Erel
On 5/5/2011 10:03 AM, Erel Segal wrote:
I have a GWT web application that I run on multiple Tomcat servers. It
happens to need some configuration, such as database username and
password, initialization data, etc. I would like to put all this info
in a configuration file, but, I where should I put the file so that my
application will find it?
Your question is really a tomcat question rather than a GWT question, in that the information you
are providing is for the server, and
not directly for the GWT application.
My personal practice is to do the following:
1. If the information is the same in all instances, place it in a Java properties file in the
classpath - typically a "myapp.properties" file.
Then use the ClassLoader.getResource() or ClassLoader.getResourceAsInputStream() to read it. If you
are using Spring, you can actually inject
such a resource file into the appropriate service bean.
2. If the information is different in different environments, place the properties file in a "known
place" for example, ${user.home}/.myapp/myapp.properties. See my comment below about starting as
root!!!!
3. If you *really* need the option to specify the location, do it as -DpropertyfileName=<path to
your property> on the command line, and indirect all the references to the property file in the
methods above.
* I tried to use an environment variable to tell me where the file is
located, but, I found out that the environment on Linux depends on who
starts the Tomcat server - if it is started at initialization, it's
the environment of the "root" user, but if I restart it manually, it
uses my personal environment (Windows doesn't have this problem).
Apologies for "shouting", but!
NEVER EVER RUN TOMCAT AS ROOT ON A PUBLICLY ACCESSIBLE SERVER!
This is a *huge* security hole. Either:
1. bind the server to a port above 1000 and start and run as a regular or
restricted user.
2. Use jsvc to start the server as root and switch to a restricted user after startup. Search google
for jsvc (its in the tomcat distro.)
IMHO this is best way to start and stop tomcat - you can have an init script and do "service tomcat
start" and "service tomcat stop" in linux
3. Use some kind of port mapping (eg Apache + a connector or iptables) to map from port 80 if you
really don't want to use jsvc and you must have http:80.
By restricted user I mean that I create a tomcat user who does not have a login and isn't called
'tomcat'!. Then I start the server as this user. If I need to start the server manually, then I SSH
as a regular use (with a port diffferent from 22) and su - and then su - tomcatuser to start the
server. To do this, you should make all read-only tomcat and application files owned by root, and
only those files (mainly logs and scratch areas) which *must* be written owned by tomcatuser (or
whatever you call them). If you need access from your command line, then create a common group and
set the appropriate s bits for shared access. Google for "linux permissions".
HTH
Regards
Alan
I am sure I am not the first one that needs to configure a GWT
application. How do the experts do this?
--
Alan Chaney
CTO and Founder, Mechnicality, Inc.
www.mechnicality.com
--
You received this message because you are subscribed to the Google Groups "Google
Web Toolkit" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
