NOTE: This document is the current cut at a status document
to track outstanding issues for the ongoing development of
Tomcat. Nothing in this document should be considered
authoritative until it has been discussed and initially
approved on the TOMCAT-DEV mailing list, at which point
this note will be removed.

Action Items List for Jakarta Tomcat

This document is a living list of the action items related to the current and future development of the Tomcat servlet container. As such, it focuses primarily on enhancements to existing features, as well as the addition of new features. Bugs in the implementation of existing features should be reported to http://jakarta.apache.org/bugs so that they can be tracked and fixed. The columns in this report contain the following information:

Additions to, subtractions from, and changes to the action items listed here should be discussed and approved on the TOMCAT-DEV mailing list, as described on the Decision Making page on the Jakarta Project web site. Developers can nominate themselves to work on particular action items by asking a Committer to add their name and EMAIL address to those items. The developers working on each item should discuss and agree upon the approach to be used for implementing the item's changes to the project source code and documentation, prior to completing those changes. Such discussions should take place on the TOMCAT-DEV mailing list so that everyone can stay apprised of what is going on, or chime in if they want to contribute ideas and suggestions.

At various points in time, particular action items will be selected and assigned to a particular interim release of Tomcat (based on lazy consensus on the TOMCAT-DEV mailing list). At that time, the assigned release will be recorded in this document, and the item will be listed under that release in the current RELEASE-PLAN schedule.

For convenience, the action items have been organized into general categories, which are presented in alphabetical order. The following categories of actions are currently identified:




Architecture

Priority Release Action Item Volunteers
High 3.3m1 Refactoring of existing code to improve the flexibility of Tomcat and minimize the amount of spaghetti code to help readability and maintainability. Though listed separately, some of the performance improvements come about as part of this refactoring effort. Costin Manolache
High 3.3m1 Separate the Servlet 2.2/JSP 1.1 API implementation from the Tomcat's core classes through the use of a facade. If implemented properly, bug fixing of Servlet 2.2/JSP 1.1 bugs should only affect the facade and not the core Tomcat classes. Costin Manolache
Medium 3.3m1 Implement per context interceptors. Ignacio Ortega

Administration

Priority Release Action Item Volunteers
High 3.2 Add out-of-the-box functionality to install Tomcat as a "service" under Microsoft NT. Gal Shachor
Medium 3.3m1 Separate Tomcat classes into appropriate jar files to facilitate Tomcat's use in different environments. For example, if used in an embedded environment, the jar containing the Tomcat startup classes may be left out of the classpath. Costin Manolache
High 3.3b1 Add usability enhancements. This would include making Tomcat easier to configure, providing better error messages, and adding more documentation on module options. Also, try to update /admin to provide better monitoring of the running Tomcat. Costin Manolache

Connectors

Priority Release Action Item Volunteers
High 3.3m1 Improve the performance and thread utilization of the current HTTP/1.0 connector used by Tomcat stand-alone. Costin Manolache

Containers

Priority Release Action Item Volunteers
High 3.2 Finish the implementation and testing of FORM-based authentication and access control. ---
Medium 3.2 Design and implement SSL based authentication and access control, in a manner that minimizes installation hassles and does not cause problems with US export controls. ---
Medium 3.3m1 Refactor the implementation of RequestSecurityProvider and SecurityCheck so that a Tomcat deployer can integrate with their own security realm by implementing a single class, rather than having to duplicate the code in SecurityCheck. Costin Manolache
Medium 3.3m1 Add support for pluggable session management components, with support for file-based, JDBC-based, JNDI-based, and possibly other persistence mechanisms. Costin Manolache

JSP Functionality

Priority Release Action Item Volunteers
Medium 3.3m1 Incorporate support for pluggable JSP page parsers. Costin Manolache
Medium 3.3m1 Make dependency checking a stand-alone module, and extend it to allow complex dependency checking. Make it useable from outside jsp, and add a "shortcut" for Tomcat that will allow fast invocation Costin Manolache

Performance Improvements

Priority Release Action Item Volunteers
Medium 3.3m1 Use pooling and recycling where possible. Costin Manolache
Medium 3.3m1 Use introspection to determine which methods are implemented by an interceptor so only those interceptors which implement a method are called. Costin Manolache
Medium 3.3m1 Wider use of MessageBytes to help minimize string garbage. Costin Manolache

Release Preparation

Priority Release Action Item Volunteers
High 3.3m1 Simplify running of Tomcat's internal test and Watchdog to encourage wider use of these tests. If possible, create a user document describing how a user can develop a new test to test their own web application. If user created tests are simple enough, we will get better verification that the bug fixes succeed and stay fixed. Costin Manolache
High ongoing Build a Bug List of the bugs that need to be fixed. These bugs will come from scanning the BugRat database and feedback from the field. Larry Isaacs and volunteers
High ongoing Perform testing of Tomcat. This includes testing Tomcat standalone as well as with other web servers. Verify that bugs in the Bug List are fixed on various platforms. Testing volunteers
High ongoing Commit patches and changes to CVS to fix bugs and other issues Committers
High ongoing Code review and improve code documentation. All unfinished implementation that can be identified, often marked with "XXX" in a comment, needs to be examined to determine if its completion is required by the release standard. Code review volunteers
High 3.3final Add and improve user documentation. Documentation in both binary and source distribution needs to be addressed. Documentation volunteers
High 3.3final Security holes opened to facilitate development and testing need to be closed prior to final release. Any additional security holes that are identified need to be addressed. ---

Ideas For The Future

Priority Release Action Item Volunteers
High --- Define a Tomcat-specific Service Provider Interface (SPI) that defines a stable API which application server and development tool providers can use to integrate Tomcat within their products. ---
Low --- Discuss and agree upon Tomcat distribution strategies so that users can select a minimal "reference implementation" version of Tomcat to validate their own containers against, or a full featured release with all currently included functionality. ---
High --- Improve the ease of installation of Tomcat, especially on Windows platforms by integrating it with an installation program. ---
Medium --- Define functional and user interface requirements for the interactive (servlet/JSP based) administration tool for managing running Tomcat instances. ---
Medium --- Implement interactive administration tool that fulfills the requirements described above. ---
Low --- Design an implement a tool for creating and customizing web application deployment descriptors (i.e. web.xml files) in a user friendly manner. ---
Medium --- Design, implement, and test an HTTP/1.1 connector to be used by Tomcat stand-alone. ---
Medium --- Implement a two-way communications protocol in the Apache connector, such that getRealPath() can respect Apache virtual mappings, getMimeType() can respect Apache MIME type mappings, and so on. ---
Medium --- Implement a new Apache/2.0 connector whereby Tomcat can be run "in process" instead of "out of process". ---
Medium --- Ensure that all web server connectors pass sufficient information to properly set the value returned by ServletRequest.isSecure() and to populate the SSL information attributes described in ... ---
High --- Define and implement full virtual host support, including: single-JVM configuration option, support for per-virtual-host interceptors, and so on. ---
Medium --- Design and implement DIGEST based authentication and access control. ---
Medium --- Design and implement "single sign on" support for cross application access with a single login, as described in Section 11 of the Servlet API Specification Version 2.2. ---
Medium --- Design and implement support for serving web applications directly from WAR files, and/or from a URL-based document root. Probably requires pluggable implementation of the getResource() family of calls. ---
Medium --- Improve the internationalization support provided in Tomcat by factoring remaining hard-coded English message strings into resource files, and providing translated resource files for other languages. ---
Medium --- Implement the optional web application environment support described in Section 9.9 of the Servlet API Specification Version 2.2, and Chapter 5 of the Java2 Platform Enterprise Edition Version 1.2 Specification. ---
Medium --- More generalized implementation of logging, that allows plugins for choosing log formatting styles. ---
Medium --- Design and implement better mechanisms for Tomcat to "sandbox" multiple web applications running in the same container, to avoid having them interfere with each other. ---
Low --- Implement instance pooling for servlets that implement the SingleThreadModel interface. ---
Low --- Fully support "absolute" document root paths on Windows that start with a '/' or '\' character, instead of a drive letter plus a colon. Currently, File.isAbsolute() on Windows JVMS considers such a path to be relative. ---
Medium --- Incorporate support for scripting languages other than Java, as outlined in the JSP specification. ---
Medium --- Review and optimize the performance of the servlet classes generated by the JSP page compiler. ---
High --- Add full support for WebDAV, either as servlets included in the full-featured distribution of Tomcat, or as a separate sub-project under Jakarta. ---
Medium --- Default file-serving servlet has problems dealing with directory and file names that contain spaces or other special characters. ---
Low --- Integrate the Apache JSSI project's support for embedded <servlet> tags in .jhtml pages into the full-featured distribution of Tomcat (assuming the Apache JSSI project group agrees), bringing it up to date with respect to servlet API 2.2 as required. ---
Low --- Add a default servlet that can serve CGI scripts and applications, for use in Tomcat deployments not connected to a web server, or to enable RequestDispatcher-based access to CGI scripts and applications. ---

$Id$