Dear fellow Developers,
I am working on improving my Java Web Services, and I am trying to use a more delicate way of getting the directory path of properties files in a Java Web Service.
In order to make my Java Web Application easier to be deployed on an Apache Tomcat Server, I add the following line to the web.xml file:
<env-entry>
<env-entry-name>loggerPropertyFile</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>/Some/Long/Directory/File/Path/Which/May/Change/conf/LoggerInfo.properties</env-entry-value>
</env-entry>
As the above xml code depicts, I have placed a Properties file somewhere in the local Filesystem, and I want my Web Service to initialize its logger class, based on that configuration. As you can realize this path changes every time I deploy my web service to another server.
Thus, I figured out that I may be able to use the $CATALINA_BASE property, in order to make the environment entry path smaller. How can I retrieve the CATALINA_BASE value from inside my Java Web Service's Code (how is done on Linux and how is done on Windows)??
Thank you.
try System.getProperty("catalina.base");
Related
I'm working on a Spring MVC project. When I run the application the URL is:
http://localhost:8080/insureYou/login
but I want:
http://localhost:8080/contextroot/insureYou/login
Is there any way of doing it without hardcoding?
In a spring-boot project you can set the context-root by specifying the following property in the application.properties file:
server.servlet.context-path=/yourcontextroot
Without spring-boot, it depends on the webserver and Tomcat offers a number of options.
I would personally opt for a META-INF/context.xml file in your war file containing the necessary information but you can also include the information in the server.xml file or in a ROOT.xml file.
See the following links for further guidance:
How to set the context path of a web application in Tomcat 7.0
https://tomcat.apache.org/tomcat-8.0-doc/config/context.html
https://www.baeldung.com/tomcat-root-application
This type of deployment however sometimes is handled separately, through an Apache server reverse-proxy or through URL rewriting.
I recommend you ascertain whether this type of need is already taken care of by your company's deployment procedures, as you may not need to deal with it at all.
I am working on a Java application for a while. I primarily work on .NET Platform. Although I feel lot of concepts are common between these two platforms but there are few areas where I am finding some issues related to the configuration.
I am working on Authentication and Authorization and thought I would get something similar to Membership APIs of .NET in JAVA. Closest which I got was using j_security_check. I also got to know about JAAS but think it is little too deep for me to dive into.
I have created the user and role tables in the database and now I have to specify the JDBC Realm settings somewhere. I am using Tomcat 7.0. In most places, it's mentioned that I need to specify the realm setting in the server.xml.But wouldn't that apply to all web application deployed on that server since it would become a server level configuration ?.
On a site I even saw a developer mentioning about context.xml but again can't see a standard document that mention about using this XML file for setting JDBC realm
In.NET, We always put Membership settings at the web.config level and not Machine.config.
Totally Confused on this. Looking for some light on this.
Why is Realm setting required in Server.xml and not web.xml
This is not true, you can define it in your webapp as well, but then only in a servletcontainer-specific configuration file, such as /META-INF/context.xml in case of Tomcat. It cannot be definied in /WEB-INF/web.xml because it's specific to the standard Servlet API, not the servletcontainer implementation.
But wouldn't that apply to all web application deployed on that server since it would become a server level configuration ?.
That's correct. This is not recommended if you have no control over the server or if you don't want to publish the realm through other webapps.
On a site I even saw a developer mentioning about context.xml but again can't see a standard document that mention about using this XML file for setting JDBC realm
You can specify it in webapp's /META-INF/context.xml. See also Tomcat's own documentation on the <Context> element:
Defining a context
It is NOT recommended to place <Context> elements directly in the server.xml file. This is because it makes modifying the Context configuration more invasive since the main conf/server.xml file cannot be reloaded without restarting Tomcat.
Individual Context elements may be explicitly defined:
In an individual file at /META-INF/context.xml inside the application files. Optionally (based on the Host's copyXML attribute) this may be copied to $CATALINA_BASE/conf/[enginename]/[hostname]/ and renamed to application's base file name plus a ".xml" extension.
In individual files (with a ".xml" extension) in the $CATALINA_BASE/conf/[enginename]/[hostname]/ directory. The context path and version will be derived from the base name of the file (the file name less the .xml extension). This file will always take precedence over any context.xml file packaged in the web application's META-INF directory.
Inside a Host element in the main conf/server.xml.
(emphasis is not mine, it is already as such in Tomcat's documentation)
I have a web application which I wish to configure via settings in an external folder (external to the container and to the .war file). Therefore I want to inject just a single setting into my webapp which is the root folder of my configurations. The reasons for doing this are so that the maintenance team can update configuration settings in nice plain text files without having to re-deploy the war file.
My question is, what is the best way to parametrize a web application in the case of just a single configuration setting. I know I can use a JVM arg and then detect it from my initialization servlet. Ideally, I'd like something that I can put in the server.xml (not the web.xml file) that can be programmatically acquired from my ServletContextListener.contextInitialized(ServletContextEvent paramServletContextEvent) method.
Is there a way to do this using the ServletContextListener approach or is another way?
We are using -Dconfig.location=/foo/bar/config.properties and it works fine. It's a JVM arg, so it goes to the startup script.
You can register properties via JNDI in server.xml, but I'm not convinced this is a better option. server.xml or catalina.sh - both are container-level
Specifically, is it more or less secure having the file on the outside?
This is assuming you put the configuration files in the root directory (of the web server). And that there are only standard restrictions to files applied (no special lock down tools).
Depends on where you put your configuration files in your WAR. In you put it in WEB-INF or META-INF you will not be able route to those files.
/app/WEB-INF/web.xml gives a HTTP 404.
Unless there is some other exploit that would allow someone access to files on the server, I would say its no more secure in the WAR in the right place then outside the WAR file.
Yes it can be secure, although I would not use the root directory of the web server.
Typically a web server is configured to run as its own user (for instance, tomcat on Linux runs as user tomcat). So if the file can only be read by tomcat only the web server can access it.
You can use Context.xml in tomcat's conf directory to either directly inject the settings in the applications context, or add a property there pointing to the file location. That way the location need not be fixed.
I have an AXIS servlet which deployed on an apache tomcat server on windows.
I wrote a web service which I want to run on AXIS.
When I want to deploy my web service, I make a jar file from the classes, and then I copy them to "axis\WEB-INF\lib" directory. Then I deploy the web service using a wsdd file.
My question is - how can I pass parameters to the web service, and how can I read them?
The only web.xml file that I have, is the AXIS web.xml file. Should I put them there?
I came across with exactly same issue. I have a not so perfect solution. I am using a properties file to store params and access this properties file in the service classes. I am facing problem when I put all my classes in to a jar file. I am able to access properties file in my service class if I place properties file inside the jar file. I am unable to access properties file (without hardcoding the path) when I place it outside jar file. For maintainance point of view it is good practice to keep properties file accessible easyly.
-Rao