A quick setup for tomcat 7 on CentOS 6. Also, added the SSL configuration with self-signed certificates to run tomcat 7 on HTTPS secured SSL layer

Setup tomcat

1.) Pre-requisite:

Since Java is a major requirement

$ yum install java-1.7.0-openjdk-devel.x86_64

Add the JAVA_HOME environment variable to ~/.bashrc file 
  #Env variables for java
  export JAVA_HOME=/usr/lib/jvm/jre-1.7.0-openjdk.x86_64
  export CATALINA_HOME=/opt/tomcat7
  export PATH=$PATH:$JAVA_HOME/bin

Open the ports that will be used by tomcat for service

Flush the tables before config
$ iptables -F
$ iptables -t nat -F

Now setup INPUT ports
$ iptables -I INPUT -p tcp --dport 8443 -j ACCEPT
$ iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
$ service iptables save
$ service iptables restart

In case we want to route the access from port 80 to tomcats 8080

$ iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
$ iptables -t nat -I OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080

2.) Download and setup tomcat 7

$ wget http://mirrors.gigenet.com/apache/tomcat/tomcat-7/v7.0.62/bin/apache-tomcat-7.0.62.tar.gz
$ tar -xvzf apache-tomcat-7.0.62.tar.gz
$ mv apache-tomcat-7.0.62 tomcat7
$ mv tomcat7/ /opt/

3.) Create a tomcat specific user and user group. Since the tomcat would be running from a script it should not be root user.

$ groupadd tomcat
$ useradd -g 99 -s /sbin/nologin -d /opt/tomcat7 tomcat
$ passwd tomcat
Adjust Ownership For New Users And Groups. Give the new user access to the tomcat directories. 
$ chown -R tomcat:tomcat /opt/tomcat7
$ chmod 775 /opt/tomcat7/webapps
$ chmod +x /opt/tomcat7/bin/*.sh

4.) Create a startup service script

$ vim /etc/init.d/tomcat
Add the following content to this script
#!/bin/bash
# description: Tomcat Start Stop Restart
# processname: tomcat
# chkconfig: 234 20 80
PATH=$JAVA_HOME/bin:$PATH
export PATH
CATALINA_HOME=/opt/tomcat7
export CATALINA_HOME

case $1 in
start)
   cd $CATALINA_HOME/bin
   /bin/su -s /bin/bash tomcat ./startup.sh
   ;;
stop)
   cd $CATALINA_HOME/bin/
   /bin/su -s /bin/bash tomcat ./shutdown.sh
   ;;
restart)
   cd $CATALINA_HOME/bin/
   /bin/su -s /bin/bash tomcat ./shutdown.sh
   cd $CATALINA_HOME/bin/
   /bin/su -s /bin/bash tomcat ./startup.sh
   ;;
esac
exit 0

5.) Add the tomcat script as a service

$ chmod 755 /etc/init.d/tomcat
$ chkconfig --add tomcat
$ chkconfig --level 234 tomcat on
$ chkconfig --list tomcat

6.) Start/Stop the tomcat service

 $ service tomcat start
 $ service tomcat stop

SSL security with self-signed certificates on tomcat

In order to setup this tomcat on SSL Use the following configuration steps,

1.) Generate a keystore file for this server

This will be used as a self-signed certificate for secured connectivity. 
Default path: /home/%user.home%/.keystore
keytool -genkeypair -dname "CN=127.0.0.1, OU=Rahul, O=Luhar, L=Vishwakarma, ST=Karnataka, C=IN" -alias mysslsecuredserver -keyalg RSA -ext san=ip:127.0.0.1

2.) Add the relevant configuration to the tomcats https connector in conf/server.xml

 maxThreads="150" scheme="https" secure="true"
 clientAuth="false" sslProtocol="TLS" keystoreFile="${user.home}/.keystore" keystorePass="mypassman"/>

3.) Add the server IP to the truststore in order to allow for this self signed certificate

Use the InstallCert.java to add the IP to the trusted store
https://github.com/vishwakarmarhl/javahelper/blob/master/InstallCert.java
Compile InstallCert.java. Run the following two commands to generate jssecacerts binary. 127.0.0.1 is the web servers IP.
$ java InstallCert 127.0.0.1:8443
Copy the generated jssecacerts in this path to %JAVA_HOME%\jre\lib\security

You can also export and import the generated certificate from the keystore with the password and share it with other systems on the network that negotiates with this server.

$ keytool -export -alias mysslsecuredserver -file mysslsecuredserver.cer
  $ keytool -import -trustcacerts -alias mysslsecuredserver -file mysslsecuredserver.cer

Verify the tomcat running and secured via HTTPS.

For a proper SSL shared from a hosting provider. Look at the import into the java cacerts

keytool -import -trustcacerts -file NewRootCACertificate.crt -keystore "%JAVA_HOME%\jre\lib\security\cacert"

http://stackoverflow.com/questions/28521266/caused-by-sun-security-provider-certpath-suncertpathbuilderexception-unable-to

Test Link: https://127.0.0.1:8443

Lets write some REST web services and play for the first time with python and bottle

In order to start writing the web-services lets take a look at how to setup python on windows.

 

GITHUB : https://github.com/vishwakarmarhl/pythonservices.git

 

Setup Python

Tutorial : https://pypi.python.org/pypi
1. Setup Python
     - Install Python : http://www.python.org/download/
     - Setup path variables
        export PYTHON_HOME=C:\Python27
        export PATH=$PYTHON_HOME:$PYTHON_HOME\Scripts:$PATH
     - Setup MinGW compiler for libraries
        https://gist.github.com/mmlin/1059280
2. Install PIP
    http://www.pip-installer.org/en/latest/installing.html
    $ python ez_setup.py
    $ python get-pip.py
 
3. Libraries
    a. Bottle and Flask
        pip install bottle
        pip install flask
    b. MySQLdb (http://blog.mysqlboy.com/2010/08/installing-mysqldb-python-module.html, http://sourceforge.net/projects/mysql-python/)
        Installed an executable version for windows from sourceforge
        $ easy_install MySQL-python
  
4. Create a database with the *.sql schema file
5. Configure with the db credentials and host name in config.cfg and execute from commandline
        $ py main.py
6.Test GET: http://localhost:8080/users/

Sample REST Service

This is where we can start discussing the web services code segments. We are using the bottle implementation for the service end points.

Considering an example for the GET service here to query all the users in the mysql database table data.user,

# Test using, curl -s http://localhost:8080/users
@route('/users', method='GET')
def getallusers():
try:
mysql_cursor = getDbConnection()
args = 'SELECT `user_id`,`user_name`,`first_name`,`last_name`,`email`,`password`,`organization`,`enabled`,`phone` FROM `data`.`user`';
mysql_cursor.execute(args)
results=mysql_cursor.fetchall()
except MySQLdb.Error, e:
print "MySQL Error %d: %s" % ( e.args[0], e.args[1] )
result = json.dumps(results, default=lambda o: o.__dict__)
return result

The entry point to the code is main.py where DataService.py REST services are being imported and referenced on initialization. 

This is a sample app that can get you quickly started on the bottle based REST web service.