Skip to main content

Tomcat and the web.xml's webapprootkey

I n my company, I have to deal with many Spring based applications deployed on a Tomcat cluster. For each one, we set a property 'webapprootkey' in the web.xml file to avoid errors on startup. Today, I decided to dig about that (... erratum... I decided to tell Google to dig about that). Thus, I found this excellent post.

Hi all,

when deploying two applications build from the riot skeleton within the same Tomcat servlet container, you get an IllegalStateException: Web app root system property already set to different value: 'webapp.root' = [/Users/joe/Workspace/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/webapps/webapp-A/] instead of [/Users/joe/Workspace/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/webapps/webapp-B/] - Choose unique values for the 'webAppRootKey' context-param in your web.xml files!

I will try to explain where this comes from and how to circumvent it, but first the quick fix for the impatient reader: Place a context parameter named 'webAppRootKey' in every project's web.xml and assign a value to it, that is unique for every of your projects like the project name itself.

The webAppRootKey context parameter is introduced by Spring. Along with the WebAppRootListener it allows exposing the web applications root directory as a system property. The value of the context parameter 'webAppRootKey' names the system property to use. If the context parameter 'webAppRootKey' is not set in the application's web.xml, Spring chooses the default value 'app.root'. While some servlet containers like Resin do isolate each web application's system properties, others like Tomcat do not. And that's what the former mentioned IllegalStateException is telling us: The system property 'app.root' already contains the root directory of the first web application when Spring tries to assign the root directoty of the second application to it.

Ok, that's the background information. A deeper look into the web.xml tells us, that there ist no WebAppRootListener configured. Why does this initialisation take place anyway? The stack trace from the exception reveals the culprit: The Log4jConfigListener also tries to set the webAppRootKey, because this is an interesting mechanism for the Spring/Log4j integration. It allows log and config file locations relative to the web applications root directory. The Log4jConfigListener supports three init parameters at the servlet context level: 'log4jConifgLocation', 'log4jRefreshInterval' and 'log4jExposeWebAppRoot'. See JavaDocs for more informations.

But, none of these parameters are set in the riot project skeleton's web.xml and none of the Log4jWebConfigureres features are used by the riot project skeleton. As long as you do stay with default log4j setup, the Log4jConfigListener is superflous.

At the end there are three possible solutions for the initial problem:

(1) Provide any of your applications with a unique 'webAppRootKey'.
(2) Set the servlet context parameter 'log4jExposeWebAppRoot' to 'false'. This eliminates the use of log file locations relative to the web application's root directory but still allows a log4j config location outside the classpath.
(3) Remove the 'Log4jConfigListener' from your application's web.xml.

What do you think is the best solution and should be incorporated into the riot skeleton project?


Alf Werder

Technische Leitung
Head of Engineering


Rahul said…
Thanks for the great information in your blog Selenium Training in Chennai

Popular posts from this blog

DCcduino usb drivers (CH340 / CH341 chipset)

I've just received my first arduino platform. It's a DCcduino board (a clone of Arduino Uno). As I had some difficulties to have it recognised by my MacBook, I decided to share its drivers. This card has a CH340 USB-to-serial chip. You can find drivers for this chip on the web site of the chinese manufacturer, here :

Or download it directly from my Google Drive. The archive contains drivers for Mac, Linux and Windows platforms.

I hope this will help somebody.

UPDATE for Mac users with Yosemite :

Please, follow this extra instructions :
Install the CH340 driverRun the command in Terminal: sudo nvram boot-args="kext-dev-mode=1"Reboot

The great alternative to JRebel

I'm an old user and addict of JRebel. I started to use it on open source projects and in professional contexts. From the beginning, I've been convinced that the licensing mode was wrong because of its lifetime. Asking for license renewal each year is boring. So, I decided to look for FREE alternative solutions and finally I recently found one.

This solution is efficient for maven projects developed with Eclipse. It is base on :

Hotswap Agent project : Source Lookup plugin for Eclipse :
I tested it with Java 7 & Java 8. I work on web applications that run on Tomcat. I developed wih Spring (IoC), sometimes Hibernate and Vaadin

Hotswap Agent installation consists on the deployment of a patch for your JVM. You just have to download the corresponding patch here : Then, download the hotswap-agent.jar from here :…

How to secure REST services exposed with Jersey (JAX-RS) using Spring Security

This is the challenge I had to perform. I have to open services to business partners and I want to secure them. I use a Java based application with Jersey API (JAX-RS).

The first thing to consider is : what kind of solution offers the best compromise between security and the effort I'll have to provide to maintain this solution?
After some discussions with developers and experts, the conclusion is : expose your services over https and use Basic authentication (Digest authentication and certificate based authentication are too complex for partners)

So, how to implement that? I delegate "https" to my Apache http servers. But I still need to handle authentication (and authorization of course). After long hours on Google, I understood that it is possible to manage security with Jersey by many many ways. Here is a short list :

Delegate simple authentication and authorization to your container (Tomcat) or to your frontend (Apache)Delegate authentication to your container or fro…