My own personal environment config file in addition to web.xml. Possible?

Question

Simple question really. Can a webapp access a config file I define and put at the Tomcat->Conf sort of level, or am I restricted to web.xml environment variables alone?

I suspect the answer is no as it would probably be rather dangerous for a webapp to access anything outside the webapp directory.

I don't want to use web.xml as I don't want any possibility of this config getting into a production environment. It should reside purely in my dev tomcat instance. (It's just a flag to allow me to bypass certain functionality which, in dev, is extremely slow and not critical to include)

This is a java/jsp webapp btw.

Answer 1

You can use an initialization parameter in your web.xml to specify the location of another file to be used by your web application for part of its initialization and load that file and use it for part of your config from within a servlet code's init() method. This method could be coded to deal with the non-existence of the file by skipping the additional initialization, and the file can be located outside your application.

This is a common tactic for configuring third-party stuff like Spring or Hibernate, and defining alternative databases per environment.

Answer 2

Servlets can open files outside the webapp directory (they are still subject to filesystem permissions, though).

For your problem, you can use context initialization parameters. You can read about them here: http://tomcat.apache.org/tomcat-5.5-doc/config/context.html . You can access them using getServletContext().getInitParameter() in your servlet class.

Other option would be to set up an enviroment variable on your dev machine and access its value using System.getenv().

Answer 3

Can a webapp access a config file I define and put at the Tomcat->Conf sort of level, or am I restricted to web.xml environment variables alone?

You can put config files everywhere you want. You just need to know its exact location, then you can use one of zillion ways in Java to read resources. Canonical approach is to put it in the classpath or to add its path to the classpath, so that you can just read it from the classpath by the class loader. For more detail, see also this answer.

---

I suspect the answer is no as it would probably be rather dangerous for a webapp to access anything outside the webapp directory.

It's only dangerous if the client can control/change this behaviour by manipulating HTTP requests accordingly. With properly designed servlets, this shouldn't be possible.

---

I don't want to use web.xml as I don't want any possibility of this config getting into a production environment.

I'm not sure if I understand your concern. By default, clients won't be able to see web.xml file (actually, the whole /WEB-INF and /META-INF folders are restricted from direct access by clients). Only when you've a badly configured/written default servlet, then chances are there that clients will be able to download and see web.xml file.

---

It should reside purely in my dev tomcat instance. (It's just a flag to allow me to bypass certain functionality which, in dev, is extremely slow and not critical to include)

I think it's a bad idea to download config files from a remote location. This way everyone else can see your config files. You'd need to serve it over HTTPS and put login based access restriction on it. This all is plain clumsy.