Upgrade tomcat version to 9.0.115

[manodyaSenevirathne]

Purpose

Add pom.xml files for tomcat 9.0.115 for jdk21 compiled products and older versions

Summary by CodeRabbit

• New Features
  • Added support for Tomcat 9.0.115 (Catalina HA, EL, JSP, Servlet).
  • Introduced JDK 21–compatible variants for core Tomcat libraries.
  • Registered EL ExpressionFactory service provider for runtime discovery.
  • Added Jaeger client and Zipkin okhttp3 reporter OSGi bundles for tracing.

[coderabbitai]

Walkthrough

Adds multiple new Maven POMs (11) and two META-INF service provider entries to produce OSGi bundle artifacts: Tomcat 9.0.115.wso2v1 (core, JDK21 variants, EL/JSP/Servlet APIs, Catalina HA), plus Jaeger and Zipkin reporter bundles. Each POM configures bundle metadata, optional dependencies, export/import package rules, and distribution to WSO2 releases.

Changes

Cohort / File(s)	Summary
Tomcat Core & Orbit Bundles tomcat/9.0.115.wso2v1/pom.xml, tomcat-jdk21/9.0.115.wso2v1/pom.xml, tomcat-catalina-ha/9.0.115.wso2v1/pom.xml	New orbit bundle POMs for Tomcat core, JDK21 variant, and Catalina HA. Define bundle packaging, optional Tomcat dependencies, version properties (version.tomcat, version.ecj), OSGi exports/imports, Include-Resource/Bundle-Classpath entries, and distributionManagement to WSO2 releases.
Tomcat API Bundles (EL / JSP / Servlet) tomcat-el-api/9.0.115.wso2v1/pom.xml, tomcat-el-api-jdk21/9.0.115.wso2v1/pom.xml, tomcat-jsp-api/9.0.115.wso2v1/pom.xml, tomcat-jsp-api-jdk21/9.0.115.wso2v1/pom.xml, tomcat-servlet-api/9.0.115.wso2v1/pom.xml, tomcat-servlet-api-jdk21/9.0.115.wso2v1/pom.xml	New OSGi bundle POMs for EL, JSP, and Servlet APIs (standard and JDK21 variants). Configure exports for javax.el/javax.servlet/javax.servlet.jsp packages, optional imports, dynamic imports, Provide-Capability entries for JDK21 variants, and distribution to WSO2.
ServiceLoader Entries tomcat/9.0.115.wso2v1/src/main/resources/META-INF/services/javax.el.ExpressionFactory, tomcat-jdk21/9.0.115.wso2v1/src/main/resources/META-INF/services/javax.el.ExpressionFactory	Added service provider files registering org.apache.el.ExpressionFactoryImpl for javax.el.ExpressionFactory.
Tracing Bundles — Jaeger jaeger-client-jdk21/1.8.0.wso2v2/pom.xml	New OSGi bundle POM for Jaeger client (JDK21). Declares many optional Jaeger/OpenTracing/Brave dependencies, exports io.jaegertracing/io.opentracing/brave packages, embeds dependencies, and sets import version ranges and properties.
Tracing Bundles — Zipkin zipkin-sender-okhttp3/3.5.1.wso2v2/pom.xml	New OSGi bundle POM for Zipkin okhttp3 sender. Declares dependencies on zipkin reporter artifacts, exports zipkin2.reporter packages, imports okhttp3/okio/zipkin ranges, embeds dependencies, and configures WSO2 distribution.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• Add tomcat orbit bundles for jdk21 compiled products #1301: Adds the same Tomcat 9.0.115.wso2v1 orbit bundle POMs and JDK 21 variants with META-INF service configurations as this PR.

Suggested reviewers

• madurangasiriwardena

Poem

🐇 Hopping through manifests, bundles in tow,

EL, JSP, Servlet — versions all aglow,
Jaeger and Zipkin trail tracing delight,
OSGi ribbons tied, published to flight,
A rabbit cheers builds through the night! 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is largely incomplete, providing only a Purpose section while missing Goals, Approach, User stories, Release note, Documentation, Training, Certification, Marketing, Automation tests, Security checks, Samples, Related PRs, Migrations, Test environment, and Learning sections required by the template.	Complete the PR description by adding the missing template sections, particularly Goals, Approach, Documentation, and Test environment to provide comprehensive context for reviewers.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Upgrade tomcat version to 9.0.115' accurately and concisely summarizes the primary change in the PR, which adds pom.xml files for Tomcat 9.0.115 across multiple modules.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

tomcat-jsp-api/9.0.115.wso2v1/pom.xml (1)

52-52: Consider aligning maven-bundle-plugin versions across Tomcat 9.0.115.wso2v1 modules.

Line 52 uses version 2.3.6, but most other new Tomcat modules use 2.4.0. Specifically: tomcat-catalina-ha, tomcat-jsp-api-jdk21, and tomcat-jsp-api use 2.3.6, while six other modules (tomcat-el-api, tomcat-el-api-jdk21, tomcat-jdk21, tomcat-servlet-api, tomcat-servlet-api-jdk21, and tomcat) use 2.4.0. Aligning to a single version will reduce inconsistency in manifest generation across related artifacts.

Proposed change (if unintentional)

-                <version>2.3.6</version>
+                <version>2.4.0</version>

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tomcat-jsp-api/9.0.115.wso2v1/pom.xml` at line 52, The pom.xml for
tomcat-jsp-api currently pins maven-bundle-plugin to <version>2.3.6</version>,
causing a mismatch with other modules; update the maven-bundle-plugin version in
this POM to 2.4.0 to match the other Tomcat 9.0.115.wso2v1 modules (ensure the
<plugin> element referencing maven-bundle-plugin is the one you edit), then run
a quick build of modules like tomcat-jsp-api, tomcat-jsp-api-jdk21 and
tomcat-catalina-ha to confirm consistent manifest generation across
maven-bundle-plugin usage.

tomcat-catalina-ha/9.0.115.wso2v1/pom.xml (1)

52-52: Update maven-bundle-plugin version to align with the majority of 9.0.115 modules.

This module uses 2.3.6 while six out of nine 9.0.115.wso2v1 modules use 2.4.0. Although tomcat-jsp-api and tomcat-jsp-api-jdk21 also use 2.3.6, adopting the prevalent version 2.4.0 reduces the risk of subtle manifest-generation inconsistencies across orbit bundles.

Suggested change

-                <version>2.3.6</version>
+                <version>2.4.0</version>

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tomcat-catalina-ha/9.0.115.wso2v1/pom.xml` at line 52, Update the
maven-bundle-plugin version element currently set to 2.3.6 to 2.4.0 to match the
majority of 9.0.115.wso2v1 modules; locate the <version> element for the
maven-bundle-plugin declaration in the POM (the tag containing
"maven-bundle-plugin" and its <version> child) and change its value to 2.4.0 so
manifest generation is consistent with other modules.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tomcat-jdk21/9.0.115.wso2v1/pom.xml`:
- Around line 138-140: The POM pins ECJ to an old incompatible version via the
property version.ecj (currently 4.6.1); update that property to a modern ECJ
release that supports Java 21 (for example set version.ecj to 3.26.0 which is
the Tomcat 9.0.115 baseline) so JSP/ECJ compilation will work under JDK 21 and
align with Tomcat's expected dependency.

---

Nitpick comments:
In `@tomcat-catalina-ha/9.0.115.wso2v1/pom.xml`:
- Line 52: Update the maven-bundle-plugin version element currently set to 2.3.6
to 2.4.0 to match the majority of 9.0.115.wso2v1 modules; locate the <version>
element for the maven-bundle-plugin declaration in the POM (the tag containing
"maven-bundle-plugin" and its <version> child) and change its value to 2.4.0 so
manifest generation is consistent with other modules.

In `@tomcat-jsp-api/9.0.115.wso2v1/pom.xml`:
- Line 52: The pom.xml for tomcat-jsp-api currently pins maven-bundle-plugin to
<version>2.3.6</version>, causing a mismatch with other modules; update the
maven-bundle-plugin version in this POM to 2.4.0 to match the other Tomcat
9.0.115.wso2v1 modules (ensure the <plugin> element referencing
maven-bundle-plugin is the one you edit), then run a quick build of modules like
tomcat-jsp-api, tomcat-jsp-api-jdk21 and tomcat-catalina-ha to confirm
consistent manifest generation across maven-bundle-plugin usage.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0bf57b41-04c1-4ebf-aaee-360a477fc268

📥 Commits

Reviewing files that changed from the base of the PR and between 9438150 and 1b8d89c.

📒 Files selected for processing (11)

• tomcat-catalina-ha/9.0.115.wso2v1/pom.xml
• tomcat-el-api-jdk21/9.0.115.wso2v1/pom.xml
• tomcat-el-api/9.0.115.wso2v1/pom.xml
• tomcat-jdk21/9.0.115.wso2v1/pom.xml
• tomcat-jdk21/9.0.115.wso2v1/src/main/resources/META-INF/services/javax.el.ExpressionFactory
• tomcat-jsp-api-jdk21/9.0.115.wso2v1/pom.xml
• tomcat-jsp-api/9.0.115.wso2v1/pom.xml
• tomcat-servlet-api-jdk21/9.0.115.wso2v1/pom.xml
• tomcat-servlet-api/9.0.115.wso2v1/pom.xml
• tomcat/9.0.115.wso2v1/pom.xml
• tomcat/9.0.115.wso2v1/src/main/resources/META-INF/services/javax.el.ExpressionFactory

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

ECJ 4.6.1 Java version support compatibility JDK

💡 Result:

• Running ecj-4.6.1.jar (the standalone Eclipse Compiler for Java): the published Maven POM for ECJ 4.6.1 sets maven.compiler.source/target to 1.7, meaning the JAR is built for Java 7 bytecode → you need JRE/JDK 7+ to run it. [1]
• What Java it can compile (language level): ECJ 4.6.1 corresponds to the Eclipse Neon era and is generally used for up to Java 8 source/target; Java 9 support is not provided by Neon-era tooling (Java 9 support comes with later Eclipse trains). [2]
• Note (batch compiler defaults/constraints): Eclipse’s batch-compiler docs note an implicit default of -source 1.6 -target 1.6, and that annotation processing support requires a 1.6 VM. [3]

Sources:
[1] Sonatype/Maven Central page showing ECJ 4.6.1 POM snippet (maven.compiler.source/target=1.7). (central.sonatype.com)
[2] Stack Overflow: Eclipse Neon vs Java 9 support (points to needing later Eclipse versions for Java 9). (stackoverflow.com)
[3] Eclipse Help: “Using the batch compiler” (implicit -source/-target 1.6, annotation processing needs 1.6 VM). (help.eclipse.org)

Citations:

• 1: https://central.sonatype.com/artifact/org.eclipse.jdt.core.compiler/ecj/4.6.1
• 2: https://stackoverflow.com/questions/48108155/does-eclipse-neon-support-java-9?utm_source=openai
• 3: https://help.eclipse.org/latest/rtopic/org.eclipse.jdt.doc.user/tasks/task-using_batch_compiler.htm?utm_source=openai

---

🌐 Web query:

Apache Tomcat 9.0.115 ECJ version dependency

💡 Result:

For Apache Tomcat 9.0.115, the Jasper JSP compiler (tomcat-jasper) has a Maven dependency on:

• ECJ artifact: org.eclipse.jdt:ecj
• ECJ version: 3.26.0 (compile dependency) [1]

If you’re looking at the Tomcat binary distribution (the lib/ folder), Tomcat 9 commonly ships an ECJ JAR named ecj-4.20.jar (optional, used when you configure Jasper to use ECJ instead of javac) [2].

Sources:
[1] https://mvnrepository.com/artifact/org.apache.tomcat/tomcat-jasper/9.0.115/dependencies
[2] https://stackoverflow.com/questions/79415289/org-apache-jasper-jasperexception-unable-to-compile-class-for-jsp-facing-this

---

🏁 Script executed:

# Search for Tomcat 9.0.115 official pom.xml to see what ecj version it uses
curl -s "https://repo.maven.apache.org/maven2/org/apache/tomcat/tomcat/9.0.115/tomcat-9.0.115.pom" | grep -A 5 -B 5 "ecj" || echo "Direct fetch failed, will try alternative"

Repository: wso2/orbit

Length of output: 95

---

🏁 Script executed:

# Check Maven Central for ECJ 4.6.1 release info
curl -s "https://repo1.maven.org/maven2/org/eclipse/jdt/core/compiler/ecj/4.6.1/" | grep -i "release\|date\|version" | head -20

Repository: wso2/orbit

Length of output: 36

---

ECJ 4.6.1 cannot compile code for JDK 21.

Line 140 pins ecj to 4.6.1, which only supports Java 8 language features and lacks Java 9+ support. This will cause JSP compilation failures with JDK 21. Additionally, Tomcat 9.0.115 officially uses ECJ 3.26.0 (a much newer version), so this pinning moves backward from the baseline dependency.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tomcat-jdk21/9.0.115.wso2v1/pom.xml` around lines 138 - 140, The POM pins ECJ
to an old incompatible version via the property version.ecj (currently 4.6.1);
update that property to a modern ECJ release that supports Java 21 (for example
set version.ecj to 3.26.0 which is the Tomcat 9.0.115 baseline) so JSP/ECJ
compilation will work under JDK 21 and align with Tomcat's expected dependency.

[coderabbitai]

🧹 Nitpick comments (1)

zipkin-sender-okhttp3/3.5.1.wso2v2/pom.xml (1)

75-82: Remove the trailing wildcard import from Import-Package.

*;resolution:=optional broadens imports and breaks the established Orbit POM convention in this repo. Keep only explicit imports/negations here.

Suggested change

                         <Import-Package>
                             okhttp3;version="[3.11,5)",
                             okio;version="[1.15,4)",
                             zipkin2;version="[2.27,3)",
                             zipkin2.codec;version="[2.27,3)",
-                            !zipkin2.reporter.*,
-                            *;resolution:=optional
+                            !zipkin2.reporter.*
                         </Import-Package>

Based on learnings: Ensure that in Maven bundle POMs (maven-bundle-plugin Felix configuration), the Import-Package section omits the trailing wildcard * as per established wso2/orbit convention.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@zipkin-sender-okhttp3/3.5.1.wso2v2/pom.xml` around lines 75 - 82, The
Import-Package section currently ends with a wildcard entry
"*;resolution:=optional" which contravenes the Orbit POM convention and overly
broadens imports; edit the pom's Import-Package list to remove the trailing
wildcard entry and only keep the explicit package entries and negations (e.g.,
retain okhttp3, okio, zipkin2, zipkin2.codec and the "!zipkin2.reporter.*"
negation) so that Import-Package contains no "*;resolution:=optional" wildcard.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@zipkin-sender-okhttp3/3.5.1.wso2v2/pom.xml`:
- Around line 75-82: The Import-Package section currently ends with a wildcard
entry "*;resolution:=optional" which contravenes the Orbit POM convention and
overly broadens imports; edit the pom's Import-Package list to remove the
trailing wildcard entry and only keep the explicit package entries and negations
(e.g., retain okhttp3, okio, zipkin2, zipkin2.codec and the
"!zipkin2.reporter.*" negation) so that Import-Package contains no
"*;resolution:=optional" wildcard.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9b0fd19c-4da7-4f5f-aa7b-c4a2bc16327f

📥 Commits

Reviewing files that changed from the base of the PR and between 1b8d89c and fd1dedd.

📒 Files selected for processing (2)

• jaeger-client-jdk21/1.8.0.wso2v2/pom.xml
• zipkin-sender-okhttp3/3.5.1.wso2v2/pom.xml