War config file

I would not store it in the application folder, because that would override the configuration with a new deployment of the application. I suggest you have a look at the Preferences API, or write something in the users folder the user that is running Tomcat. For example, the Spring framework gives you the ability to use XML configuration files or Java property files ; these can be stored in your classpath e.

Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Collectives on Stack Overflow. Learn more. What is the best place to store a configuration file in a Java web application WAR? Ask Question. Asked 13 years, 3 months ago. Active 5 years, 1 month ago.

Viewed 63k times. Improve this question. Note that there is no default mechanism for servlet engines - you will need to make vendor specific assumptions. Add a comment. Active Oldest Votes. I asked about why we did this once. Improve this answer. The following web. It specifies the simplest form of login process: the BASIC authentication model, which causes the browser to prompt the user with a simple pop-up username and password dialog box:.

We can do the equivalent configuration for a given servlet using the SecurityServlet annotation with an HttpConstraint annotation element as follows:. You can add this annotation to our test servlet or add the XML example setup to the web.

Access to protected areas is granted to user roles, not individual users. A user role is effectively just a group of users; instead of granting access to individual users by name, you grant access to roles, and users are assigned one or more roles.

A user role is an abstraction from users. Actual user information name and password, etc. Generally, application servers have their own tools for creating users and assigning individuals or actual groups of users their roles. A given username may have many roles associated with it.

Before we move on, there is one more piece of the security constraint to discuss: the transport guarantee. NONE is equivalent to leaving out the section, which indicates that no special transport is required. This is the standard for normal web traffic, which is generally sent in plain text over the network. This implies the use of digital signatures or some other method of validating the data at the receiving end, but it does not require that the data be encrypted and hidden while it is transported.

In practice, the only widely used secure transport in web browsers is SSL. We can configure the equivalent transport security for a servlet using the ServletSecurity annotation along with the HttpMethodConstraint annotation, as follows:. Combining the transport security with a rolesAllowed annotation can be done as shown in the preceding example. This section shows how to declare a custom login form to perform user login. In our example, we showed the BASIC method, which uses the standard web browser login and password dialog.

The form data can come from a static HTML page or from one generated by a servlet. Again, form data is sent in plain text unless otherwise protected by a transport guarantee SSL. It specifies that the client must be identified using a client-side public key certificate.

This implies the use of a protocol like SSL, which allows for secure exchange and mutual authentication using digital certificates. The exact method of setting up a client-side certificate is browser-dependent. The FORM method is most useful because it allows us to customize the look of the login page we recommend using SSL to secure the data stream.

We can also specify an error page to use if the authentication fails. The login page must contain an HTML form with a specially named pair of fields for the name and password. Here is a simple login. Therefore, you can effectively log out the user by calling invalidate on the session:. With Servlet 3. All we have to do is arrange our own login servlet that accepts a username and password securely and then calls the login method. This gives you great flexibility over how and when the user login occurs.

And, of course, you can log the user out with the corresponding logout method. We should mention that in addition to the declarative security offered by the web. The name of the authenticated user is available through the method HttpServletRequest get RemoteUser , and the type of authentication provided can be determined with the getAuthType method. You can use variables to map a configuration to its target environment.

When the context listener finds a match it reads the corresponding properties file and applies the properties. Use lowercase. This variable is resolved to a fully qualified server name obtained using InetAddress. Optionally, you can set the magnolia. Now server. You can also use servlet context attributes and parameters to indicate the location of configuration files. These variables will be replaced with the corresponding attributes or parameters taken from servlet context.

This is useful for application servers such as IBM WebSphere that have multiple instances running on the same server. Typical usage in this case:. Use context attributes and parameters provided by your servlet container or define your own.

For example, define a custom context parameter:. See your servlet container documentation regarding where to define context parameters and attributes. For example Tomcat Context container reference. The short variable names are used only in web. This variable corresponds to the name of the folder into which Magnolia is deployed, typically magnoliaAuthor on Tomcat. Please see the instructions page for reasons why this item might not work within Call of Duty: World at War.

Current visibility: Hidden. This item will only be visible to you, admins, and anyone marked as a creator. Current visibility: Friends-only. This item will only be visible in searches to you, your friends, and admins. This item has been added to your Favorites. Created by.