The web.xml Deployment Descriptor Elements in Oracle’s BEA WebLogic Server 8.1 Documentation pretty much sums up each element in a web.xml file. But I am also curious about points below:
- Is there any configuration parameter which should be avoided like plague?
- Any parameters related to performance or memory usage?
- Security related risk due to common mis-configuration?
What else should I know about web.xml apart from element names and their usage?
The
/WEB-INF/web.xmlfile is the Web Application Deployment Descriptor of your application. This file is an XML document that defines everything about your application that a server needs to know (except the context path, which is assigned by the Application Deployer and Administrator when the application is deployed): servlets and other components like filters or listeners, initialization parameters, container-managed security constraints, resources, welcome pages, etc.Note that reference you mentioned is pretty old (Java EE 1.4), there have been few changes in Java EE 5 and even more in Java EE 6 (which makes the
web.xml“optional” and introduces Web Fragments).No.
No, such things are not configured at the application level but at the container level.
Well, if you want to use container-managed security constraints and fail at configuring them properly, resources won’t obviously be properly protected. Apart from that, the biggest security risks come from the code you’ll deploy IMO.