Tomcat 6 vs Tomcat 7: Missing Valves

Prior to Tomcat 7, Tomcat had a system of "Valves" that were used to add code to the request processing pipeline.  The most common valve was the RequestDumperValve.  This valve logs all http requests/responses that go through this valve.  This can help diagnose problems that you are having.  These valves were Tomcat-specific, however.  The Tomcat developers wanted to get rid of duplicate code, so they decided to get rid of the proprietary "Valve" system and replace it with the J2EE-standard "Filter" system.

Although this is a noble goal, the "Filter" system doesn't handle everything the "Valve" system was able to handle.  For example, when an http request is sent to a war's context root without the trailing slash, Tomcat sends a redirect with the trailing slash added on.  This has been known to cause issues with load balancers that perform the SSL termination.  To debug this type of issue on Tomcat 6, you add the RequestDumperValve.  In Tomcat 7, you add the RequestDumperFilter.....which doesn't work.  The problem is the redirect is not sent from inside of a war file.  Since the redirect is not being sent from a war file, no servlet filters are processed.  This means the RequestDumperFilter doesn't actually dump the http request/response.

Another example of this issue is trying to dump the request of an invalid http request.  We recently had an issue with a reverse proxy in front of a Tomcat server.  One http request was coming into the reverse proxy, but Tomcat was seeing two requests.  The first request get the HTTP GET line and some of the headers.  The second request started with one of the http headers.  The first request was getting a 200 response but was invalid because some of the request headers never got processed (the cookie header).  The second response returned an http status code 505 because the first line of the request was not a valid HTTP request; it was an http header.  In this scenario, the request dumper worked with the first request, but did not work with the second request.  In the Tomcat 6 world, both requests would have had the communication dumped to a log file.

I admire the Tomcat's team for trying to get rid of proprietary extensions when the J2EE servlet filter system seemed to handle what the valves could do.  This change has left a gap in functionality that would be good to have back.