• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
  • Tim Cooke
  • Knute Snortum
  • Bear Bibeault
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Ganesh Patekar
  • Frits Walraven
  • Carey Brown
  • Tim Holloway

war-less jar-based deployment

Ranch Hand
Posts: 260
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
this time i have a kind of theoretical question. one of sw developers working for a pretty big company told me today, that they don't use war files for their application deployments. their sw architects believe, that war files are evil, since deployment of un-wared classes is not secure enough in terms of a damage that can be caused by their operations group employees, playing with servers. as far as i understood, their solution is to pack the application into jar and add it to the empty webapp style tree's WEB-INF/lib folder. they are also used to edit server.xml to add the app's context pass there to enable it on the path they use. i was really puzzled by this explanation, i never seen anything like this before. personally i believe that the whole "operations folks problem" sounds like a paranoia, but still, it's hard for me to decide what are the pros and cons of such solution. what do you think? bizarre or brilliant?

Posts: 20841
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Bizarre or brilliant?

Appalling! Hope you're prepared to bail when these geniuses screw up royally and take something critical down. They evidently don't have a clue.

ALL webapps are WARs, per the J2EE standard. A WAR is nothing but a JAR with a specific structure. Some appservers also support "exploded" WARs, which are nothing more than WARs that have been UnZipped (since a WAR is a JAR and a JAR is a ZIP file with a META-INF in it).

There is no such thing as a "WEB-INF/lib" directory in ANY J2EE application server. WEB-INF and its lib and classes subdirectories are part of the structure that makes a JAR a WAR. Without WEB-INF, it's a JAR, not a WAR, and the server is at liberty to ignore the JAR, or even crash and burn (hopefully not, since that's not very robust handling).

So what this bunch of brilliant folks are really doing is slapping a bunch of files into an existing exploded WAR structure, and in my book, that's less secure than deploying an integral WAR unit, not more.

Qualification: I said "All webapps are WARs, but actually, full-stack J2EE also supports collections of WARs (and other webapp resources) bundled in an EAR. Some servers, such as WebSphere will deploy simple WARs by synthesizing the parts of an EAR that would have otherwise been present so that all of its deployed apps are actually EARs.
Don't get me started about those stupid light bulbs.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!