Use AprLifecycleListener with embedded Tomcat by default

[candrews]

AprLifecycleListener enabled Tomcat to use APR for accelerating SSL and threading if APR is available (if it's not available, then pure Java is used and there is no loss): https://tomcat.apache.org/tomcat-8.0-doc/apr.html#AprLifecycleListener

The default configuration that Tomcat distributes enables AprLifecycleListener: https://github.com/apache/tomcat/blob/TOMCAT_8_0_0/conf/server.xml#L27 Therefore, since Tomcat has been enabling it by default for years, I think Spring Boot should as well (I was surprised it didn't).

Note that AprLifecycleListener does not enable HTTP/2 or anything else; it's purely a performance improvement.

[wilkinsona]

Thanks for the PR, @candrews. I think it'd be good to update the javadoc to list the lifecycle listeners that are registered by default.

[bclozel]

I see that this Listener is still configured in Tomcat 9.0, but I'm a bit confused about the need to configure it by default.

It seems that at least one performance benchmark show that NIO/NIO2 + OpenSSL implementation perform better than APR + OpenSSL (probably because of JNI and the particular use case chosen for this benchmark).

Also, @markt-asf said that, when using OpenSSL, APR and NIO have roughly the same performance and that it really depends on the traffic your application is dealing with. He also mentioned NIO as a good choice for a default connector (check out this presentation recording, starting 41:25).

Benchmarks are hard to get right and can be really misleading, so I'm a bit torn between following Tomcat's defaults and following the latest advice from Tomcat committers.

Unless I totally missed something here, I'm voting against this change.

[candrews]

This PR isn't for changing the connector - NIO is still used.
Granted, the APR lifecycle listener allows for the use of the APR connector, but that's not what this PR does not is it the only thing the life cycle listener does. It also allows Tomcat to use APR threads and OpenSSL for improving NIO connector performance.
As far as I can tell, enabling the life cycle listener never harms performance, can improve it, and was and is in the default Tomcat configuration so it should be in the default Spring Boot configuration.

[markt-asf]

The APR lifecycle listener does NOT use the APR library directly to accelerate TLS. You need the Tomcat Native library (which depends on APR and OpenSSL) to do that. The APR lifecycle listener only looks for the Tomcat Native library.

Also, there are NO benefits w.r.t threading.

The Tomcat Native connector enables two features:

• the APR/native connector
• the ability to use OpenSSL with the NIO and NIO2 connectors

In Tomcat 9 and 8.5 you need the Tomcat Native library to use HTTP/2 if you are running on Java 8 or earlier. In Tomcat 9 (and soon in Tomcat 8.5) on Java 9 or later, HTTP/2 is supported without the Tomcat Native Library.

If you are using TLS, the Tomcat Native library generally offers performance improvements compared to JSSE (either via the APR/Native connector or with NIO[2] with OpenSSL). However those performance differences vary with configuration and exact Java version so it is worth testing to see what the benefit is for any given scenario.

Generally, I would recommend using the Tomcat Native library if you need to support TLS. In terms of APR/native vs NIO+OpenSSL, the Tomcat community is leaning towards NIO+OpenSSL with the possibility that the APR/native connector will be removed in Tomcat 10.

[bclozel]

After a discussion with @candrews on https://gitter.im/spring-projects/spring-boot, here's the current status of this.

The AprLifecycleListener should be useful (and in most cases improve things), as long as the application is using TLS. Otherwise, it's not really useful to have it configured by default (even if users should be able to configure it manually).

With that, we should see how this choice fits in #10043 and how it should be documented, even if it's not used in the HTTP/2 context.

[bclozel]

Fixed in #10043
Thanks @candrews !