Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-java
Navigation:
Lists: gentoo-java: < Prev By Thread Next > < Prev By Date Next >
Headers:
From: Joshua Nichols <nichoj@g.o>
Subject: Re: Fwd: webapp-config & Java
Date: Sat, 28 Jan 2006 20:45:25 -0500
Jose Gonzalez Gomez wrote:
> ---------- Forwarded message ----------
> From: *Jose Gonzalez Gomez* <jgonzalez.openinput@... 
> <mailto:jgonzalez.openinput@...>>
> Date: 27-ene-2006 12:54
> Subject: Re: [gentoo-java] webapp-config & Java
> To: Andrew Cowie <andrew@... 
> <mailto:andrew@...>>
>
> 2006/1/27, Andrew Cowie < andrew@... 
> <mailto:andrew@...>>:
>
>     On Thu, 2006-26-01 at 16:56 -0500, Joshua Nichols wrote:
>
>     > Following the spirit of not using bundled jars for building, this
>     leads
>     > me to think that it would be better to explode the wars, and
>     replace the
>     > jars contained within with symlinks to the jars on the system.
>
>     Note that some app-servers can't/won't deal with an exploded war/ear.
>
>
> I think this issue has more to do with solving the issues with java 
> builds based in ant or maven than finding bundled jars... currently 
> almost every Java package out there is built using either ant or maven 
> (please, some Java Gentoo developer correct me if I'm wrong). In the 
> case of maven, jar dependencies are not bundled with source files, 
> they are specified as dependencies in the project descriptors. In the 
> case of web applications, those dependencies are downloaded from 
> binary repositories, and bundled in the WEB-INF/lib directory of the 
> war file at build time. The obvious solution (don't know if easy to 
> implement, I remember some discussion here regarding this) is to 
> intercept in some way the maven dependency resolution mechanism and 
> instead of downloading binary jars, take jars from the java packages 
> already installed by Gentoo.
You are right that most things build using maven and/or ant. We don't 
currently build packages using maven due to the downloading-random-jars 
bit. But the solution to that isn't really relevant to this particular 
discussion, although feel free to revive the previous thread on that matter.
> In case you still want to go the explode/replace way, as Andrew tells, 
> you won't be able to use symlinks, as some app-servers can't deal with 
> exploded archives. You should replace those jars with jars present on 
> the system, and then repackage and deploy the archive. I see this more 
> unnatural than the previous solution, although maybe easier to do.
Perhaps we should first figure out which, if any, web containers / app 
servers don't support explodedness, before discounting this method.

There is a very good reason for going the 
exploded-war-with-symlinked-jars path: you'd always be using the most up 
to date versions of the jars that have been installed on your system. 
Case in point, I recall a security vulnerability recently with struts. 
Now, if you were deploying an unexploded webapp with a vulnerable 
version of struts, then you'd still have the vulnerability in your 
webapp even after updating to a non-vulnerable version of struts. This 
wouldn't happen if we went the exploded-war-with-symlinked-jars, and at 
most you may have to restart the webapp and / or web container.

- Josh
-- 
gentoo-java@g.o mailing list


Replies:
Re: Fwd: webapp-config & Java
-- Greg Tassone
References:
webapp-config & Java
-- Renat Lumpau
Re: webapp-config & Java
-- Jose Gonzalez Gomez
Re: webapp-config & Java
-- Renat Lumpau
Re: webapp-config & Java
-- Joshua Nichols
Re: webapp-config & Java
-- Andrew Cowie
Fwd: webapp-config & Java
-- Jose Gonzalez Gomez
Navigation:
Lists: gentoo-java: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Fwd: webapp-config & Java
Next by thread:
Re: Fwd: webapp-config & Java
Previous by date:
Re: Fwd: webapp-config & Java
Next by date:
Wanted: Substantial Java Webapps


Updated Jun 17, 2009

Summary: Archive of the gentoo-java mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.