where is the XSD and semantics of the web.xml defined?

Question

I am trying to find where the XSD and the semantics for the deployment descriptor web.xm file is defined in the Servlet 3.0 specification.

Alternatively, where is an authoritative description of the various supported elements and attributes that can appear inside web.xml and what the default behavior of the container is, in case some elements / attributes are absent.

This started by me wondering what is the default value for the http-only and secure elements inside session-config, e.g. as in:

 <session-config>
     <session-timeout>60</session-timeout>
     <cookie-config>
         <http-only>true</http-only>
         <secure>false</secure>
     </cookie-config>
 </session-config>

I am reasonably certain the default values are false for both but I wanted to see where this is authoritatively specified.

Looking at the Java Servlet 3.0 spec there is no XSD. There is a sample XML file (on pg. 169) which has a schemaLocation attribute with value:

http://java.sun.com/xml/ns/j2ee/web-app_2_5.xsd

… which is broken. Googling for web-app_2_5.xsd an XSD file is found but it doesn't contain the definition of <session-config> element (I couldn't locate it even when googling for the other XSDs that that file imports).

The specification does contain graphical depictions of some elements (in the horrible late 90's style when such "visualizations" were in vogue) but this is all it contains for the session-config element:

There's no futher discussion for the cookie-config element.

I find it hard to believe that a specification does not contain the full XSD (or at least a link to it) and a detailed description of the semantics of all elements and attributes.

Am I missing something?

Refer these two links for XSD's. http://xmlns.jcp.org/xml/ns/javaee/web-common_3_0.xsd http://xmlns.jcp.org/xml/ns/javaee/web-app_3_0.xsd — Ramesh PVK, Mar 31 '17 at 23:42

score 0 · Answer 1 · answered Jun 04 '20 at 12:51

A list of schemas can be found at

http://www.oracle.com/webfolder/technetwork/jsc/xml/ns/javaee/index.html

(at the very beginning it is stated "Latest Version: http://xmlns.jcp.org/xml/ns/javaee/", which in turn redirects to the link I've posted first; I think the latter URL should be used as a permalink)

Then you'll find the schemas grouped by Java EE version. I think servlet 3.0 is JEE 6, so:

http://www.oracle.com/webfolder/technetwork/jsc/xml/ns/javaee/index.html#6

There you'll get the schemas:

http://www.oracle.com/webfolder/technetwork/jsc/xml/ns/javaee/web-app_3_0.xsd

http://www.oracle.com/webfolder/technetwork/jsc/xml/ns/javaee/web-common_3_0.xsd

http://www.oracle.com/webfolder/technetwork/jsc/xml/ns/javaee/web-fragment_3_0.xsd

score 0 · Answer 2 · answered Nov 03 '21 at 04:49

Had problems with the schemas from oracle. The URLs were just not working, kept throwing an error.

so I switched to the jboss schema (at https://www.jboss.org/j2ee/schema/)

I replaced

xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd

with

xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee https://www.jboss.org/j2ee/schema/web-app_2_4.xsd"

Also make sure the version attribute on the web-app tag is set correctly (e.g. version="2.4" in this case)

where is the XSD and semantics of the web.xml defined?

2 Answers2