tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: WEB-INF/classes vs WEB-INF/lib/classes.jar file
Date Fri, 06 Feb 2009 10:51:39 GMT
Bill Barker wrote:
> 
> This is totally Tomcat specific, so won't necessarily port if you decide to 
> change containers (but without looking probably still works for GlassFish 
> and JBoss).  Tomcat does Ant style variable replacement when parsing web.xml 
> (both the one in conf and the one in WEB-INF).  So something like
> 
>  <context-param>
>     <param-name>config-file-location</param-name>
>     <param-value>${my.config.file.location}</param-value>
>  </context-param>
> 
> will work if the System property my.config.file.location is set by the 
> startup script/Windows service manager.
> 
That sounds like a good idea !
Usually, there are only a few parameters that change per customer, like
the IP address of some external server, or some login id/pw for a remote
service.  That would really do the trick in most cases.

In addition, it would avoid having to put some potentially sensible
values in a web-xml file which has to be readable by the Tomcat user.
(And even by me, come to think of it).
And we don't even have to change the applications.

I'll expand that a bit for later reference by dummies like me :

Under Unix/Linux, the /etc/init.d/tomcat script is run by root, so such 
settings could set as some variable which would be expanded in the line 
calling up the JVM, no matter which user the JVM starts under, like :

file : /etc/confidential/tomcat_settings.sh  (only readable by root)

REALLY_CONFIDENTIAL_SETTINGS="-D myfilter.auth.pw=secretpw"
...


file : /etc/init.d/tomcat

CONFIDENTIAL_SETTINGS=""
if [ -f "/etc/confidential/tomcat_settings.sh" ]; then
   . "/etc/confidential/tomcat_settings.sh"
fi
...
start)
   su - tomcatuser -c "/var/lib/jvm/java $CONFIDENTIAL_SETTINGS -jar  ...."


file : (tomcat_home)/webapps/myapp/WEB-INF/web.xml
    ...
    <init-param>
       <param-name>secretpw</param-name>
       <param-value>$(myfilter.auth.pw)</param-value>
    </init-param>
   ...

So now we can give the customer a new war file, with an update of his 
application, including a WEB-INF/web.xml file, and he can just install 
it and overwrite his existing web.xml, without even us having to know 
the secret password.

Great !

Please feel free to comment, particularly if there is a mistake above.

Also, I believe the above - if correct - could be a useful addition to 
the Tomcat FAQ, but I can't figure out if (or how) to add something 
there. It seems to display "immutable page" everywhere and I can't find 
an option to add something.
I guess this could better be another post.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message