The servlet container (like Tomcat, Jetty, or Undertow) does a lot of behind-the-scenes heavy lifting so your servlet code can focus just on business logic.
Let’s look at the most common and critical tasks a servlet container performs:
⚙️ Most Common Tasks of a Servlet Container
1. Servlet Lifecycle Management
The container:
- Loads the servlet class
- Instantiates the servlet (one instance per servlet)
- Initializes it by calling
init() - Calls
service()for each request - Destroys it with
destroy()during undeploy or shutdown
➡️ Ensures correct servlet lifecycle without you managing it manually.
2. Request and Response Handling
- Receives HTTP requests from clients
- Parses them into
HttpServletRequestobjects - Provides an
HttpServletResponseobject to write output - Routes the request to the correct servlet (based on URL mapping)
➡️ You just work with req and res objects — all routing and parsing is handled.
3. Multithreading & Thread Pool Management
- Uses a thread pool to serve multiple client requests concurrently
- Each request runs in a separate thread
- Makes sure servlets are thread-safe (you still need to handle shared state carefully)
➡️ Helps with performance and concurrency, especially under load.
4. Session Management
- Automatically tracks user sessions via cookies or URL rewriting
- Provides
HttpSessionto store user-specific data - Handles session expiration, invalidation, and storage
➡️ You can store things like userId, cart, login status with no setup.
5. Resource Loading
- Makes
web.xmland context parameters available - Gives access to static files (
/static,/public) - Lets you access resources via
ServletContext.getResource()
➡️ Load files, configs, or static HTML/CSS/JS easily.
6. Security Management
- Enforces access rules from
web.xmlor annotations - Handles authentication and authorization (basic, form-based, etc.)
- Supports role-based access control (
<security-constraint>)
➡️ You can protect /admin routes or secure forms without writing security logic.
7. Filter and Listener Execution
- Executes filters (like request logging, compression, CORS handling)
- Notifies listeners (e.g., session start/end, context load/destroy)
➡️ Enables separation of cross-cutting concerns.
8. Error Handling and Logging
- Manages exceptions and routes them to error pages
- Supports custom error handlers via
web.xmlor annotations - Logs requests, exceptions, and lifecycle events
➡️ Lets you define clean error pages or debug issues quickly.
9. Class Loading and Hot Deployment
- Loads servlet classes via web app classloader
- Can reload classes without restarting the whole server (in dev mode)
➡️ You can update servlets and JSPs without full redeploy in some containers.
10. Deployment & Configuration
- Reads
web.xml, annotations (@WebServlet, etc.) - Maps servlets to URLs
- Applies init parameters, context params, security rules, welcome files, etc.
➡️ Takes care of all the bootstrapping when you deploy your app.
🧠 Summary Table
| Task | Description |
|---|---|
| Lifecycle management | Handles init(), service(), destroy() |
| Request routing | Maps URLs to correct servlet |
| Threading | Manages thread pool for concurrency |
| Session handling | Tracks users and their data |
| Security | Applies auth rules and constraints |
| Filters and listeners | Executes extra logic before/after servlets |
| Logging and error handling | Logs events, serves error pages |
| Resource management | Serves static files, loads config/data |
| Class loading | Loads and reloads servlet classes |
| Deployment config | Processes web.xml, annotations, and settings |