Java Conditional configuration (web.xml) - Development/Production

Question

I have the following configuration in my web.xmlfile in a Spring application:

<session-config>
   <cookie-config>
      <name>mycookie</name>
      <http-only>true</http-only>
      <secure>true</secure>
    </cookie-config>       
</session-config>

The problem is: the <secure>true</secure> enforces the cookie to be sent over HTTPS only, and in my development machine I don't have HTTPS set up. However, this configuration is indispensable in the production environment.

Is there a way to make this configuration to be environment-sensitive - i.e. false for development and true for official/production builds?

Answer 1

If you are using Maven (which I would strongly suggest) then you can use profiles together with maven-war-plugin. You can specify different web.xml in each of these profiles (so you can have one for prod environment and other for dev). Here is an example for you

<properties>
    <webXmlPath>path/to/your/dev/xml</webXmlPath>
</properties>
<profiles>
    <profile>
        <id>prod</id>
        <properties>
            <webXmlPath>path/to/prod/webXml</webXmlPath>
        </properties>
    </profile>
</profiles>
<build>
    <plugins>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-war-plugin</artifactId>
            <version>${war-plugin.version}</version>
            <configuration>
                <webXml>${webXmlPath}</webXml>
            </configuration>
        </plugin>
    </plugins>
</build>

Now each build will have by default web.xml with dev settings. When you want to change it to production build, just execute

mvn clean install -Pprod

Answer 2

The solution was very simple using a propety:

<secure>${session.cookie.secure}</secure>

In my development .properties file I added:

session.cookie.secure=false

And in test/production I can set it to true