Apache Tomcat XML code review rules
When using Apache Tomcat, Java EE deployment descriptor configuration is not required within the application and is often provided within the Context definition. The Context can be configured within the application, in the server.xml file, or within the server configuration directory. When the configuration is provided within the application in the META-INF/context.xml file, it is migrated to the corresponding web.xml file or WebSphere bindings and extensions files. If the Context configuration is not contained within an application, the information must be migrated manually.
| Rule Name | Rule Description | Automated Fix |
|---|---|---|
| Avoid using a / in a web module welcome file name | This rule flags any web module <welcome-file> that starts with a slash character (/) or a backslash character (\) in the web.xml file. | No |
| Avoid using the invalid initial context java:/comp |
This rule detects an invalid initial context string that starts with
java:/comp
instead of
java:comp
within XML files.
|
No |
| Do not use context valve component | This rule flags all Context <Valve> elements in the META-INF/context.xml file. Use Java servlet filters instead. | No |
| Set the sharing scope on resource references | This rule flags any resource references that do not have the resource sharing scope set. The resource sharing scope defaults to Shareable on Tomcat. Set the sharing scope the same on WebSphere. | No |
| Use Java EE deployment descriptors and WebSphere bindings to define resource link references | This rule migrates the ResourceLink Context element from the META-INF/context.xml file to the web.xml file and WebSphere bindings. | No |
| Use Java EE deployment descriptors and WebSphere bindings to define resource references | This rule migrates the Resource Context element from the META-INF/Context.xml file to the web.xml file and WebSphere bindings. | No |
| Use Java EE deployment descriptors to define context lifecycle listeners | This rule migrates the Context Lifecycle Listener information from the META-INF/Context.xml file to the web.xml file. | No |
| Use Java EE deployment descriptors to define context parameters | This rule migrates the Context parameter information from the META-INF/Context.xml file to the web.xml file. | No |
| Use Java EE deployment descriptors to define environment references | This rule migrates Context Environment information from the META-INF/context.xml file to the web.xml file. | No |
| Use Java EE deployment descriptors to define missing security roles | This rule flags <auth-constraint> elements in web.xml that are missing associated security-role elements. | No |