I have the following configuration in my web.xmlfile in a Spring application:
<session-config>
<cookie-config>
<name>mycookie</name>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
</session-config>
The problem is: the <secure>true</secure> enforces the cookie to be sent over HTTPS only, and in my development machine I don't have HTTPS set up. However, this configuration is indispensable in the production environment.
Is there a way to make this configuration to be environment-sensitive - i.e. false for development and true for official/production builds?
If you are using Maven (which I would strongly suggest) then you can use profiles together with maven-war-plugin. You can specify different web.xml in each of these profiles (so you can have one for prod environment and other for dev). Here is an example for you
<properties>
<webXmlPath>path/to/your/dev/xml</webXmlPath>
</properties>
<profiles>
<profile>
<id>prod</id>
<properties>
<webXmlPath>path/to/prod/webXml</webXmlPath>
</properties>
</profile>
</profiles>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>${war-plugin.version}</version>
<configuration>
<webXml>${webXmlPath}</webXml>
</configuration>
</plugin>
</plugins>
</build>
Now each build will have by default web.xml with dev settings. When you want to change it to production build, just execute
mvn clean install -Pprod