war-less jar-based deployment

Question

this time i have a kind of theoretical question. one of sw developers working for a pretty big company told me today, that they don't use war files for their application deployments. their sw architects believe, that war files are evil, since deployment of un-wared classes is not secure enough in terms of a damage that can be caused by their operations group employees, playing with servers. as far as i understood, their solution is to pack the application into jar and add it to the empty webapp style tree's WEB-INF/lib folder. they are also used to edit server.xml to add the app's context /docbase there to enable it on the path they use. i was really puzzled by this explanation, i never seen anything like this before. personally i believe that the whole "operations folks problem" sounds like a paranoia, but still, it's hard for me to decide what are the pros and cons of such solution. what do you think? bizarre or brilliant?

thanks.

Answer 1

Actually, it sounds as an alternative to having expanded WAR and thus many files to maintain - which might be a downside in an environment that is out of your direct control and maybe shared with other applications. In such case, you might want your application have a small file system footprint and a single JAR (plus maybe few configuration entries in the appserver) might work much better.

Expanded WARs are just more susceptible to various file system actions that "operations folks" might do to your files by accident. Think, for example, of a unix one-liner, combination of find and rm, that recursively searches for files with a certain name and removes them, but is inadvertently ran on a wrong directory. Boom - some of your class files are suddenly lost and you've got a mystery to solve in production environment. Especially in a shared environment, things like that might just happen.

So I have a understanding for such designs - it could be just the best to do in their's case. Maybe not brilliant but definitely not bizarre.