

The URL for the catalina.properties configuration file.

tomcat.util.buf.StringCache.byte.enabled

If true, the String cache is enabled for ByteChunk.

If not specified, the default value of false will be used.

tomcat.util.buf.StringCache.char.enabled

If true, the String cache is enabled for CharChunk.

If not specified, the default value of false will be used.

tomcat.util.buf.StringCache.trainThreshold

The number of times toString() must be called before the cache is activated.

If not specified, the default value of 20000 will be used.

tomcat.util.buf.StringCache.cacheSize

The size of the String cache.

If not specified, the default value of 200 will be used.

tomcat.util.buf.StringCache.maxStringSize

The maximum length of String that will be cached.

If not specified, the default value of 128 will be used.

org.apache.tomcat.util. http.FastHttpDateFormat.CACHE_SIZE

The size of the cache to use parsed and formatted date value.

If not specified, the default value of 1000 will be used.

org.apache.tomcat.util. net.NioSelectorShared

If true, use a shared selector for servlet write/read.

If not specified, the default value of true will be used.

org.apache.catalina.startup. EXIT_ON_INIT_FAILURE

If true, the server will exit if an exception happens during the server initialization phase.

If not specified, the default value of false will be used.

org.apache.catalina.startup. RealmRuleSet.MAX_NESTED_REALM_LEVELS

The CombinedRealm allows nested Realms. This property controls the maximum permitted number of levels of nesting.

If not specified, the default value of 3 will be used.

tomcat.util.http.parser.HttpParser. requestTargetAllow

This system property is deprecated. Use the relaxedPathChars and relaxedQueryChars attributes of the Connector instead. These attributes permit a wider range of characters to be configured as valid.

A string comprised of characters the server should allow even when they are not encoded. These characters would normally result in a 400 status.

The acceptable characters for this property are: |, { , and }

WARNING: Use of this option may expose the server to CVE-2016-6816.

If not specified, the default value of null will be used.


Copyright © 1999-2020, Apache Software Foundation