I am incorporating a third party API and in my WAR file I have a properties resource file which contains authentication and server access information. However having a resource file within a WAR is getting inconvenient because anytime server or authentication information changes, the prop file needs to be updated and the WAR needs to be redeployed.
Well I have figured out an easier way to access the prop file by invoking it from a url using the code below:
However I do not like the idea of hard coding the url with my source code. I would like to make it more dynamic such that it can be accessed either from an environment variable or from the application server setting or some war file xml document. And this is where I need some advice and guidance. I am currently testing in Tomcat, but will be deploying eventually in Web sphere. So I would appreciate a answer which will be compatible with both app servers.
An env=entry tag in the web.xml file would be a possibility.
But it's a dangerous thing to make this kind of file available over HTTP - anyone can access it. Or were you thinking about using authentication for it, too? Even then I would probably shy away from a scheme like this.
posted 12 years ago
Thanks so much for your prompt reply, you do bring a good point forward security. Well this application is going to be limited to intranet only.