Discussion:
Tomcat caching of static resources?
David Smith
2008-12-10 10:46:42 UTC
Permalink
Hi all, is it possible to cache static images and .js files in Tomcat? (I'm
using version 6). When i look at the browser cache it looks like the browser
is downloading all page assets for every call, including some very large .js
files. I've come across a link which may be the same issue but the solution
didn't resolve the problem (especially if deploying via war files) and i
cant believe there isn't a standard Tomcat configuration for this?
http://www.symphonious.net/2007/06/19/caching-in-tomcat/



Thanks in advance.



Dave
Caldarale, Charles R
2008-12-10 15:37:20 UTC
Permalink
Subject: Tomcat caching of static resources?
is it possible to cache static images and .js files in Tomcat?
Think about what you just asked for: how would caching static resources in the server avoid them being downloaded by the browser? It's the browser that must cache the information to avoid the redundant downloads.
When i look at the browser cache it looks like the browser
is downloading all page assets for every call, including some
very large .js files.
As stated in one of the (correct) responses to the article you referenced:

"So the first thing is to get control of the cache headers. Without them, the cache can not know what to do."

What are you doing to control the headers? What headers are being used for the large .js files?
but the solution didn't resolve the problem (especially if
deploying via war files)
The original author of the article is clearly unfamiliar with Tomcat, caching, and security (e.g., not knowing where a context.xml file goes, and erroneously stating it doesn't work with a .war file).
i cant believe there isn't a standard Tomcat configuration for this?
For what? Caching static resources on the server end doesn't alter the amount of network traffic generated.

- Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Bill Barker
2008-12-11 03:15:57 UTC
Permalink
Post by Caldarale, Charles R
Subject: Tomcat caching of static resources?
is it possible to cache static images and .js files in Tomcat?
Think about what you just asked for: how would caching static resources in
the server avoid them being downloaded by >the browser? It's the browser
that must cache the information to avoid the redundant downloads.
There are settings in Tomcat that control server-side caching of static
resources (i.e. Tomcat serves up an in-memory copy of frequently requested
static resources). I really can't recommend this for "large .js files" on a
production server however. If you must do this, check out the Tomcat docs
for configuring a <Resources .../> element. However, the OP is probably
better off enabling the sendfile options on either the NIO or APR Connector.
Post by Caldarale, Charles R
When i look at the browser cache it looks like the browser
is downloading all page assets for every call, including some
very large .js files.
"So the first thing is to get control of the cache headers. Without them,
the cache can not know what to do."
What are you doing to control the headers? What headers are being used for
the large .js files?
The article is referring to the fact that Tomcat adds cache headers by
default to any page protected by a <security-constraint> to prevent someone
else from stealing it from an intermediate proxy. The default settings are
extremely aggressive, resulting in regular posts on this list of the form
"My secured pdf file can't be displayed in IE". If the article applies to
the OP, it may just be easier to move the .js files to a non-secured
location. If you take the advice in the article, then you are telling
Tomcat that the webapp programmer is taking full control of the cache
headers, so you are on your own in terms of security.
Post by Caldarale, Charles R
but the solution didn't resolve the problem (especially if
deploying via war files)
The original author of the article is clearly unfamiliar with Tomcat,
caching, and security (e.g., not knowing where a >context.xml file goes,
and erroneously stating it doesn't work with a .war file).
i cant believe there isn't a standard Tomcat configuration for this?
For what? Caching static resources on the server end doesn't alter the
amount of network traffic generated.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is >thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e->mail
and its attachments from all computers.
André Warnier
2008-12-11 09:48:44 UTC
Permalink
As a heretic post in this forum, which usually tends to recommend the
opposite :
what about putting an Apache with mod_cache in front of your Tomcat
server ? Carefully set up, that would do what you want.
Javabeat
2008-12-11 12:02:55 UTC
Permalink
The problem however is that i'm using a remote shared host. Whilst this gives
me quite a lot of configuration potential i doubt it would allow me to setup
Apache and adaptors etc. In a 'real production environment' this would very
much be a preferred choice.
Post by André Warnier
As a heretic post in this forum, which usually tends to recommend the
what about putting an Apache with mod_cache in front of your Tomcat
server ? Carefully set up, that would do what you want.
---------------------------------------------------------------------
--
View this message in context: http://www.nabble.com/Tomcat-caching-of-static-resources--tp20932874p20954139.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
Gregor Schneider
2008-12-11 11:57:48 UTC
Permalink
Bill,
Post by Bill Barker
The article is referring to the fact that Tomcat adds cache headers by
default to any page protected by a <security-constraint> to prevent someone
else from stealing it from an intermediate proxy. The default settings are
extremely aggressive, resulting in regular posts on this list of the form
"My secured pdf file can't be displayed in IE".
If you read on in those articles, you'll find that this is not a
problem due to headers send by Tomcat but due to a bug with the
SSL-implementation in IE

http://support.microsoft.com/?scid=kb%3Ben-us%3B323308&x=11&y=11

There are some workarounds for this problem (if you don't want users
to patch their registry), which require a modification of the headers
being sent, however, I believe you're mixing up the cause of this
problem (= bug in IE) with a possible workaround (header-modification
by Tomcat).

Cheers

Gregor
--
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
Javabeat
2008-12-11 12:05:57 UTC
Permalink
same applies on Firefox though, there may well be issues in IE as always but
i'm not convinced this is the core problem here.
Post by Gregor Schneider
Bill,
Post by Bill Barker
The article is referring to the fact that Tomcat adds cache headers by
default to any page protected by a <security-constraint> to prevent someone
else from stealing it from an intermediate proxy. The default settings are
extremely aggressive, resulting in regular posts on this list of the form
"My secured pdf file can't be displayed in IE".
If you read on in those articles, you'll find that this is not a
problem due to headers send by Tomcat but due to a bug with the
SSL-implementation in IE
http://support.microsoft.com/?scid=kb%3Ben-us%3B323308&x=11&y=11
There are some workarounds for this problem (if you don't want users
to patch their registry), which require a modification of the headers
being sent, however, I believe you're mixing up the cause of this
problem (= bug in IE) with a possible workaround (header-modification
by Tomcat).
Cheers
Gregor
--
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
---------------------------------------------------------------------
--
View this message in context: http://www.nabble.com/Tomcat-caching-of-static-resources--tp20932874p20954165.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
André Warnier
2008-12-11 12:51:44 UTC
Permalink
Sorry, I don't remember of your pages are protected or not (even the
static ones I mean).

But anyway, you might want to have a look at this :
http://www.tuckey.org/urlrewrite/

Manual for 3.2, and scroll down to the <set> response-header bit.

It's a servlet filter with a lot of capabilities. The initial idea is a
Tomcat equivalement of the Apache http mod_rewrite module.
In this case you don't want (I think) to rewrite the request URL, just
to conditionally add a response header, but it seems it can do that too.
Gregor Schneider
2008-12-11 16:33:47 UTC
Permalink
Post by Javabeat
same applies on Firefox though, there may well be issues in IE as always but
i'm not convinced this is the core problem here.
I strongly disagree.

We do have a setup here having Apache HTTPD 2.2 fronting Tomcat 5.5,
and the probelm is the same with Apache HTTPD only.

However, Firefox (2 & 3) are serving pdfs under SSL perfectly whereas
IE 5 and 6 are facing problems ("could not download file...").

The solution for Apache i.e. is

SetEnvIf Request_URI "\.pdf$" pdf=true
Header set Connection: close env=pdf

In Tomcat this could be achieved using a Servlet-Filter.

But we're getting off-topic here...

Cheers

Gregor
--
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
Javabeat
2008-12-11 11:59:12 UTC
Permalink
I agree that i dont think the 'in memory' Tomcat solutions is what i'm
currently after, its very much a Tomcat 'heading stamp' issue i think.
Interesting point you raise though regarding pushing the statics to an
external server. Not ideal from a deployment perspective but that would
certainly solve it :). Interesting points you raise too regarding the
reasoning behind the 'default expiry' date, makes a lot of sense but just a
little frustrating for simple static page assets.
Post by Bill Barker
Post by Caldarale, Charles R
Subject: Tomcat caching of static resources?
is it possible to cache static images and .js files in Tomcat?
Think about what you just asked for: how would caching static resources in
the server avoid them being downloaded by >the browser? It's the browser
that must cache the information to avoid the redundant downloads.
There are settings in Tomcat that control server-side caching of static
resources (i.e. Tomcat serves up an in-memory copy of frequently requested
static resources). I really can't recommend this for "large .js files" on a
production server however. If you must do this, check out the Tomcat docs
for configuring a <Resources .../> element. However, the OP is probably
better off enabling the sendfile options on either the NIO or APR Connector.
Post by Caldarale, Charles R
When i look at the browser cache it looks like the browser
is downloading all page assets for every call, including some
very large .js files.
"So the first thing is to get control of the cache headers. Without them,
the cache can not know what to do."
What are you doing to control the headers? What headers are being used for
the large .js files?
The article is referring to the fact that Tomcat adds cache headers by
default to any page protected by a <security-constraint> to prevent someone
else from stealing it from an intermediate proxy. The default settings are
extremely aggressive, resulting in regular posts on this list of the form
"My secured pdf file can't be displayed in IE". If the article applies to
the OP, it may just be easier to move the .js files to a non-secured
location. If you take the advice in the article, then you are telling
Tomcat that the webapp programmer is taking full control of the cache
headers, so you are on your own in terms of security.
Post by Caldarale, Charles R
but the solution didn't resolve the problem (especially if
deploying via war files)
The original author of the article is clearly unfamiliar with Tomcat,
caching, and security (e.g., not knowing where a >context.xml file goes,
and erroneously stating it doesn't work with a .war file).
i cant believe there isn't a standard Tomcat configuration for this?
For what? Caching static resources on the server end doesn't alter the
amount of network traffic generated.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is >thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e->mail
and its attachments from all computers.
---------------------------------------------------------------------
--
View this message in context: http://www.nabble.com/Tomcat-caching-of-static-resources--tp20932874p20954097.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
Javabeat
2008-12-11 11:40:52 UTC
Permalink
Thanks Chuck for that. Perhaps my use of words was a little misleading. I
guess what i was trying to say was that the response returned by Tomcat i.e
expiry date etc was not conductive to caching for clients. In terms of
headers, i dont want to cache 'pages as the data is very transient. What i
did want however was for Tomcat to serve the static resources with a header
that doesn't expire in 1970. The line 'can Tomcat cache resources' was i
guess trying to establish if Tomcat could treat them in a similar way to
Resin, in that you can specify in the web.xml elements to provide the kind
of solution i'm looking for but yes, ultimately it affects what header
information is 'stamped' on the response.
Post by Caldarale, Charles R
Post by Caldarale, Charles R
What are you doing to control the headers? What headers are being used
for the large .js files?
Nothing, this is perhaps my problem, i (or at least think) know how to
specify headers on a page level but when it comes to specifying on static
resources i'm not sure how this all fits in?
Post by Caldarale, Charles R
Post by Caldarale, Charles R
i cant believe there isn't a standard Tomcat configuration for this?
For what? Caching static resources on the server end doesn't alter the
amount of network traffic >>generated.

Sorry, 'cant believe' is perhaps a little strong, born from end of day
frustrations :) I'll rephrase....'it would be nice :), if i could specify
header expiry on a static asset similar to the way Resin does. Now, maybe
this comment still doesn't make sense so i'll step back a little. I have a
dynamic website, that uses a lot of javascript js files which seem to be
downloaded for every page call, i'd like this to stop :D.

Thanks again for your response, its certainly helping me focus the problem
:)
Post by Caldarale, Charles R
Post by Caldarale, Charles R
Subject: Tomcat caching of static resources?
is it possible to cache static images and .js files in Tomcat?
Think about what you just asked for: how would caching static resources in
the server avoid them being downloaded by the browser? It's the browser
that must cache the information to avoid the redundant downloads.
Post by Caldarale, Charles R
When i look at the browser cache it looks like the browser
is downloading all page assets for every call, including some
very large .js files.
"So the first thing is to get control of the cache headers. Without them,
the cache can not know what to do."
What are you doing to control the headers? What headers are being used
for the large .js files?
Post by Caldarale, Charles R
but the solution didn't resolve the problem (especially if
deploying via war files)
The original author of the article is clearly unfamiliar with Tomcat,
caching, and security (e.g., not knowing where a context.xml file goes,
and erroneously stating it doesn't work with a .war file).
Post by Caldarale, Charles R
i cant believe there isn't a standard Tomcat configuration for this?
For what? Caching static resources on the server end doesn't alter the
amount of network traffic generated.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
--
View this message in context: http://www.nabble.com/Tomcat-caching-of-static-resources--tp20932874p20953909.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
Continue reading on narkive:
Loading...