Bill Barker wrote:
This is totally Tomcat specific, so won't necessarily port if you decide to
change containers (but without looking probably still works for GlassFish
and JBoss). Tomcat does Ant style variable replacement when parsing web.xml
(both the one in conf and the one in WEB-INF). So something like
<context-param>
<param-name>config-file-location</param-name>
<param-value>${my.config.file.location}</param-value>
</context-param>
will work if the System property my.config.file.location is set by the
startup script/Windows service manager.
That sounds like a good idea !
Usually, there are only a few parameters that change per customer, like
the IP address of some external server, or some login id/pw for a remote
service. That would really do the trick in most cases.
In addition, it would avoid having to put some potentially sensible
values in a web-xml file which has to be readable by the Tomcat user.
(And even by me, come to think of it).
And we don't even have to change the applications.
I'll expand that a bit for later reference by dummies like me :
Under Unix/Linux, the /etc/init.d/tomcat script is run by root, so such
settings could set as some variable which would be expanded in the line
calling up the JVM, no matter which user the JVM starts under, like :
file : /etc/confidential/tomcat_settings.sh (only readable by root)
REALLY_CONFIDENTIAL_SETTINGS="-D myfilter.auth.pw=secretpw"
...
file : /etc/init.d/tomcat
CONFIDENTIAL_SETTINGS=""
if [ -f "/etc/confidential/tomcat_settings.sh" ]; then
. "/etc/confidential/tomcat_settings.sh"
fi
...
start)
su - tomcatuser -c "/var/lib/jvm/java $CONFIDENTIAL_SETTINGS -jar ...."
file : (tomcat_home)/webapps/myapp/WEB-INF/web.xml
...
<init-param>
<param-name>secretpw</param-name>
<param-value>$(myfilter.auth.pw)</param-value>
</init-param>
...
So now we can give the customer a new war file, with an update of his
application, including a WEB-INF/web.xml file, and he can just install
it and overwrite his existing web.xml, without even us having to know
the secret password.
Great !
Please feel free to comment, particularly if there is a mistake above.
Also, I believe the above - if correct - could be a useful addition to
the Tomcat FAQ, but I can't figure out if (or how) to add something
there. It seems to display "immutable page" everywhere and I can't find
an option to add something.
I guess this could better be another post.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
