> >> Hello. I am seeking some advice for the best ways to deploy Java web
> >> applications to different Tomcat environments.
> >>
> >> In particular, my application requires that a JNDI resource be
defined
> >> for a database, where the database server address and credentials
will
> >> vary depending on the environment the application is deployed to.
> >>
> >> * Tomcat: 8.0.36
> >> * OS: varies depending on the environment deployed to
> >>
> >> If I include in the WAR file, a META-INF/context.xml that includes
the
> >> Resource element, Tomcat will use that to create the file:
> >> $CATALINA_HOME/conf/engine/host/my-application.xml
> >>
> >> The context file my-application.xml can then be modified so that the
> >> Resource settings are appropriate for the environment.
> >>
> >> However, if, for any reason, the application is undeployed and then
> >> re-deployed, my-application.xml will be recreated with the settings
as
> >> they originally appeared in the WAR file.
> >>
> >> The options that seem evident to me are:
> >>
> >> 1) Create a different WAR file for each environment. This strikes me
as
> >> a bit onerous.
> >>
> >> 2) Use environment variables in my-application.xml such as:
> >> url="${databaseurl}" and then define those environment variables
using
> >> the Environment element in the GlobalNamingResources of Tomcat's
> > server.xml.
> >> Regarding #2, would it be possible to instead use a properties file
to
> >> define the variables? I assume adding entries to catalina.properties
> >> would work, but is it possible to define a properties file separate
from
> >> catalina.properties which deals more with system properties rather
than
> >> application properties?
> >>
> > We set such system properties in setenv.sh, e.g.:
> >
> > JAVA_OPTS="$JAVA_OPTS -Ddatabase.password=$DATABASE_PASSWORD"
> >
> >
> > The environment variable $DATABASE_PASSWORD is used because we wrap
our
> > applications along with tomcat and jvm in docker images. Operations
> > specify environment specific parameters (as database passwords) when
they
> > launch the docker container with -e switch, e.g.:
> >
> > docker run -d -e DATABASE_PASSWORD=secret .....
> >
> >
> > Due to docker we don't need context.xml files inside WARs. Instead we
have
> > application specific tomcat config files in our source trees. Our
build
> > process includes them in the docker image as top level tomcat config.
As
> > we build application specific images there is just one app per image
and
> > thus per tomcat instance.
> >
> >
> > Of course that is linux only.
>
> I don't believe docker is an option for me. At least, not at this
> time. I do like the idea of setting environment-specific variables as
> system properties in the setenv.sh. However, setting passwords there
> gives me pause for security reasons since it would be visible to
> anything running within the Tomcat environment, should there be some way
> to exploit a vulnerability and access Tomcat's system properties or
> environment variables remotely.
>
> Thank you for sharing,
> Philip
>
Well, having passwords in config files does not add much security ;)
Regards,
Christoph
This Email was scanned by Sophos Anti Virus
