0

I am currently compiling a list of third-party libraries used in a web application. The application is deployed in tomcat. I am wondering which of the third-party jars actually must or should be included in the distribution. In particular, I am currently wondering how to best use javax-libraries. For instance, I would assume the javax.annotation-3.1.1.jar can be used in some standardized way, e.g., downloading it as an extension, without me including it into the distribution of my own piece of software. However, I have it included as a transitive dependency from jaxws-api which I need for web services and therefore it is included in the application's lib directory. I understand I could use the Extension-List manifest entry to cause the target machine to download and install such jars. However, then they are visible for other applications on the same machine as well which may require other versions of the same libraries.

So, I have some questions about 3rd party libs and I would be very glad if someone could give me some hints:

What is the best practice to use third-party libraries?

Is there some best practice for the javax-libraries?

Can and should I avoid redistribution without imposing a large burden on the person installing the application?

JasonMArcher
  • 14,195
  • 22
  • 56
  • 52
avidD
  • 441
  • 1
  • 6
  • 16

1 Answers1

0

I have to admit, I haven't understood the notion of "redistribution" here, maybe you're using some concrete application server terminology, so I'll try to provide a common answer here, assuming you have a war.

WAR (stands for Web Archive) should include all third-parties used by the application. These reside in WEB-INF/lib folder.

Now, each Java EE server should "understand" javax libraries, because it contains the relevant interfaces. "javax" libraries usually provide interfaces and the implementation/code that works with these interfaces are provided by the application server developers.

For example for servlets technology, Tomcat (or name any web server) will contain HttpServlet abstract class inside its internal libs, it will scan your war and find where do you implement/extend it, this is how it recognizes your servlets actually.

Now, you shouldn't include servlet-api jar into your war, because its already exists in the application server.

If you're using build tools like maven, they allow to build your war so that some thirdparties will be used for compilation but won't be packed up into war.

I didn't understand why is it so difficult to install the application - in the easiest case - you throw the war into the web server and that's it.

Hope this helps

Arjan Tijms
  • 37,782
  • 12
  • 108
  • 140
Mark Bramnik
  • 39,963
  • 4
  • 57
  • 97
  • I am indeed using Maven and including the servlet-api with scope "provided". Also, I can find annotations-api.jar in Tomcat's lib folder along with a few other jars. However, this does by far not include all the javax libraries. For instance, the jaxws-api is not included in that folder. Installation, btw, is no problem. I am just considering which jars I must package and which ones I can assume to be present for licensing reasons. – avidD Oct 07 '13 at 10:05