Deploying applications is hard. Often you need console access to the server from which you pull the latest code and then manually instantiate into your container. In this tutorial you’ll see an easier way using Tomcat: you’ll create an authenticated web app and deploy it through the browser using the latest versions of Tomcat, Spring Boot, and Java.
Since version 9, Oracle has decreased the Java release cadence to six months so major version numbers are increasing at a much faster rate than before. The latest release is Java SE 11 (Standard Edition) which came out in September 2018. The biggest licensing change in this new release has led to one clear takeaway: to use the OpenJDK from now on. Open JDK is the free version of Java that you can now also get from Oracle. Also, Java 11 has long term support so this is the version you should be using for new projects going forward.
Start Your Java 11 App
Java SE Development Kit 11 Downloads. Thank you for downloading this release of the Java™ Platform, Standard Edition Development Kit (JDK™). The JDK is a development environment for building applications, and components using the Java programming language. By default when Eclipse IDE is downloaded, it doesn’t come with Tomcat installed with it. Let us go over all detailed steps to configure Apache Tomcat in an Eclipse environment. Step 1: Download the latest version ( 9.0.34 ) of apache tomcat sever from this link according to your platform. Step 2: Extract the files from zip folder. Wilkinsona changed the title An illegal reflective access operation has occurred Spring 2.1.0 GA + JDK 11 + Tomcat 9.0.12 Disable some of Tomcat's reference cleaning to avoid warnings on Java 11 Nov 8, 2018. apache-tomcat-9.0.31: Error: opening registry key 'SoftwareJavaSoftJava Runtime Environment' Error: could not find java.dll Error: Could not find Java SE Runtime Environment.
Open up a console and run
java -version to see what version of Java you are using.
Java 8 is shown as version
SDKMAN is a great tool for keeping your development libraries up to date. To install it run
Note that SDKMAN only works on Linux and Unix-like systems. Windows users will need to install the latest Java manually.
If SDKMAN installs properly you will see instructions for getting the command to work in your current terminal.
source command shown and the
sdk command should be active.
Now install the latest Java simply with
sdk install java.
java -version should show
NOTE: If you already have SDKMAN! and Java 11 installed, you can set it as the default using
sdk default java 11.0.2-open.
Create a Spring Boot Project for Tomcat
The most popular way to start a Spring project is with Spring Initializr.
Navigate to start.spring.io in your favorite web browser, then choose your project options:
- Leave as Maven, Java, and the latest stable Spring Boot (2.4.4)
- Change the group and artifact if you wish
- In the Dependencies box, type and choose
Devtools. They should appear as Dependencies selected on the right
Now click Generate Project and a zip file will download with the project inside. Simply unzip and enter the directory from the command line. If you
ls you’ll see five files and one directory (
mvnw is a script that allows you to use Maven without installing it globally.
mvnw.cmd is the Windows version of this script.
pom.xml describes your project, and
src has your Java code inside. (Note there’s also a hidden
.mvn directory where the embedded maven files sit!)
Let’s see what the project does. Type
./mvnw spring-boot:run and press enter. It may take a while for everything to install, but eventually, you should see something like this:
Note the message
Tomcat started on port(s): 8080. Open a browser window to
http://localhost:8080 and you should see a login page.
You can authenticate using “user” for a username and the password that’s been printed to your terminal. After logging in, you’ll see a 404 error page because you haven’t created any code to show a landing page at
Add Secure Authentication to Your Spring Boot App
Let’s add authentication with Okta. Why Okta? Because you don’t want to worry about managing your users and hashing their passwords, do you? Friends don’t let friends write authentication - let the experts at Okta do it for you instead! After all, Okta’s API is built with Java and Spring Boot too!
Before you begin, you’ll need a free Okta developer account. Install the Okta CLI and run
okta register to sign up for a new account. If you already have an account, run
okta login.Then, run
okta apps create. Select the default app name, or change it as you see fit.Choose Web and press Enter.
Select Okta Spring Boot Starter. Accept the default Redirect URI values provided for you. That is, a Login Redirect of
http://localhost:8080/login/oauth2/code/okta and a Logout Redirect of
The Okta CLI will create an OIDC Web App in your Okta Org. It will add the redirect URIs you specified and grant access to the Everyone group. You will see output like the following when it’s finished:
src/main/resources/application.properties to see the issuer and credentials for your app.
NOTE: You can also use the Okta Admin Console to create your app. See Create a Spring Boot App for more information.
Now add the Okta Spring Boot Starter library as a dependency in your
Now edit your main Java entry file – which is probably somewhere like
src/main/java/com/example/demo/DemoApplication.java – and add the
@RestController annotation to the class, as well as a homepage entry point:
Restart your app using
./mvnw spring-boot:run or use your IDE to run it.
Now when you visit
http://localhost:8080 you should see the Okta login screen.
Once you’ve entered in the details of an attached Okta user (you can use the same login as your Okta developer account here) you should see a welcome message with the full name you entered when you registered:
Hot Tip: Logging out of an OAuth2 session is more nuanced than one might first imagine. To keep testing the login process, I recommend you use private browsing windows to ensure the login screen returns; close them down when you are finished.
Stop your Spring Boot app so you can run Tomcat on its default port of 8080.
Set up Tomcat 9 for Your Spring Boot App
Getting Tomcat up and running couldn’t be easier. Start by downloading the binary compatible with your platform. Make sure to use the
.tar.gz file and not the installer. Extract to a location and inside the
bin directory run the startup script -
startup.sh for Linux/Mac and
startup.bat for Windows.
Hot Tip: You can also use
./catalina.sh run to start your app. This command will print the logs to your terminal so you don’t need to tail them to see what’s happening.
http://localhost:8080 and you should see the Tomcat installation page.
Create a WAR File from Your Spring Boot Project
You now need to create a WAR file from your Spring Boot application. Add the following just after the
<description> node in your
Remove the embedded Tomcat server by adding the following to your dependencies list:
Finally enable your application as a servlet by extending your main class with
Now package your application with the following command:
You should see a message like the following:
Take note where your new
Deploy a WAR to Tomcat from the Browser
You may have noticed that on the right-hand side of the Tomcat welcome screen was three buttons: Server Status, Manager App, and Host Manager. You can deploy a WAR from Manager App but it needs authentication (and there are no users defined by default).
Add the following to
conf/tomcat-users.xml in your Tomcat directory:
You’ll need to restart Tomcat for this change to take effect. Because you started it directly you need to stop the process yourself. Find the process id using
ps aux grep tomcat.
Here my process ID is
11813. Use the kill command to kill it.
Restart the server by using
startup.sh as before. When you click on the Manager App button the user details you entered above should get you to the manager screen.
Scroll to the bottom to the WAR file to deploy section. Click Browse… and select the WAR file from before. Click Deploy.
If you scroll up you should see something like
/demo-0.0.1-SNAPSHOT listed in the Applications section. Click on this will take us to
http://localhost:8080/demo-0.0.1-SNAPSHOT which is where Tomcat is serving our application from. You’ll see a Bad Request error.
This is because the redirect URL is now wrong in our Okta app configuration - everything should be prepended with
demo-0.0.1-SNAPSHOT. That name is a bit cumbersome. To change it rename your WAR file to
demo.war (you can do this permanently by adding
<finalName>demo</finalName> to the build section of your
pom.xml). Now click Undeploy next to your app name in the manager window, and redeploy the WAR. Now the app should be under
okta login and open the resulting URL in your browser. Log in and go to the Applications section. Edit your application’s general settings and prepend all the URLs with
http://localhost:8080/demo/login/oauth2/code/okta. Now clicking on your
/demo app in the manager (or browsing to
http://localhost:8080/demo) should show you the welcome screen as before.
Hot Tip: To ensure your local development setup matches the machine you are deploying to, make sure the embedded Tomcat version is the same as your external server by adding the following to your
Learn More About Tomcat, Spring Boot, and Java 11
Well done - you’ve remotely deployed a Spring Boot 2.4 application to Tomcat 9, all backed by Java 11!
I hope you found this tutorial useful. You can find the GitHub repo for this example at oktadeveloper/okta-spring-boot-tomcat-example.
Check out some of these links below for more information:
Like what you learned today? Follow us on Twitter and subscribe to our YouTube channel.
Tomcat 9 Java 11th
- Apr 3, 2021: Updated to Spring Boot 2.4 and Okta CLI for setup. See this post’s changes in okta-blog#688; the example app’s changes can be found in okta-spring-boot-tomcat-example#2.